Go to main content

Working With Oracle® Solaris 11.3 Directory and Naming Services: DNS and NIS

Exit Print View

Updated: October 2017

passwd Files and Namespace Security

For security reasons, the files used to build the NIS password maps should not contain an entry for root, to prevent unauthorized root access. Therefore, the password maps should not be built from the files located in the master server's /etc directory. The password files used to build the password maps should have the root entry removed from them and be located in a directory that can be protected from unauthorized access.

For example, the master server password input files should be stored in a directory such as /var/yp, or any directory of your choice, as long as the file itself is not a link to another file and its location is specified in the Makefile. The correct directory option is set automatically according to the configuration specified in your Makefile.


Caution  -  Be sure that the passwd file in the directory specified by PWDIR does not contain an entry for root.

If your source files are in a directory other than /etc, you must alter the PWDIR password macro in /var/yp/Makefile to refer to the directory where the passwd and shadow files reside. You change the line PWDIR=/etc to PWDIR=/your-choice, where your-choice is the name of the directory you that will use to store the passwd map source files.