Preparing the Master Server
Setting up the master server involves converting the source (input) text files on the master into NIS master server maps. Before doing this, however, you need to take several precautions.
Source Files Directory
The source files may be located either in the /etc directory on the master server or in some other directory. Having them in /etc might be undesirable because the contents of the maps are then the same as the contents of the local files on the master server. This is a special problem for passwd and shadow files, because all users would have access to the master server maps and the root password would be passed to all YP clients through the passwd map. (See "Passwd Files and Namespace Security" for additional information on this subject).
However, if you choose to locate the source files in some other directory, you must modify the Makefile in /var/yp by changing the DIR=/etc line to DIR=/your-choice, where your-choice is the name of the directory you will be using to store the source files. This allows you to treat the local files on the server as if they were those of a client. (It is good practice to first save a copy of the original makefile.)
Passwd Files and Namespace Security
The passwd map is a special case. In addition to the old Solaris 1.x passwd file format, this implementation of NIS accepts the Solaris 7 release /etc/passwd and /etc/shadow file format as input for building the NIS password maps.
For security reasons, the files used to build the NIS password maps should not contain an entry for root, to prevent unauthorized root access. Therefore, the password maps should not be built from the files located in the master server's /etc directory. The password files used to build the password maps should have the root entry removed from them and be located in a directory that can be protected from unauthorized access.
For example, the master server password input files should be stored in a directory such as /var/yp, or any directory of your choice, as long as the file itself is not a link to another file and its location is specified in the Makefile. The /usr/lib/netsvc/yp/ypstart script automatically sets the correct directory option according to the configuration specified in your Makefile.
If your source files are in a directory other than /etc, you must alter the PWDIR password macro in the Makefile to refer to the directory where the passwd and shadow files reside, changing the line PWDIR=/etc to PWDIR/your-choice, where your-choice is the name of the directory you will be using to store the passwd map source files.
Caution - Be sure that the passwd file in the directory specified by PWDDIR does not contain an entry for root.
Preparing the Master Server -- Task Map
Table 10-1 Preparing the Master Server|
Task |
Description |
For Instructions, Go To |
|
|---|---|---|---|
|
Preparing the Master Server |
Convert files to NIS maps | ||
|
Preparing the Master Server |
Set up with ypinit | ||
How To Prepare Source Files for Conversion to NIS Maps
Prepare the source files for conversion to NIS maps.
-
Check the source files on the master server to make sure they reflect an up-to-date picture of your system environment.
Check the following files:
-
auto.home or auto_home
-
auto.master or auto_master
-
bootparams
-
ethers
-
group
-
hosts
-
ipnodes
-
netgroup
-
netmasks
-
networks
-
passwd
-
protocols
-
rpc
-
service
-
shadow
-
-
Copy all of these source files, except passwd, to the DIR directory that you have selected.
-
Copy the passwd file to the PWDIR directory that you have selected.
-
Check the /etc/mail/aliases file.
Unlike other source files, the /etc/mail/aliases file cannot be moved to another directory. This file must reside in the /etc/mail directory. Make sure the /etc/mail/aliases source file is complete by verifying that it contains all the mail aliases that you want to have available throughout the domain. Refer to the aliases man page for more information.
-
Clean all comments and other extraneous lines and information from the source files.
These operations can be done through a sed or awk script or with a text editor. (The makefile performs some file cleaning automatically for you, but it is good practice to examine and clean these files by hand before running.)
-
Check to make sure that the data in all the source files is correctly formatted
Source file data needs to be in the correct format for that particular file. Check the man pages for the different files to make sure that each file is in the correct format.
Preparing the Makefile
After checking the source files and copying them into the source file directory, you now need to convert those source files into the ndbm format maps that the NIS service uses. This is done automatically for you by ypinit when called on the master server, as explained in the next section, "How to Set Up the Master Server With ypinit".
The ypinit script calls the program make, which uses the Makefile located in the /var/yp directory. A default Makefile similar to Example 10-1 is provided for you in the /var/yp directory and contains the commands needed to transform the source files into the desired ndbm format maps.
You can use the default Makefile as it is, or modify it if you want. (If you do modify the default Makefile, be sure to first copy and store the original default Makefile in case you need it for future use.) You might need to make one or more of the following modifications to the Makefile:
-
Nondefault maps. If you have created your own non-default source files and want to convert them to NIS maps, you must add those source files to the Makefile.
