29.4 ÍøÂçÐÅÏ¢·þÎñ (NIS/YP)

Written by Bill Swingle. Enhanced by Eric Ogren ºÍ Udo Erdelhoff.

29.4.1 ËüÊÇʲô£¿

¡¡¡¡NIS£¬ ±íÊ¾ÍøÂçÐÅÏ¢·þÎñ (Network Information Services)£¬ ×î³õÓÉ Sun Microsystems ¿ª·¢£¬ ÓÃÓÚ UNIX® (×î³õÊÇ SunOS") ϵͳµÄ¼¯ÖйÜÀí¡£ Ŀǰ£¬ Ëü»ù±¾ÉÏÒѾ­³ÉΪÁËÒµ½ç±ê×¼£» ËùÓÐÖ÷Á÷µÄÀà UNIX ϵͳ (Solaris", HP-UX, AIX®, Linux, NetBSD, OpenBSD, FreeBSD, µÈµÈ) ¶¼Ö§³Ö NIS¡£

¡¡¡¡NIS Ò²¾ÍÊÇÈËÃÇËùÊìÖªµÄ»ÆÒ³(Yellow Pages)£¬ µ«ÓÉÓÚÉ̱êµÄÎÊÌ⣬ Sun ½«Æä¸ÄÃûΪÏÖÔÚµÄÃû×Ö¡£ ¾ÉµÄÊõÓï (ÒÔ¼° yp)£¬ ÈÔÈ»¾­³£¿ÉÒÔ¿´µ½£¬ ²¢±»¹ã·ºÊ¹Óá£

¡¡¡¡ÕâÊÇÒ»¸ö»ùÓÚ RPC µÄ¿Í»§»ú/·þÎñÆ÷ϵͳ£¬ ËüÔÊÐíÔÚÒ»¸ö NIS ÓòÖеÄÒ»×é»úÆ÷¹²ÏíһϵÁÐÅäÖÃÎļþ¡£ ÕâÑù£¬ ϵͳ¹ÜÀíÔ±¾Í¿ÉÒÔÅäÖÃÖ»°üº¬×î»ù±¾ÅäÖÃÊý¾ÝµÄ NIS ¿Í»§»úϵͳ£¬ ²¢ÔÚµ¥µãÉÏÔö¼Ó¡¢ ɾ³ý»òÐÞ¸ÄÅäÖÃÊý¾Ý¡£

¡¡¡¡¾¡¹ÜʵÏÖµÄÄÚ²¿Ï¸½Ú½ØÈ»²»Í¬£¬ ÕâºÍ Windows NT® Óòϵͳ·Ç³£ÀàËÆ£¬ ÒÔÖÁÓÚ¿ÉÒÔ½«Á½ÕߵĻù±¾¹¦ÄÜÏ໥Àà±È¡£

29.4.2 ÄúÓ¦¸ÃÖªµÀµÄÊõÓïºÍ½ø³Ì

¡¡¡¡ÓÐһϵÁÐÊõÓïºÍÖØÒªµÄÓû§½ø³Ì½«ÔÚÄúÔÚ FreeBSD ÉÏʵÏÖ NIS ʱÓõ½£¬ ÎÞÂÛÊÇÔÚ´´½¨ NIS ·þÎñÆ÷£¬ »ò×÷Ϊ NIS ¿Í»§»ú£º

