1YPSERV(8)                    NIS Reference Manual                    YPSERV(8)
2
3
4

NAME

6       ypserv - NIS Server
7

SYNOPSIS

9       /usr/sbin/ypserv [-d [path]] [-p port]
10

DESCRIPTION

12       The Network Information Service (NIS) provides a simple network lookup
13       service consisting of databases and processes. The databases are gdbm
14       files in a directory tree rooted at /var/yp.
15
16       The ypserv daemon is typically activated at system startup.  ypserv
17       runs only on NIS server machines with a complete NIS database. On other
18       machines using the NIS services, you have to run ypbind as client or
19       under Linux you could use the libc with NYS support.  ypbind must run
20       on every machine which has NIS client processes; ypserv may or may not
21       be running on the same node, but must be running somewhere on the
22       network. On startup ypserv parses the file /etc/ypserv.conf.  It is
23       also possible to pass OPTIONS to ypserv using the environment variable
24       YPSERV_ARGS and this variable can be set in /etc/sysconfig/network.
25

OPTIONS

27       -d, --debug [path]
28           Causes the server to run in debugging mode. Normally, ypserv
29           reports only errors (access violations, dbm failures) using the
30           syslog(3) facility. In debug mode, the server does not background
31           itself and prints extra status messages to stderr for each request
32           that it revceives.  path is an optionally parameter.  ypserv is
33           using this directory instead of /var/yp
34
35       -p, --port port
36           ypserv will bind itself to this port. This makes it possible to
37           have a router filter packets to the NIS ports, so that access to
38           the NIS server from hosts on the Internet can be restricted.
39
40       -v, --version
41           Prints the version number
42

SECURITY

44       In general, any remote user can issue an RPC to ypserv and retrieve the
45       contents of your NIS maps, if he knows your domain name. To prevent
46       such unauthorized transactions, ypserv supports a feature called
47       securenets which can be used to restrict access to a given set of
48       hosts. At startup ypserv will attempt to load the securenets
49       information from a file called /var/yp/securenets .  This file contains
50       entries that consist of a netmask and a network pair separated by white
51       spaces or network/number of bits of netmask entries. One per line.
52       Lines starting with “#” are considered to be comments.
53
54       A sample securenets file might look like this:
55
56               # allow connections from local host -- necessary
57               host 127.0.0.1
58               host ::1
59               # same as 255.255.255.255 127.0.0.1
60               #
61               # allow connections from any host
62               # on the 131.234.223.0 network
63               255.255.255.0   131.234.223.0
64               # allow connections from any host
65               # between 131.234.214.0 and 131.234.215.255
66               255.255.254.0   131.234.214.0
67               # allow some IPv6 connections
68               FE80::0202:B3FF::/96
69               # allow IPv6 connections from all machines
70               ::/0
71
72
73       If ypserv receives a request from an address that fails to match a
74       rule, the request will be ignored and a warning message will be logged.
75       If the /var/yp/securenets file does not exist, ypserv will allow
76       connections from any host.
77
78       In the /etc/ypserv.conf you could specify some access rules for special
79       maps and hosts. But it is not very secure, it makes the life only a
80       little bit harder for a potential hacker. If a mapname doesn't match a
81       rule, ypserv will look for the YP_SECURE key in the map. If it exists,
82       ypserv will only allow requests on a reserved port.
83
84       For security reasons, ypserv will only accept ypproc_xfr requests for
85       updating maps from the same master server as the old one. This means,
86       you have to reinstall the slave servers if you change the master server
87       for a map.
88

FILES

90       /etc/ypserv.conf
91           configuration file.
92
93       /var/yp/securenets
94           which hosts are allowed to contact ypserv.
95
96       /etc/sysconfig/network
97           setting additional arguments to ypserv.
98

SEE ALSO

100       domainname(1), ypcat(1), ypmatch(1), ypserv.conf(5), netgroup(5),
101       makedbm(8), revnetgroup(8), ypinit(8), yppoll(8), yppush(8), ypset(8),
102       ypwhich(8), ypxfr(8), rpc.ypxfrd(8)
103
104       The Network Information Service (NIS) was formerly known as Sun Yellow
105       Pages (YP). The functionality of the two remains the same; only the
106       name has changed. The name Yellow Pages is a registered trademark in
107       the United Kingdom of British Telecommunications plc, and may not be
108       used without permission.
109

AUTHOR

111       ypserv was written by Peter Eriksson <pen@lysator.liu.se>. Thorsten
112       Kukuk <kukuk@linux-nis.org> added support for master/slave server and
113       is the new Maintainer.
114
115
116
117NIS Reference Manual              07/23/2021                         YPSERV(8)
Impressum