-
DIRvalue. If you want the Makefile to use source files stored in some directory other than /etc, as explained in "Source Files Directory", you must change the value ofDIRin the Makefile to the directory that you want to use. When changing this value in the Makefile, do not indent the line. -
PWDIRvalue. If you want the Makefile to use passwd, shadow, and/or adjunct source files stored in some directory other than /etc, you must change the value ofPWDIRin the Makefile to the directory that you want to use. When changing this value in the Makefile, do not indent the line. -
Domain name resolver. If you want the NIS server to use the domain name resolver for machines not in the current domain, comment out the Makefile line B=, and uncomment (activate) the line B= -b.
Example 10-1 Default Makefile Before Modification
#
# Copyright (c) 1996-1999, by Sun Microsystems, Inc.
# All rights reserved.
#
#pragma ident "@(#)Makefile 1.25 99/06/01 SMI"
#
#----
# It is somewhat confusing to note that Solaris 2.x uses /etc/auto_master
# instead of the 4.x /etc/auto.master file name because of NIS+ treating a
# "." in a special way.
#
# Set the following variable to "-b" to have NIS servers use the domain name
# resolver for hosts not in the current domain.
#B=-b
B=
DIR =/etc
#
# If the ipnodes (IPv6 hosts file) lives in a directory other than
# /etc/inet, then you'll need to change the following line.
#
INETDIR=/etc/inet
#
# If the passwd, shadow and/or adjunct files used by rpc.yppasswdd
# live in directory other than /etc then you'll need to change the
# following line.
# DO NOT indent the line, however, since /etc/init.d/yp attempts
# to find it with grep "^PWDIR" ...
#
PWDIR =/etc
DOM = `domainname`
NOPUSH = ""
ALIASES = /etc/mail/aliases
YPDIR=/usr/lib/netsvc/yp
SBINDIR=/usr/sbin
YPDBDIR=/var/yp
YPPUSH=$(YPDIR)/yppush
MAKEDBM=$(SBINDIR)/makedbm
MULTI=$(YPDIR)/multi
REVNETGROUP=$(SBINDIR)/revnetgroup
STDETHERS=$(YPDIR)/stdethers
STDHOSTS=$(YPDIR)/stdhosts
MKNETID=$(SBINDIR)/mknetid
MKALIAS=$(YPDIR)/mkalias
CHKPIPE= || ( echo "NIS make terminated:" $@ 1>&2; kill -TERM 0 )
k:
@if [ ! $(NOPUSH) ]; then $(MAKE) $(MFLAGS) -k all; \
else $(MAKE) $(MFLAGS) -k all NOPUSH=$(NOPUSH);fi
all: passwd group hosts ipnodes ethers networks rpc services protocols \
netgroup bootparams aliases publickey netid netmasks c2secure \
timezone auto.master auto.home \
auth.attr exec.attr prof.attr user.attr audit.user
c2secure:
-@if [ -f $(PWDIR)/security/passwd.adjunct ]; then \
if [ ! $(NOPUSH) ]; then $(MAKE) $(MFLAGS) -k \
passwd.adjunct.time group.adjunct.time; \
else $(MAKE) $(MFLAGS) -k NOPUSH=$(NOPUSH) \
passwd.adjunct.time group.adjunct.time; \
fi; \
fi
passwd.time: $(PWDIR)/passwd $(PWDIR)/shadow
-@if [ -f $(PWDIR)/security/passwd.adjunct ]; then \
(nawk 'BEGIN { FS=":"; OFS=":" } /^[a-zA-Z0-9_]/ { $$2 = "##" $$1; \
printf "%s\t%s\n", $$1, $$0 }' $(PWDIR)/passwd $(CHKPIPE)) | \
$(MAKEDBM) - $(YPDBDIR)/$(DOM)/passwd.byname; \
(nawk 'BEGIN { FS=":"; OFS=":" } /^[a-zA-Z0-9_]/ { $$2 = "##" $$1; \
