report. If
Lastly, if you are using either the old NIS implementation (supported by the
+::::::
and for the
+:::
With both glibc 2.x and NYS you can override parameters in a user's record received from the NIS server by creating entries with a '+' prepended to the login name, and exclude specified users by creating entries with a '-' prepended to the login name. For example the entries:
+stuart::::::/bin/jacl
- jedd::::::
would override the shell specified for the user
There are two big caveats in order here. First, the setup as described up to here works only for login suites that don't use shadow passwords. The intricacies of using shadow passwords with NIS will be discussed in the next section. Second, the login commands are not the only ones that access the
Still, this is not the whole story. Imagine what happens if a user wants to change her password. Usually, she will invoke passwd, which reads the new password and updates the local
# cd /bin
# mv passwd passwd.old
# ln yppasswd passwd
At the same time, you have to install rpc.yppasswdd on the server and start it from a network script. This will effectively hide any of the contortions of NIS from your users.
Using NIS with Shadow Support
Using NIS in conjunction with shadow password files is somewhat problematic. First we have some bad news: using NIS defeats the goals of shadow passwords. The
In libc5 there is no real solution to sharing
Of course, there are some hacks necessary to use NIS and shadow passwords at the same time, for instance, by installing an
The NIS support in the GNU libc library (libc6) provides support for shadow password databases. It does not provide any real solution to making your passwords accessible, but it does simplify password management in environments in which you do want to use NIS with shadow passwords. To use it, you must create a
# Shadow password support
shadow: compat
If you use shadow passwords along with NIS, you must try to maintain some security by restricting access to your NIS database. See 'NIS Server Security' earlier in this chapter.
Chapter 14. The Network File System
The Network File System (NFS) is probably the most prominent network service using RPC. It allows you to access files on remote hosts in exactly the same way you would access local files. A mixture of kernel support and user-space daemons on the client side, along with an NFS server on the server side, makes this possible. This file access is completely transparent to the client and works across a variety of server and host architectures.
NFS offers a number of useful features:
· Data accessed by all users can be kept on a central host, with clients mounting this directory at boot time. For example, you can keep all user accounts on one host and have all hosts on your network mount
· Data consuming large amounts of disk space can be kept on a single host. For example, all files and programs relating to LaTeX and METAFONT can be kept and maintained in one place.
· Administrative data can be kept on a single host. There is no need to use rcp to install the same stupid file on 20 different machines.
It's not too hard to set up basic NFS operation on both the client and server; this chapter tells you how.
Linux NFS is largely the work of Rick Sladkey, who wrote the NFS kernel code and large parts of the NFS server.[79] The latter is derived from the unfsd user space NFS server, originally written by Mark Shand, and the hnfs Harris NFS server, written by Donald Becker.
Let's have a look at how NFS works. First, a client tries to mount a directory from a remote host on a local directory just the same way it does a physical device. However, the syntax used to specify the remote directory is different. For example, to mount
