"Fossies" - the Fresh Open Source Software archive 
Member "ypserv-2.31/ypserv/ypserv.8.xml" of archive ypserv-2.31.tar.gz:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.4//EN"
"http://www.oasis-open.org/docbook/xml/4.4/docbookx.dtd">
<refentry id='makedbm'>
<refmeta>
<refentrytitle>ypserv</refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo class='setdesc'>NIS Reference Manual</refmiscinfo>
</refmeta>
<refnamediv id='name'>
<refname>ypserv</refname>
<refpurpose>NIS Server</refpurpose>
</refnamediv>
<!-- body begins here -->
<refsynopsisdiv id='synopsis'>
<cmdsynopsis>
<command>/usr/sbin/ypserv</command>
<arg choice='opt'>-d <arg choice='opt'><replaceable>path</replaceable></arg></arg>
<arg choice='opt'>-p <replaceable>port</replaceable></arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1 id='description'><title>DESCRIPTION</title>
<para><indexterm><primary>ypserv</primary><secondary>ypserv — NIS server process</secondary></indexterm></para>
<para>The
Network Information Service (NIS)
provides a simple network lookup service
consisting of databases and processes. The databases are
<emphasis remap='B'>gdbm</emphasis>
files in a directory tree rooted at
<filename>/var/yp</filename>.</para>
<para>The
<emphasis remap='B'>ypserv</emphasis>
daemon is typically activated at system startup.
<emphasis remap='B'>ypserv</emphasis>
runs only on
<acronym>NIS</acronym>
server machines with a complete
<acronym>NIS</acronym>
database. On other machines using the
<acronym>NIS</acronym>
services, you have to run
<emphasis remap='B'>ypbind</emphasis>
as client or under Linux you could use the libc with
<acronym>NYS</acronym>
support.
<emphasis remap='B'>ypbind</emphasis>
must run on every machine which has
<acronym>NIS</acronym>
client processes;
<emphasis remap='B'>ypserv</emphasis>
may or may not be running on the same node,
but must be running somewhere
on the network. On startup
<emphasis remap='B'>ypserv</emphasis>
parses the file
<filename>/etc/ypserv.conf.</filename></para>
</refsect1>
<refsect1 id='options'><title>OPTIONS</title>
<variablelist remap='TP'>
<varlistentry>
<term><option>-d</option>, <option>--debug </option>[<replaceable>path</replaceable>]</term>
<listitem>
<para>Causes the server to run in debugging mode. Normally,
<emphasis remap='B'>ypserv</emphasis>
reports only errors (access violations, dbm failures)
using the syslog(3) facility. In debug mode, the server does not
background itself and prints extra status messages to stderr for
each request that it revceives.
<emphasis remap='B'>path</emphasis>
is an optionally parameter.
<emphasis remap='B'>ypserv</emphasis>
is using this directory instead of /var/yp</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-p</option>, <option>--port</option> <replaceable>port</replaceable></term>
<listitem>
<para><emphasis remap='B'>ypserv</emphasis>
will bind itself to this port.
This makes it possible to have a router filter packets
to the NIS ports, so that access to the NIS server from
hosts on the Internet can be restricted.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>-v</option>, <option>--version</option></term>
<listitem>
<para>Prints the version number</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='security'><title>SECURITY</title>
<para>In general, any remote user can issue an RPC to
<emphasis remap='B'>ypserv</emphasis>
and retrieve the contents of your NIS maps, if he knows your
domain name. To prevent such unauthorized transactions,
<emphasis remap='B'>ypserv</emphasis>
supports a feature called
<emphasis remap='B'>securenets</emphasis>
which can be used to restrict access to a given set of hosts.
At startup <emphasis remap='B'>ypserv</emphasis>
will attempt to load the securenets information from a file
called
<filename>/var/yp/securenets .</filename>
This file contains entries that consist of a netmask
and a network pair separated by white spaces.
Lines starting with “#” are considered to be comments.</para>
<variablelist remap='TP'>
<varlistentry>
<term>A sample securenets file might look like this:</term>
<listitem>
<para>
<programlisting>
# allow connections from local host -- necessary
host 127.0.0.1
# same as 255.255.255.255 127.0.0.1
#
# allow connections from any host
# on the 131.234.223.0 network
255.255.255.0 131.234.223.0
# allow connections from any host
# between 131.234.214.0 and 131.234.215.255
255.255.254.0 131.234.214.0
</programlisting>
</para>
</listitem>
</varlistentry>
</variablelist>
<para>If
<emphasis remap='B'>ypserv</emphasis>
receives a request from an address that fails to match a rule,
the request will be ignored and a warning message will be
logged. If the
<filename>/var/yp/securenets</filename>
file does not exist,
<emphasis remap='B'>ypserv</emphasis>
will allow connections from any host.</para>
<para>In the
<filename>/etc/ypserv.conf</filename>
you could specify some access rules for special maps and hosts. But
it is not very secure, it makes the life only a little bit harder
for a potential hacker. If a mapname doesn't match a rule, ypserv will
look for the YP_SECURE key in the map. If it exists, ypserv will
only allow requests on a reserved port.</para>
<para>For security reasons, ypserv will only accept ypproc_xfr requests for
updating maps from the same master server as the old one. This means,
you have to reinstall the slave servers if you change the master server
for a map.</para>
</refsect1>
<refsect1 id='bugs'><title>BUGS</title>
<para>Sending the signal <emphasis remap='B'>SIGHUP</emphasis> to the server can lead to
a deadlock or crash.</para>
</refsect1>
<refsect1 id='files'><title>FILES</title>
<variablelist remap='TP'>
<varlistentry>
<term><filename>/etc/ypserv.conf</filename></term>
<listitem>
<para>configuration file.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><filename>/var/yp/securenets</filename></term>
<listitem>
<para>which hosts are allowed to contact <command>ypserv</command>.</para>
</listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1 id='see_also'><title>SEE ALSO</title>
<para><citerefentry><refentrytitle>domainname</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>ypcat</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>ypmatch</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
<citerefentry><refentrytitle>ypserv.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>netgroup</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
<citerefentry><refentrytitle>makedbm</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>revnetgroup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>ypinit</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>yppoll</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>yppush</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>ypset</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>ypwhich</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>ypxfr</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
<citerefentry><refentrytitle>rpc.ypxfrd</refentrytitle><manvolnum>8</manvolnum></citerefentry></para>
<para>The Network Information Service
(NIS)
was formerly known as Sun Yellow Pages
(YP).
The functionality of the two remains the same;
only the name has changed.
The name Yellow Pages is a registered trademark in the United Kingdom
of British Telecommunications plc,
and may not be used without permission.</para>
</refsect1>
<refsect1 id='author'><title>AUTHOR</title>
<para><emphasis remap='B'>ypserv</emphasis>
was written by Peter Eriksson <pen@lysator.liu.se>.
Thorsten Kukuk <kukuk@linux-nis.org> added support for master/slave
server and is the new Maintainer.</para>
</refsect1>
</refentry>