printf "%-10d\t%s\n", $$3, $$0 }' $(PWDIR)/passwd $(CHKPIPE)) | \
$(MAKEDBM) - $(YPDBDIR)/$(DOM)/passwd.byuid; \
elif [ -f $(PWDIR)/shadow ]; then \
(nawk 'BEGIN { FS=":"; OFS=":"; while ( getline < "$(PWDIR)/shadow" > 0) \
shadow[$$1] = $$2; } /^[a-zA-Z0-9_]/ { $$2 = shadow[$$1]; \
printf "%s\t%s\n",$$1,$$0 }' $(PWDIR)/passwd $(CHKPIPE))| \
$(MAKEDBM) - $(YPDBDIR)/$(DOM)/passwd.byname; \
(nawk 'BEGIN { FS=":"; OFS=":"; while ( getline < "$(PWDIR)/shadow" > 0) \
shadow[$$1] = $$2; } /^[a-zA-Z0-9_]/ { $$2 = shadow[$$1]; \
printf "%-10d\t%s\n",$$3,$$0 }' $(PWDIR)/passwd $(CHKPIPE))| \
$(MAKEDBM) - $(YPDBDIR)/$(DOM)/passwd.byuid; \
else \
(awk 'BEGIN { FS=":"; OFS="\t"; } /^[a-zA-Z0-9_]/ { print $$1, $$0 }' \
$(PWDIR)/passwd $(CHKPIPE))| $(MAKEDBM) - $(YPDBDIR)/$(DOM)/passwd.byname; \
(awk 'BEGIN { FS=":"; OFS="\t"; } /^[a-zA-Z0-9_]/ { printf("%-10d ", $$3); \
print $$0 }' $(PWDIR)/passwd $(CHKPIPE))| $(MAKEDBM) - \
$(YPDBDIR)/$(DOM)/passwd.byuid; \
fi
@touch passwd.time;
@echo "updated passwd";
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) passwd.byname; fi
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) passwd.byuid; fi
@if [ ! $(NOPUSH) ]; then echo "pushed passwd"; fi
group.time: $(DIR)/group
@(awk 'BEGIN { FS=":"; OFS="\t"; } /^[a-zA-Z0-9_]/ { print $$1, $$0 }' \
$(DIR)/group $(CHKPIPE))| $(MAKEDBM) - $(YPDBDIR)/$(DOM)/group.byname;
@(awk 'BEGIN { FS=":"; OFS="\t"; } /^[a-zA-Z0-9_]/ { printf("%-10d ", $$3); \
print $$0 }' $(DIR)/group $(CHKPIPE)) | $(MAKEDBM) - \
$(YPDBDIR)/$(DOM)/group.bygid;
@touch group.time;
@echo "updated group";
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) group.byname; fi
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) group.bygid; fi
@if [ ! $(NOPUSH) ]; then echo "pushed group"; fi
ipnodes.time: $(INETDIR)/ipnodes
@($(MULTI) -n $(B) -l $(INETDIR)/ipnodes);
@($(STDHOSTS) -n $(INETDIR)/ipnodes $(CHKPIPE))| \
(awk 'BEGIN { OFS="\t"; } $$1 !~ /^#/ { print $$1, $$0 }' $(CHKPIPE)) | \
$(MAKEDBM) $(B) - $(YPDBDIR)/$(DOM)/ipnodes.byaddr;
@touch ipnodes.time;
@echo "updated ipnodes";
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) ipnodes.byname; fi
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) ipnodes.byaddr; fi
@if [ ! $(NOPUSH) ]; then echo "pushed ipnodes"; fi
hosts.time: $(DIR)/hosts
@($(MULTI) $(B) -l $(DIR)/hosts);
@($(STDHOSTS) $(DIR)/hosts $(CHKPIPE))| \
(awk 'BEGIN { OFS="\t"; } $$1 !~ /^#/ { print $$1, $$0 }' $(CHKPIPE)) | \
$(MAKEDBM) $(B) - $(YPDBDIR)/$(DOM)/hosts.byaddr;
@touch hosts.time;
@echo "updated hosts";
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) hosts.byname; fi
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) hosts.byaddr; fi
@if [ ! $(NOPUSH) ]; then echo "pushed hosts"; fi
ethers.time: $(DIR)/ethers
@($(STDETHERS) $(DIR)/ethers $(CHKPIPE)) \
|(awk '{print $$1, $$0; for (i = 3;i <= NF;i++) print $$i,$$0}' $(CHKPIPE)) \
| $(MAKEDBM) - $(YPDBDIR)/$(DOM)/ethers.byaddr
@(awk 'BEGIN { OFS="\t"; } $$1 !~ /^#/ { print $$2, $$0 }' \
$(DIR)/ethers $(CHKPIPE)) | \