ÊõÓï ˵Ã÷
NIS ÓòÃû NIS Ö÷·þÎñÆ÷ºÍËùÓÐÆä¿Í»§»ú (°üÀ¨´Ó·þÎñÆ÷) »áʹÓÃͬһ NIS ÓòÃû¡£ ºÍ Windows NT ÓòÃûÀàËÆ£¬ NIS ÓòÃûÓë DNS Î޹ء£
rpcbind ±ØÐëÔËÐÐÕâ¸ö³ÌÐò£¬ ²ÅÄܹ»ÆôÓà RPC (Ô¶³Ì¹ý³Ìµ÷Ó㬠NIS Óõ½µÄÒ»ÖÖÍøÂçЭÒé)¡£ Èç¹ûûÓÐÔËÐÐ rpcbind£¬ ÔòûÓа취ÔËÐÐ NIS ·þÎñÆ÷£¬ »ò×÷Ϊ NIS ¿Í»§»ú¡£
ypbind ¡°°ó¶¨(bind)¡± NIS ¿Í»§»úµ½ËüµÄ NIS ·þÎñÆ÷ÉÏ¡£ ÕâÑù£¬ Ëü½«´ÓϵͳÖлñÈ¡ NIS ÓòÃû£¬ ²¢Ê¹Óà RPC Á¬½Óµ½·þÎñÆ÷ÉÏ¡£ ypbind ÊÇ NIS »·¾³ÖУ¬ ¿Í»§»ú-·þÎñÆ÷ͨѶµÄºËÐÄ£» Èç¹û¿Í»§»úÉ쵀 ypbind ËÀµôµÄ»°£¬ Ëü½«ÎÞ·¨·ÃÎÊ NIS ·þÎñÆ÷¡£
ypserv Ö»Ó¦ÔÚ NIS ·þÎñÆ÷ÉÏÔËÐÐËü£» ÕâÊÇ NIS µÄ·þÎñÆ÷½ø³Ì¡£ Èç¹û ypserv(8) ËÀµôµÄ»°£¬ Ôò·þÎñÆ÷½«²»ÔÙ¾ßÓÐÏìÓ¦ NIS ÇëÇóµÄÄÜÁ¦ (´Ëʱ£¬ Èç¹ûÓдӷþÎñÆ÷µÄ»°£¬ Ôò»á½Ó¹Ü²Ù×÷)¡£ ÓÐһЩ NIS µÄʵÏÖ (µ«²»ÊÇ FreeBSD µÄÕâ¸ö) µÄ¿Í»§»úÉÏ£¬ Èç¹û֮ǰÓùýÒ»¸ö·þÎñÆ÷£¬ ¶øÄÇ̨·þÎñÆ÷ËÀµôµÄ»°£¬ ²¢²»³¢ÊÔÖØÐÂÁ¬½Óµ½ÁíÒ»¸ö·þÎñÆ÷¡£ ͨ³££¬ ·¢ÉúÕâÖÖÇé¿öʱ£¬ ΨһµÄ°ì·¨¾ÍÊÇÖØÐÂÆô¶¯·þÎñÆ÷½ø³Ì (»òÕߣ¬ ÉõÖÁÖØÐÂÆô¶¯·þÎñÆ÷) »ò¿Í»§»úÉ쵀 ypbind ½ø³Ì¡£
rpc.yppasswdd ÁíÒ»¸öÖ»Ó¦ÔÚ NIS Ö÷·þÎñÆ÷ÉÏÔËÐеĽø³Ì£» ÕâÊÇÒ»¸ö·þÎñ³ÌÐò£¬ Æä×÷ÓÃÊÇÔÊÐí NIS ¿Í»§»ú¸Ä±äËüÃÇµÄ NIS ¿ÚÁî¡£ Èç¹ûûÓÐÔËÐÐÕâ¸ö·þÎñ£¬ Óû§½«±ØÐëµÇ¼µ½ NIS Ö÷·þÎñÆ÷ÉÏ£¬ ²¢ÔÚÄÇÀïÐ޸ĿÚÁî¡£

29.4.3 ËüÊÇÈçºÎ¹¤×÷µÄ£¿

¡¡¡¡ÔÚ NIS »·¾³ÖУ¬ ÓÐÈýÖÖÀàÐ͵ÄÖ÷»ú£º Ö÷·þÎñÆ÷£¬ ´Ó·þÎñÆ÷£¬ ÒÔ¼°¿Í»§»ú¡£ ·þÎñÆ÷µÄ×÷ÓÃÊdz䵱Ö÷»úÅäÖÃÐÅÏ¢µÄÖÐÑëÊý¾Ý¿â¡£ Ö÷·þÎñÆ÷Éϱ£´æ×ÅÕâЩÐÅÏ¢µÄȨÍþ¸±±¾£¬ ¶ø´Ó·þÎñÆ÷ÔòÊDZ£´æÕâЩÐÅÏ¢µÄÈßÓั±¾¡£ ¿Í»§»úÒÀÀµÓÚ·þÎñÆ÷ÏòËüÃÇÌṩÕâЩÐÅÏ¢¡£

¡¡¡¡Ðí¶àÎļþµÄÐÅÏ¢¿ÉÒÔͨ¹ýÕâÖÖ·½Ê½À´¹²Ïí¡£ ͨ³£Çé¿öÏ£¬ master.passwd¡¢ group£¬ ÒÔ¼° hosts ÊÇͨ¹ý NIS ·Ö·¢µÄ¡£ ÎÞÂÛʲôʱºò£¬ Èç¹û¿Í»§»úÉϵÄij¸ö½ø³ÌÇëÇóÕâЩ±¾Ó¦ÔÚ±¾µØµÄÎļþÖеÄ×ÊÁϵÄʱºò£¬ Ëü¶¼»áÏòËù°ó¶¨µÄ NIS ·þÎñÆ÷·¢³öÇëÇó£¬ ¶ø²»Ê¹Óñ¾µØµÄ°æ±¾¡£

