Softpanorama

May the source be with you, but remember the KISS principle ;-)
Home Switchboard Unix Administration Red Hat TCP/IP Networks Neoliberalism Toxic Managers
(slightly skeptical) Educational society promoting "Back to basics" movement against IT overcomplexity and  bastardization of classic Unix

Solaris NIS Minitutorial

(Draft, version 0.34)

Prev

Contents Next

The following tutorial is based largely on publicly available Sun Solaris 9 materials including some quotes from Sun Student Guide for SA-299. Troubleshooting part is based on Sun NIS FAQ largely available from other sources on Internet. Also some of material from O'Reilly Practical Unix and Internet Security were used in security part. This tutorial was used a couple of times as a material for lectures, but generally is still pretty raw...  It is provided "as is" in a hope that some may found it useful...

Contents

  1. Introduction
  2. NIS namespace
  3. NIS Maps
  4. NIS daemons
  5. NIS security
  6. NIS Troubleshooting

Introduction

Network Information Service (NIS) is a distributed database that allows you to maintain consistent configuration files throughout your network.  It was initially released by Sun in the early 80's and called Sun Yellow Pages, but later had to be renamed for legal reasons due to trademark protection of the term "yellow pages" by British Telecom. NIS commands still begin with the prefix yp. All Unix vendors have licensed Sun's code, making NIS a the most widely supported naming service after DNS. Even today Solaris NIS is one of the oldest and best known and most reliable distributed database for Unix configuration files   Like NFS NIS implementation is based on RPC, so this far more then a file synchronization services.

Note: NIS  was later enhanced by Sun to more complex and less reliable implementation  called NIS+. Paradoxically NIS+ became obsolete even before NIS.  NIS+ won't be covered in this class. For those that are interested in it, there is an IBM red book that contains a lot of information. NIS+ is still is available in Solaris and even is a default naming service during the installation in Solaris 9. 

While sufficiently simpler than NIS+ NIS is still obscure enough to create a lot of problems for administrators. For example it treats the passwd database as a special case (and actually not in completely secure way, defeating Solaris shadow file mechanism).  Unlike similar implementation on AIX and Linux Solaris implementation does not understand the symbol plus as the frist symbol of the line to be a start in "NIS include". Solaris NIS uses  /etc/nsswitch to determine in what order the information sources for a particular name should be queried.

 The following terms are crucial for an understanding of NIS:

While NIS does simplifies synchronization of user accounts and configuration files on multiple servers, currently 80% of NIS functionality can be achieved using other protocols, for example ssh or Tivoli Configuration Manager. With the availability of ssh and scp that can perform the push of arbitrary files to arbitrary number of servers in a secure way NIS makes slightly less sense due to security concerns, especially for files that does not change often. Still not all NIS functionality can be completely replicated via other protocols. We already mentioned ssh, but while very convenient for regular configuration files it is not very convenient for replicating passwd files as it requires special efforts to provide the possibility of updating the passwd locally. NIS provides this possibility out of the box. Lately LDAP emerged as a better fit for integrating of /etc/passwd into the central database in the enterprise environment. But is has its share of problems. See IBM Redbooks AIX - Migrating NIS Maps into LDAP

However, even though NIS has been deprecated, it is still widely used in many environments. Also it can serve as a poor man bridge between Microsoft Active Directory and Unix world  (via Microsoft SFU NIS implementation).

NIS is a distributed database system that lets many computers share configuration files like password files, group files, host tables, etc from the central network server (master server). NIS makes network administration more manageable by providing centralized control over a variety of network information. This collection of network information is called the NIS namespace.

It understands passwd files as a special case but other then that can be used for synchronizing arbitrary files. If the rpc.yppasswdd daemon is running you can enter the passwd command on any NIS client: passwd in Solaris 2.6 and higher check to see if the password file is managed by NIS, and invoke yppasswd if this is the case. After changing your password you should see the message "NIS entry changed on alpha" where alpha is the name of a NIS master. The following session illustrates this point:

$ passwd
Changing NIS password for joeuser on server1.
Old password:
New password:
Retype new password:
NIS entry changed on alpha

You can view it as specialized NFS for configuration files although it is more than that as it permits dynamically combine the parts of the file stored on the client server with the parts of the file stored in the networked master server (so called maps).  It also optimized for fast performance of this particular function and can scale to hundreds of computers.