$(MAKEDBM) - $(YPDBDIR)/$(DOM)/ethers.byname;
@touch ethers.time;
@echo "updated ethers";
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) ethers.byname; fi
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) ethers.byaddr; fi
@if [ ! $(NOPUSH) ]; then echo "pushed ethers"; fi
networks.time: $(DIR)/networks
@(sed -e "/^#/d" -e s/#.*$$// $(DIR)/networks $(CHKPIPE)) |( awk \
'{print $$1, $$0; for (i = 3;i <= NF;i++) print $$i,$$0}' \
$(CHKPIPE) )| $(MAKEDBM) - $(YPDBDIR)/$(DOM)/networks.byname;
@(awk 'BEGIN { OFS="\t"; } $$1 !~ /^#/ { print $$2, $$0 }' \
$(DIR)/networks $(CHKPIPE)) | $(MAKEDBM) - $(YPDBDIR)/$(DOM)/networks.byaddr;
@touch networks.time;
@echo "updated networks";
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) networks.byname; fi
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) networks.byaddr; fi
@if [ ! $(NOPUSH) ]; then echo "pushed networks"; fi
services.time: $(DIR)/services
@(awk 'BEGIN { OFS="\t"; } $$1 !~ /^#/ { print $$2, $$0 }' \
$(DIR)/services $(CHKPIPE))| $(MAKEDBM) - $(YPDBDIR)/$(DOM)/services.byname;
@(awk 'BEGIN { OFS="\t"; } \
$$1 !~ /^#/ { split($$2,pp,"/"); printf("%s/%s %s\n", $$1, pp[2], $$0);\
if (seen[$$1] == "") {\
printf("%s %s\n", $$1, $$0); seen[$$1]=$$1;} \
for (i = 3; i <= NF && $$i !~ /^#/; i++) \
printf("%s/%s %s\n", $$i, pp[2], $$0)}' \
$(DIR)/services $(CHKPIPE)) | \
$(MAKEDBM) $(B) - $(YPDBDIR)/$(DOM)/services.byservicename
@touch services.time;
@echo "updated services";
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) services.byname; fi
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) services.byservicename; fi
@if [ ! $(NOPUSH) ]; then echo "pushed services"; fi
rpc.time: $(DIR)/rpc
@(awk 'BEGIN { OFS="\t"; } $$1 !~ /^#/ { print $$2, $$0 }' \
$(DIR)/rpc $(CHKPIPE))| $(MAKEDBM) - $(YPDBDIR)/$(DOM)/rpc.bynumber;
@touch rpc.time;
@echo "updated rpc";
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) rpc.bynumber; fi
@if [ ! $(NOPUSH) ]; then echo "pushed rpc"; fi
protocols.time: $(DIR)/protocols
@(awk 'BEGIN { OFS="\t"; } $$1 !~ /^#/ { print $$2, $$0 }' \
$(DIR)/protocols $(CHKPIPE)) | $(MAKEDBM) - \
$(YPDBDIR)/$(DOM)/protocols.bynumber;
@(sed -e "/^#/d" -e s/#.*$$// $(DIR)/protocols $(CHKPIPE)) |( awk \
'{print $$1,$$0; for (i = 3;i <= NF;i++) print $$i, $$0}' \
$(CHKPIPE))| $(MAKEDBM) - $(YPDBDIR)/$(DOM)/protocols.byname;
@touch protocols.time;
@echo "updated protocols";
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) protocols.byname; fi
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) protocols.bynumber; fi
@if [ ! $(NOPUSH) ]; then echo "pushed protocols"; fi
netgroup.time: $(DIR)/netgroup
@$(MAKEDBM) $(DIR)/netgroup $(YPDBDIR)/$(DOM)/netgroup
@($(REVNETGROUP) < $(DIR)/netgroup -u $(CHKPIPE))| $(MAKEDBM) - $(YPDBDIR)/$(DOM)/netgroup.byuser
@($(REVNETGROUP) < $(DIR)/netgroup -h $(CHKPIPE))| $(MAKEDBM) - $(YPDBDIR)/$(DOM)/netgroup.byhost
@touch netgroup.time;
@echo "updated netgroup";
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) netgroup; fi