29.4.3.1 »úÆ÷ÀàÐÍ

  • һ̨ NIS Ö÷·þÎñÆ÷¡£ Õą̂·þÎñÆ÷£¬ ºÍ Windows NT Óò¿ØÖÆÆ÷ÀàËÆ£¬ »áά»¤ËùÓÐ NIS ¿Í»§»úËùʹÓõÄÎļþ¡£ passwd£¬ group£¬ ÒÔ¼°Ðí¶àÆäËû NIS ¿Í»§»úËùʹÓõÄÎļþ£¬ ¶¼±»´æ·Åµ½Ö÷·þÎñÆ÷ÉÏ¡£

    ×¢Òâ: ¿ÉÒÔ½«Ò»Ì¨ NIS Ö÷·þÎñÆ÷ÓÃÔÚ¶à¸ö NIS ÓòÖС£ È»¶ø£¬ ±¾Êé²»´òËã¶ÔÕâÖÖÅäÖýøÐнéÉÜ£¬ ÒòΪÕâÖÖÅäÖ㬠ͨ³£Ö»³öÏÖÔÚС¹æÄ£µÄ NIS »·¾³ÖС£

  • NIS ´Ó·þÎñÆ÷¡£ ÕâÒ»¸ÅÄ Óë Windows NT µÄ±¸·ÝÓò¿ØÖÆÆ÷ÀàËÆ¡£ NIS ´Ó·þÎñÆ÷£¬ ÓÃÓÚά»¤ NIS Ö÷·þÎñÆ÷µÄÊý¾ÝÎļþ¸±±¾¡£ NIS ´Ó·þÎñÆ÷ÌṩÁËÒ»ÖÖÈßÓ࣬ ÕâÔÚÐí¶àÖØÒªµÄ»·¾³ÖÐÊDZØÐèµÄ¡£ ´ËÍ⣬ ËüÒ²°ïÖú¼õÇáÁËÖ÷·þÎñÆ÷µÄ¸ººÉ£º NIS ¿Í»§»ú×ÜÊǹҽӵ½×îÏÈÏìÓ¦ËüÃÇµÄ NIS ·þÎñÆ÷ÉÏ£¬ ¶øÕâÒ²°üÀ¨À´×Ô´Ó·þÎñÆ÷µÄÏìÓ¦¡£

  • NIS ¿Í»§»ú¡£ NIS ¿Í»§»ú£¬ ºÍ¶àÊý Windows NT ¹¤×÷Õ¾ÀàËÆ£¬ ͨ¹ý NIS ·þÎñÆ÷ (»ò¶ÔÓÚ Windows NT ¹¤×÷Õ¾£¬ ÔòÊÇ Windows NT Óò¿ØÖÆÆ÷) À´Íê³ÉµÇ¼ʱµÄÉí·ÝÑéÖ¤¹ý³Ì¡£

29.4.4 ʹÓà NIS/YP

¡¡¡¡ÕâÒ»½Ú½«Í¨¹ýʵÀý½éÉÜÈçºÎÅäÖà NIS »·¾³¡£

29.4.4.1 ¹æ»®

¡¡¡¡¼Ù¶¨ÄúÕýÔÚ¹ÜÀí´óѧÖеÄÒ»¸öСÐÍʵÑéÊÒ¡£ ÔÚÕâ¸öʵÑéÊÒÖУ¬ ÓÐ 15 ̨ FreeBSD »úÆ÷£¬ ĿǰÉÐûÓм¯ÖеĹÜÀíµã£» ÿһ̨»úÆ÷ÉÏÓÐ×Ô¼ºµÄ /etc/passwd ºÍ /etc/master.passwd¡£ ÕâЩÎļþͨ¹ýÈ˹¤¸ÉÔ¤µÄ·½·¨À´±£³ÖÓëÆäËû»úÆ÷Éϰ汾µÄͬ²½£» Ŀǰ£¬ Èç¹ûÄúÔÚʵÑéÊÒÖÐÔö¼ÓÒ»¸öÓû§£¬ ½«²»µÃ²»ÔÚËùÓÐ 15 ̨»úÆ÷ÉÏÊÖ¹¤Ö´ÐÐ adduser ÃüÁî¡£ ÎãÓ¹ÖÃÒÉ£¬ ÕâÒ»ÏÖ×´±ØÐë¸Ä±ä£¬ Òò´ËÄú¾ö¶¨½«Õû¸öʵÑéÊÒתΪʹÓà NIS£¬ ²¢Ê¹ÓÃÁ½Ì¨»úÆ÷×÷Ϊ·þÎñÆ÷¡£