Like in NFS although the files appear to be available on every computer, they are actually stored on only on NIS master server (in NIs case they are replicated from the master and possibly replicated on a backup, secondary server, or slave server). While you can update files on the master NIS clients will  use those modified files as if they were stored locally. Files stored on the master server not directly but in special format called NIS maps. NIS maps are compiled form regular files using Unix make.

With NIS, configuration files can be managed more easily because all or part of the configuration information can be stored and maintained on a single machine yet used on all the systems in the network.

For example in case of passwd file this can be Unix administrator group that should have account on each server. Moreover in some NIS implementation (but not in Solaris) there are capabilities similar to grep: you can restrict NIS to importing only accounts of particular users by following the + symbol with a particular username.

In Solaris  /etc/nsswitch file provided information about whether a particular file should be taken from NIS or not and in what order the files are appended to each other. Think about it as a primitive meta file that specified several includes:

hosts: nis [NOTFOUND=return] files
networks: nis [NOTFOUND=return] files
protocols: nis [NOTFOUND=return] files
rpc: nis [NOTFOUND=return] files
ethers: nis [NOTFOUND=return] files
netmasks: nis [NOTFOUND=return] files
bootparams: nis [NOTFOUND=return] files
publickey: nis [NOTFOUND=return] files

Note:

In some old implementations of NIS (for example in Solaris 1) the capabilities are closer to include files well known in C macroprocessor. Syntax is different, though. NIS uses the plus sign (+) in the first column to mark in the include. The plus sign instructs the Unix daemon that reads in this configuration file to query the NIS server for the included fragment, for example:

root::0:1:Root:/:/bin/sh
+nick::120:5:::

Note that UID and GID for this user are included are not used and will be replaced from NIS on each access:  getpwuid ( ) actually goes to the NIS map and overrides the UID and GID values that you specify. So the whole record will be overwritten from the map.  In those implementations you also have a rudimentary capability to exclude certain usernames from being imported from the inserted fragment by inserting a line that begins with a minus sign (-). For example, to exclude account and include the others from the server, you might use the following /etc/passwd file:

root::0:1:Root:/:/bin/sh
-joeuser::2005:2005:::
+::9999:9999:::

Prev

Contents Next



Etc

Society

Groupthink : Two Party System as Polyarchy : Corruption of Regulators : Bureaucracies : Understanding Micromanagers and Control Freaks : Toxic Managers :   Harvard Mafia : Diplomatic Communication : Surviving a Bad Performance Review : Insufficient Retirement Funds as Immanent Problem of Neoliberal Regime : PseudoScience : Who Rules America : Neoliberalism  : The Iron Law of Oligarchy : Libertarian Philosophy

Quotes

War and Peace : Skeptical Finance : John Kenneth Galbraith :Talleyrand : Oscar Wilde : Otto Von Bismarck : Keynes : George Carlin : Skeptics : Propaganda  : SE quotes : Language Design and Programming Quotes : Random IT-related quotesSomerset Maugham : Marcus Aurelius : Kurt Vonnegut : Eric Hoffer : Winston Churchill : Napoleon Bonaparte : Ambrose BierceBernard Shaw : Mark Twain Quotes

Bulletin:

Vol 25, No.12 (December, 2013) Rational Fools vs. Efficient Crooks The efficient markets hypothesis : Political Skeptic Bulletin, 2013 : Unemployment Bulletin, 2010 :  Vol 23, No.10 (October, 2011) An observation about corporate security departments : Slightly Skeptical Euromaydan Chronicles, June 2014 : Greenspan legacy bulletin, 2008 : Vol 25, No.10 (October, 2013) Cryptolocker Trojan (Win32/Crilock.A) : Vol 25, No.08 (August, 2013) Cloud providers as intelligence collection hubs : Financial Humor Bulletin, 2010 : Inequality Bulletin, 2009 : Financial Humor Bulletin, 2008 : Copyleft Problems Bulletin, 2004 : Financial Humor Bulletin, 2011 : Energy Bulletin, 2010 : Malware Protection Bulletin, 2010 : Vol 26, No.1 (January, 2013) Object-Oriented Cult : Political Skeptic Bulletin, 2011 : Vol 23, No.11 (November, 2011) Softpanorama classification of sysadmin horror stories : Vol 25, No.05 (May, 2013) Corporate bullshit as a communication method  : Vol 25, No.06 (June, 2013) A Note on the Relationship of Brooks Law and Conway Law