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) netgroup.byuser; fi
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) netgroup.byhost; fi
@if [ ! $(NOPUSH) ]; then echo "pushed netgroup"; fi
bootparams.time: $(DIR)/bootparams
@(sed -e '/^#/d' -e s/#.*$$// -e 's/[ ][ ]*$$//' \
-e '/\\$$/s/\\$$/ /' $(DIR)/bootparams $(CHKPIPE))\
|( awk '/ $$/ {printf "%s", $$0} !/ $$/ {print}' $(CHKPIPE))\
|( sed -e 's/[ ][ ]*/ /g' $(CHKPIPE))\
| $(MAKEDBM) - $(YPDBDIR)/$(DOM)/bootparams;
@touch bootparams.time;
@echo "updated bootparams";
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) bootparams; fi
@if [ ! $(NOPUSH) ]; then echo "pushed bootparams"; fi
aliases.time: $(ALIASES)
@cp $(ALIASES) $(YPDBDIR)/$(DOM)/mail.aliases;
@/usr/lib/sendmail -bi -oA$(YPDBDIR)/$(DOM)/mail.aliases;
$(MKALIAS) $(YPDBDIR)/$(DOM)/mail.aliases $(YPDBDIR)/$(DOM)/mail.byaddr;
@rm $(YPDBDIR)/$(DOM)/mail.aliases;
@touch aliases.time;
@echo "updated aliases";
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) mail.aliases; fi
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) mail.byaddr; fi
@if [ ! $(NOPUSH) ]; then echo "pushed aliases"; fi
netmasks.time: $(DIR)/netmasks
$(MAKEDBM) $(DIR)/netmasks $(YPDBDIR)/$(DOM)/netmasks.byaddr;
@touch netmasks.time;
@echo "updated netmasks";
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) netmasks.byaddr; fi
@if [ ! $(NOPUSH) ]; then echo "pushed netmasks"; fi
publickey.time: $(DIR)/publickey
@(sed "/^#/d" < $(DIR)/publickey $(CHKPIPE))| $(MAKEDBM) - $(YPDBDIR)/$(DOM)/publickey.byname;
@touch publickey.time;
@echo "updated publickey";
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) publickey.byname; fi
@if [ ! $(NOPUSH) ]; then echo "pushed publickey"; fi
netid.time: $(PWDIR)/passwd $(DIR)/group $(DIR)/hosts $(DIR)/netid
@$(MKNETID) -q -p $(PWDIR)/passwd -g $(DIR)/group -h $(DIR)/hosts -m $(DIR)/netid > .ypjunk;
@$(MAKEDBM) .ypjunk $(YPDBDIR)/$(DOM)/netid.byname;
@rm -f .ypjunk;
@touch netid.time;
@echo "updated netid";
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) netid.byname; fi
@if [ ! $(NOPUSH) ]; then echo "pushed netid"; fi
# Old way. Could be restored by PSARC decision.
#
#passwd.adjunct.time: $(PWDIR)/security/passwd.adjunct
# @(awk 'BEGIN { FS=":"; OFS="\t"; } /^[a-zA-Z0-9_]/ { print $$1, $$0 }' $(PWDIR)/security/passwd.adjunct $(CHKPIPE)) | \
# $(MAKEDBM) -s - $(YPDBDIR)/$(DOM)/passwd.adjunct.byname;
# @chmod 600 $(YPDBDIR)/$(DOM)/passwd.adjunct.byname.dir;
# @chmod 600 $(YPDBDIR)/$(DOM)/passwd.adjunct.byname.pag;
# @touch passwd.adjunct.time
# @echo "updated passwd.adjunct";
# @if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) passwd.adjunct.byname; fi
# @if [ ! $(NOPUSH) ]; then echo "pushed passwd.adjunct"; fi
passwd.adjunct.time: $(PWDIR)/security/passwd.adjunct $(PWDIR)/shadow
-@if [ -f $(PWDIR)/shadow ]; then \
(nawk 'BEGIN { FS=":"; while (getline < "$(PWDIR)/shadow" > 0) \
shadow[$$1] = $$2; } /^[a-zA-Z0-9_]/ { $$2 = shadow[$$1]; OFS=":"; \
printf "%s\t%s\n", $$1, $$0 }' $(PWDIR)/security/passwd.adjunct $(CHKPIPE)) | \
