YPSERV(8) BSD System Manager's Manual YPSERV(8)NAME
ypserv -- YP server daemon
SYNOPSIS
ypserv [-1] [-a aclfile] [-d] [-x]
DESCRIPTION
Ypserv is a fundamental part of the network information system called YP. This server provides information from YP maps to the YP clients on
the network.
A YP map is stored on the server as a db(3) database. A number of YP maps is grouped together in a domain. Ypserv determines the domains it
serves by looking for a directory with the domain name in /var/yp.
YP hasn't been known for high security through the years. In recent years security has improved by restricting access to the server. In SunOS
4.1 has a new file occured named /var/yp/securenet. It contains networks the server can assume is secure. For information about file format
see securenet(5).
Before the author of this server had seen securenet(5) another format was implemented ypserv.acl(5). This file format makes it possible to
allow and deny hosts and networks access to the server. This file can have any name since it's given by the argument to -a (use full path).
The file used can be reread by sending a SIGHUP to ypserv. The process pid can be found in the file /var/run/ypserv.pid
If a host isn't secure all queries to the server will result in a YP_NODOM result.
If the file /var/yp/ypserv.log exists then messages will be written to the file.
If a directory named the same as the system domainname exists in /var/yp/ (ie. the domainname is foo and directory /var/yp/foo exists), then
ypserv will be automatically started at boot time.
The options are as follows:
-1 Allow ypserv to answer old YP version 1 requests.
-a aclfile
Don't use /var/yp/securenet. Use another file with another file format. For futher information see man page for ypserv.acl.
-d Use Internet Domain Name System. If a query to map hosts.byname or hosts.byaddr fails, make a DNS query and return the result if suc-
cessful. Alternately, if these maps were built on the YP master using makedbm -b then DNS queries will be done without needing to
specify -d.
-x Terminate the server after processing aclfile or /var/yp/securenet.
FILES
/var/yp/ypserv.log
/var/yp/securenet
/var/run/ypserv.pid
SEE ALSO yp(8), ypserv.acl(5), securenet(5), ypbind(1)AUTHOR
Mats O Jansson <moj@stacken.kth.se>
BSD June 27, 1994 BSD
Check Out this Related Man Page
YPSERV(8) NIS Reference Manual YPSERV(8)NAME
ypserv - NIS Server
SYNOPSIS
/usr/sbin/ypserv [-d] [-p port] [-f|--foreground]
DESCRIPTION
The Network Information Service (NIS) provides a simple network lookup service consisting of databases and processes. The databases are
gdbm files in a directory tree rooted at /var/yp.
The ypserv daemon is typically activated at system startup. ypserv runs only on NIS server machines with a complete NIS database. On other
machines using the NIS services, you have to run ypbind as client or under Linux you could use the libc with NYS support. ypbind must run
on every machine which has NIS client processes; ypserv may or may not be running on the same node, but must be running somewhere on the
network. On startup ypserv parses the file /etc/ypserv.conf. It is also possible to pass OPTIONS to ypserv using the environment variable
YPSERV_ARGS and this variable can be set in /etc/sysconfig/network.
OPTIONS -d, --debug
Causes the server to run in debugging mode. Normally, ypserv reports only errors (access violations, dbm failures) using the syslog(3)
facility. In debug mode, the server does not background itself and prints extra status messages to stderr for each request that it
revceives.
-p, --port port
ypserv will bind itself to this port. This makes it possible to have a router filter packets to the NIS ports, so that access to the
NIS server from hosts on the Internet can be restricted.
-v, --version
Prints the version number
-f, --foreground
will not put itself into background.
SECURITY
In general, any remote user can issue an RPC to ypserv and retrieve the contents of your NIS maps, if he knows your domain name. To prevent
such unauthorized transactions, ypserv supports a feature called securenets which can be used to restrict access to a given set of hosts.
At startup ypserv will attempt to load the securenets information from a file called /var/yp/securenets . This file contains entries that
consist of a netmask and a network pair separated by white spaces. Lines starting with "#" are considered to be comments.
A sample securenets file might look like this:
# allow connections from local host -- necessary
host 127.0.0.1
# same as 255.255.255.255 127.0.0.1
#
# allow connections from any host
# on the 131.234.223.0 network
255.255.255.0 131.234.223.0
# allow connections from any host
# between 131.234.214.0 and 131.234.215.255
255.255.254.0 131.234.214.0
If ypserv receives a request from an address that fails to match a rule, the request will be ignored and a warning message will be logged.
If the /var/yp/securenets file does not exist, ypserv will allow connections from any host.
In the /etc/ypserv.conf you could specify some access rules for special maps and hosts. But it is not very secure, it makes the life only a
little bit harder for a potential hacker. If a mapname doesn't match a rule, ypserv will look for the YP_SECURE key in the map. If it
exists, ypserv will only allow requests on a reserved port.
For security reasons, ypserv will only accept ypproc_xfr requests for updating maps from the same master server as the old one. This means,
you have to reinstall the slave servers if you change the master server for a map.
BUGS
Sending the signal SIGHUP to the server can lead to a deadlock or crash.
FILES
/etc/ypserv.conf
configuration file.
/var/yp/securenets
which hosts are allowed to contact ypserv.
/etc/sysconfig/network
setting additional arguments to ypserv.
SEE ALSO domainname(1), ypcat(1), ypmatch(1), ypserv.conf(5), netgroup(5), makedbm(8), revnetgroup(8), ypinit(8), yppoll(8), yppush(8), ypset(8),
ypwhich(8), ypxfr(8), rpc.ypxfrd(8)
The Network Information Service (NIS) was formerly known as Sun Yellow Pages (YP). The functionality of the two remains the same; only the
name has changed. The name Yellow Pages is a registered trademark in the United Kingdom of British Telecommunications plc, and may not be
used without permission.
AUTHOR
ypserv was written by Peter Eriksson <pen@lysator.liu.se>. Thorsten Kukuk <kukuk@linux-nis.org> added support for master/slave server and
is the new Maintainer.
NIS Reference Manual 01/27/2010 YPSERV(8)