History:

Fifty glorious years (1950-2000): the triumph of the US computer engineering : Donald Knuth : TAoCP and its Influence of Computer Science : Richard Stallman : Linus Torvalds  : Larry Wall  : John K. Ousterhout : CTSS : Multix OS Unix History : Unix shell history : VI editor : History of pipes concept : Solaris : MS DOSProgramming Languages History : PL/1 : Simula 67 : C : History of GCC developmentScripting Languages : Perl history   : OS History : Mail : DNS : SSH : CPU Instruction Sets : SPARC systems 1987-2006 : Norton Commander : Norton Utilities : Norton Ghost : Frontpage history : Malware Defense History : GNU Screen : OSS early history

Classic books:

The Peter Principle : Parkinson Law : 1984 : The Mythical Man-MonthHow to Solve It by George Polya : The Art of Computer Programming : The Elements of Programming Style : The Unix Hater’s Handbook : The Jargon file : The True Believer : Programming Pearls : The Good Soldier Svejk : The Power Elite

Most popular humor pages:

Manifest of the Softpanorama IT Slacker Society : Ten Commandments of the IT Slackers Society : Computer Humor Collection : BSD Logo Story : The Cuckoo's Egg : IT Slang : C++ Humor : ARE YOU A BBS ADDICT? : The Perl Purity Test : Object oriented programmers of all nations : Financial Humor : Financial Humor Bulletin, 2008 : Financial Humor Bulletin, 2010 : The Most Comprehensive Collection of Editor-related Humor : Programming Language Humor : Goldman Sachs related humor : Greenspan humor : C Humor : Scripting Humor : Real Programmers Humor : Web Humor : GPL-related Humor : OFM Humor : Politically Incorrect Humor : IDS Humor : "Linux Sucks" Humor : Russian Musical Humor : Best Russian Programmer Humor : Microsoft plans to buy Catholic Church : Richard Stallman Related Humor : Admin Humor : Perl-related Humor : Linus Torvalds Related humor : PseudoScience Related Humor : Networking Humor : Shell Humor : Financial Humor Bulletin, 2011 : Financial Humor Bulletin, 2012 : Financial Humor Bulletin, 2013 : Java Humor : Software Engineering Humor : Sun Solaris Related Humor : Education Humor : IBM Humor : Assembler-related Humor : VIM Humor : Computer Viruses Humor : Bright tomorrow is rescheduled to a day after tomorrow : Classic Computer Humor

The Last but not Least Technology is dominated by two types of people: those who understand what they do not manage and those who manage what they do not understand ~Archibald Putt. Ph.D


Copyright © 1996-2021 by Softpanorama Society. www.softpanorama.org was initially created as a service to the (now defunct) UN Sustainable Development Networking Programme (SDNP) without any remuneration. This document is an industrial compilation designed and created exclusively for educational use and is distributed under the Softpanorama Content License. Original materials copyright belong to respective owners. Quotes are made for educational purposes only in compliance with the fair use doctrine.

FAIR USE NOTICE This site contains copyrighted material the use of which has not always been specifically authorized by the copyright owner. We are making such material available to advance understanding of computer science, IT technology, economic, scientific, and social issues. We believe this constitutes a 'fair use' of any such copyrighted material as provided by section 107 of the US Copyright Law according to which such material can be distributed without profit exclusively for research and educational purposes.

This is a Spartan WHYFF (We Help You For Free) site written by people for whom English is not a native language. Grammar and spelling errors should be expected. The site contain some broken links as it develops like a living tree...

You can use PayPal to to buy a cup of coffee for authors of this site

Disclaimer:

The statements, views and opinions presented on this web page are those of the author (or referenced source) and are not endorsed by, nor do they necessarily reflect, the opinions of the Softpanorama society. We do not warrant the correctness of the information provided or its fitness for any purpose. The site uses AdSense so you need to be aware of Google privacy policy. You you do not want to be tracked by Google please disable Javascript for this site. This site is perfectly usable without Javascript.

Last modified: March 12, 2019