$(MAKEDBM) -s - $(YPDBDIR)/$(DOM)/passwd.adjunct.byname; \
else \
(awk 'BEGIN { FS=":"; OFS="\t"; } /^[a-zA-Z0-9_]/ { print $$1, $$0 }' \
$(PWDIR)/security/passwd.adjunct $(CHKPIPE)) | \
$(MAKEDBM) -s - $(YPDBDIR)/$(DOM)/passwd.adjunct.byname; \
fi
@chmod 600 $(YPDBDIR)/$(DOM)/passwd.adjunct.byname.dir;
@chmod 600 $(YPDBDIR)/$(DOM)/passwd.adjunct.byname.pag;
@touch passwd.adjunct.time
@echo "updated passwd.adjunct";
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) passwd.adjunct.byname; fi
@if [ ! $(NOPUSH) ]; then echo "pushed passwd.adjunct"; fi
group.adjunct.time: $(PWDIR)/security/group.adjunct
@(awk 'BEGIN { FS=":"; OFS="\t"; } /^[a-zA-Z0-9_]/ { print $$1, $$0 }' $(PWDIR)/security/group.adjunct $(CHKPIPE)) | \
$(MAKEDBM) -s - $(YPDBDIR)/$(DOM)/group.adjunct.byname;
@chmod 600 $(YPDBDIR)/$(DOM)/group.adjunct.byname.dir;
@chmod 600 $(YPDBDIR)/$(DOM)/group.adjunct.byname.pag;
@touch group.adjunct.time
@echo "updated group.adjunct";
@if [ ! $(NOPUSH) ]; then $(YPPUSH) -d $(DOM) group.adjunct.byname; fi
@if [ ! $(NOPUSH) ]; then echo "pushed group.adjunct"; fi
timezone.time: $(DIR)/timezone
-@if [ -f $(DIR)/timezone ]; then \
sed -e "/^#/d" -e s/#.*$$// $(DIR)/timezone \
| awk '{for (i = 2; i<=NF; i++) print $$i, $$0}' \
| $(MAKEDBM) - $(YPDBDIR)/$(DOM)/timezone.byname; \
touch timezone.time; \
echo "updated timezone"; \
if [ ! $(NOPUSH) ]; then \
$(YPPUSH) timezone.byname; \
echo "pushed timezone"; \
else \
: ; \
fi \
else \
echo "couldn't find $(DIR)/timezone"; \
fi
auto.master.time: $(DIR)/auto_master
-@if [ -f $(DIR)/auto_master ]; then \
sed -e "/^#/d" -e s/#.*$$// $(DIR)/auto_master \
| $(MAKEDBM) - $(YPDBDIR)/$(DOM)/auto.master; \
touch auto.master.time; \
echo "updated auto.master"; \
if [ ! $(NOPUSH) ]; then \
$(YPPUSH) auto.master; \
echo "pushed auto.master"; \
else \
: ; \
fi \
else \
echo "couldn't find $(DIR)/auto_master"; \
fi
auto.home.time: $(DIR)/auto_home
-@if [ -f $(DIR)/auto_home ]; then \
sed -e "/^#/d" -e s/#.*$$// $(DIR)/auto_home \
| $(MAKEDBM) - $(YPDBDIR)/$(DOM)/auto.home; \
touch auto.home.time; \
echo "updated auto.home"; \
if [ ! $(NOPUSH) ]; then \
$(YPPUSH) auto.home; \
echo "pushed auto.home"; \
else \
: ; \
fi \
else \
echo "couldn't find $(DIR)/auto_home"; \
fi
auth.attr.time: $(DIR)/auth_attr
-@if [ -f $(DIR)/auth_attr ]; then \
sed -e "/^#/d" -e s/#.*$$// $(DIR)/auth_attr \
|sed -e '/\\$$/{:l' -e 'N;s/\\\n//;t h' -e ':h' \
-e 's/\\$$/\\/;t l' -e } \
| (nawk 'BEGIN { FS=":"; OFS=":" } /^[a-zA-Z0-9_]/ \
{printf "%s:%s\n", $$1, $$0 }' $(CHKPIPE)) \
| $(MAKEDBM) -S ":" -E - $(YPDBDIR)/$(DOM)/auth_attr; \
touch auth.attr.time; \
echo "updated auth_attr"; \
if [ ! $(NOPUSH) ]; then \
$(YPPUSH) auth_attr; \
echo "pushed auth_attr"; \
else \
: ; \
fi \
else \
echo "couldn't find $(DIR)/auth_attr"; \
fi
exec.attr.time: $(DIR)/exec_attr
-@if [ -f $(DIR)/exec_attr ]; then \
sed -e "/^#/d" -e s/#.*$$// $(DIR)/exec_attr \
|sed -e '/\\$$/{:l' -e 'N;s/\\\n//;t h' -e ':h' \
-e 's/\\$$/\\/;t l' -e } \
| (nawk 'BEGIN { FS=":"; OFS=":" } /^[a-zA-Z0-9_]/ \
{printf "%s:%s:%s\n", \
$$1, $$6, $$0 }' $(CHKPIPE)) \
| $(MAKEDBM) -S ":" -E -D 1 - $(YPDBDIR)/$(DOM)/exec_attr; \
touch exec.attr.time; \
echo "updated exec_attr"; \
if [ ! $(NOPUSH) ]; then \
$(YPPUSH) exec_attr; \
echo "pushed exec_attr"; \
else \
: ; \
fi \
else \
echo "couldn't find $(DIR)/exec_attr"; \
fi
prof.attr.time: $(DIR)/prof_attr
-@if [ -f $(DIR)/prof_attr ]; then \
sed -e "/^#/d" -e s/#.*$$// $(DIR)/prof_attr \
|sed -e '/\\$$/{:l' -e 'N;s/\\\n//;t h' -e ':h' \
-e 's/\\$$/\\/;t l' -e } \
| (nawk 'BEGIN { FS=":"; OFS=":" } /^[a-zA-Z0-9_]/ \
{printf "%s:%s\n", $$1, $$0 }' $(CHKPIPE)) \
| $(MAKEDBM) -S ":" -E - $(YPDBDIR)/$(DOM)/prof_attr; \
touch prof.attr.time; \
echo "updated prof_attr"; \
if [ ! $(NOPUSH) ]; then \
$(YPPUSH) prof_attr; \
echo "pushed prof_attr"; \
else \
: ; \
fi \
else \
echo "couldn't find $(DIR)/prof_attr"; \
fi
user.attr.time: $(DIR)/user_attr
-@if [ -f $(DIR)/user_attr ]; then \
sed -e "/^#/d" -e s/#.*$$// $(DIR)/user_attr \
|sed -e '/\\$$/{:l' -e 'N;s/\\\n//;t h' -e ':h' \
-e 's/\\$$/\\/;t l' -e } \
| (nawk 'BEGIN { FS=":"; OFS=":" } /^[a-zA-Z0-9_]/ \
{printf "%s:%s\n", $$1, $$0 }' $(CHKPIPE)) \
| $(MAKEDBM) -S ":" -E - $(YPDBDIR)/$(DOM)/user_attr; \
touch user.attr.time; \
echo "updated user_attr"; \
if [ ! $(NOPUSH) ]; then \
$(YPPUSH) user_attr; \
echo "pushed user_attr"; \
else \
: ; \
fi \
else \
echo "couldn't find $(DIR)/user_attr"; \
fi
audit.user.time: $(DIR)/audit_user
-@if [ -f $(DIR)/audit_user ]; then \
sed -e "/^#/d" -e s/#.*$$// $(DIR)/audit_user \
|sed -e '/\\$$/{:l' -e 'N;s/\\\n//;t h' -e ':h' \
-e 's/\\$$/\\/;t l' -e } \
| (nawk 'BEGIN { FS=":"; OFS="\t" } /^[a-zA-Z0-9_]/ \
{print $$1, $$0 }' $(CHKPIPE)) \
| $(MAKEDBM) -s - $(YPDBDIR)/$(DOM)/audit_user; \
touch audit.user.time; \
echo "updated audit_user"; \
if [ ! $(NOPUSH) ]; then \
$(YPPUSH) audit_user; \
echo "pushed audit_user"; \
else \
: ; \
fi \
else \
echo "couldn't find $(DIR)/audit_user"; \
fi
passwd: passwd.time
group: group.time
hosts: hosts.time
ipnodes: ipnodes.time
ethers: ethers.time
networks: networks.time
rpc: rpc.time
services: services.time
protocols: protocols.time
netgroup: netgroup.time
bootparams: bootparams.time
aliases: aliases.time
publickey: publickey.time
netid: netid.time
passwd.adjunct: passwd.adjunct.time
group.adjunct: group.adjunct.time
netmasks: netmasks.time
timezone: timezone.time
auto.master: auto.master.time
auto.home: auto.home.time
auth.attr:auth.attr.time
exec.attr:exec.attr.time
prof.attr:prof.attr.time
user.attr:user.attr.time
audit.user:audit.user.time
$(DIR)/netid:
$(DIR)/timezone:
$(DIR)/auto_master:
$(DIR)/auto_home:
$(PWDIR)/shadow:
$(DIR)/auth_attr:
$(DIR)/exec_attr:
$(DIR)/prof_attr:
$(DIR)/user_attr:
$(DIR)/audit_user:
|
The function of the Makefile is to create the appropriate NIS maps for each of the databases listed under all. After passing through makedbm the data is collected in two files, mapname.dir and mapname.pag, both in the /var/yp/domainname directory on the master server.
The Makefile builds passwd maps from the /PWDIR/passwd, /PWDIR/shadow, and /PWDIR/security/passwd.adjunct files, as appropriate.
How to Set Up the Master Server With ypinit
The /usr/sbin/ypinit shell script sets up master and slave servers and clients to use NIS. It also initially runs make to create the maps on the master server.
To use ypinit to build a fresh set of NIS maps on the master server, follow these steps:
-
Become root on the master server and ensure that the name service gets its information from the /etc files, not from NIS, by typing:
# cp /etc/nsswitch.files /etc/nsswitch.conf
-
Edit the /etc/hosts or /etc/inet/ipnodes file to add the name and IP address of each of the NIS servers.
-
To build new maps on the master server, type:
# /usr/sbin/ypinit -m
-
ypinit prompts for a list of other machines to become NIS slave servers. Type the name of the server you are working on, along with the names of your NIS slave servers.
-
ypinit asks whether you want the procedure to terminate at the first nonfatal error or continue despite nonfatal errors. Type y.
When you choose y, ypinit exits upon encountering the first problem; you can then fix it and restart ypinit. This is recommended if you are running ypinit for the first time. If you prefer to continue, you can try to manually fix all problems that occur, and then restart ypinit.
Note -A nonfatal error can appear when some of the map files are not present. This is not an error that affects the functionality of NIS. You might need to add maps manually if they were not created automatically. Refer to Table 10-3 for a description of all default NIS maps.
-
ypinit asks whether the existing files in the /var/yp/domainname directory can be destroyed.
This message is displayed only if NIS has been previously installed. You must answer yes to install the new version of NIS.
-
After ypinit has constructed the list of servers, it invokes make.
# make
This program uses the instructions contained in the Makefile (either the default one or the one you modified) located in /var/yp. The make command cleans any remaining comment lines from the files you designated and runs makedbm on them, creating the appropriate maps and establishing the name of the master server for each map.
If the map or maps being pushed by the Makefile correspond to a domain other than the one returned by the command domainname on the master, you can make sure that they are pushed to the correct domain by starting make in the ypinit shell script with a proper identification of the variable
DOM, as follows:
# make DOM=domainname password
This pushes the password map to the intended domain, instead of the domain to which the master belongs.
-
To enable NIS as the naming service, type:
# cp /etc/nsswitch.nis /etc/nsswitch.conf
This replaces the current switch file with the default NIS-oriented switch file. You can edit this file as necessary.
Master Supporting Multiple NIS Domains
Normally, a NIS master server supports only one NIS domain. However, if you are using a master server to support multiple domains, you must modify the steps slightly, as described in the section above, when setting up the server to serve the additional domains.
Run the domainname command on the server. The domain name returned by the command is the server's default domain. The steps described in the section above will work properly for setting up service for that domain. To configure service for any other domain, you must modify the ypinit shell script as follows:
# make DOM=correct-domain passwd |
Where correct-domain is the name of the other domain that you are setting up service for, and passwd is the make target. This command pushes the password map to the intended domain, instead of the domain to which the master belongs.
- © 2010, Oracle Corporation and/or its affiliates