¡¡¡¡Òò´Ë£¬ ʵÑéÊÒµÄÅäÖÃÓ¦¸ÃÊÇÕâÑùµÄ£º

»úÆ÷Ãû IP µØÖ· »úÆ÷µÄ½ÇÉ«
ellington 10.0.0.2 NIS Ö÷·þÎñÆ÷
coltrane 10.0.0.3 NIS ´Ó·þÎñÆ÷
basie 10.0.0.4 ½ÌÔ±¹¤×÷Õ¾
bird 10.0.0.5 ¿Í»§»ú
cli[1-11] 10.0.0.[6-17] ÆäËû¿Í»§»ú

¡¡¡¡Èç¹ûÄúÊÇÊ×´ÎÅäÖà NIS£¬ ×Ðϸ˼¿¼ÈçºÎ½øÐй滮¾ÍÊ®·ÖÖØÒª¡£ ÎÞÂÛÄúµÄÍøÂçµÄ´óСÈçºÎ£¬ ¶¼±ØÐë½øÐм¸¸ö¾ö²ß¡£

29.4.4.1.1 Ñ¡Ôñ NIS ÓòÃû

¡¡¡¡Õâ¿ÉÄܲ»ÊÇÄú¹ýȥʹÓÃµÄ ¡°ÓòÃû(domainname)¡±¡£ ËüµÄ¹æ·¶µÄ½Ð·¨£¬ Ó¦¸ÃÊÇ ¡°NIS ÓòÃû¡±¡£ µ±¿Í»§»ú¹ã²¥¶Ô´ËÐÅÏ¢µÄÇëÇóʱ£¬ Ëü»á½« NIS ÓòµÄÃû×Ö×÷ΪÇëÇóµÄÒ»²¿·Ö·¢³ö¡£ ÕâÑù£¬ Í³Ò»ÍøÂçÉϵĶà¸ö·þÎñÆ÷£¬ ¾ÍÄܹ»ÖªµÀË­Ó¦¸Ã»ØÓ¦ÇëÇó¡£ Äú¿ÉÒÔ°Ñ NIS ÓòÃûÏëÏó³ÉÒÔijÖÖ·½Ê½Ïà¹ØµÄÒ»×éÖ÷»úµÄÃû×Ö¡£

¡¡¡¡Ò»Ð©»ú¹¹»áÑ¡ÔñʹÓÃËüÃÇµÄ Internet ÓòÃûÀ´×÷Ϊ NIS ÓòÃû¡£ ²¢²»ÍƼöÕâÑù×ö£¬ ÒòΪÔÚµ÷ÊÔÍøÂçÎÊÌâʱ£¬ Õâ¿ÉÄܻᵼÖ²»±ØÒªµÄÀ§ÈÅ¡£ NIS ÓòÃûÓ¦¸ÃÊÇÔÚÄúÍøÂçÉÏΨһµÄ£¬ ²¢ÇÒÓÐÖúÓÚÁ˽âËüËùÃèÊöµÄµ½µ×ÊÇÄÄÒ»×é»úÆ÷¡£ ÀýÈç¶ÔÓÚ Acme ¹«Ë¾µÄÃÀ¹¤²¿ÃÅ£¬ ¿ÉÒÔ¿¼ÂÇʹÓà ¡°acme-art¡± ÕâÑùµÄ NIS ÓòÃû¡£ ÔÚÕâ¸öÀý×ÓÖУ¬ ÄúʹÓõÄÓòÃûÊÇ test-domain¡£

¡¡¡¡È»¶ø£¬ ijЩ²Ù×÷ϵͳ (×îÖøÃûµÄÊÇ SunOS) »áʹÓÃÆä NIS ÓòÃû×÷Ϊ Internet ÓòÃû¡£ Èç¹ûÄúµÄÍøÂçÉÏ´æÔÚ°üº¬ÕâÀàÏÞÖÆµÄ»úÆ÷£¬ ¾Í ±ØÐë ʹÓà Internet ÓòÃûÀ´×÷ΪÄúµÄ NIS ÓòÃû¡£

29.4.4.1.2 ·þÎñÆ÷µÄÎïÀíÒªÇó

¡¡¡¡Ñ¡Ôñ NIS ·þÎñÆ÷ʱ£¬ ÐèҪʱ¿ÌÀμÇһЩ¶«Î÷¡£ NIS µÄÒ»¸ö²»Ì«ºÃµÄÌØÐÔ¾ÍÊÇÆä¿Í»§»ú¶ÔÓÚ·þÎñÆ÷µÄÒÀÀµ³Ì¶È¡£ Èç¹û¿Í»§»úÎÞ·¨ÓëÆä NIS ÓòµÄ·þÎñÆ÷ÁªÏµ£¬ ÔòÕą̂»úÆ÷ͨ³£»áÏÝÓÚ²»¿ÉÓõÄ״̬¡£ ȱÉÙÓû§ºÍ×éÐÅÏ¢£¬ »áʹ¾ø´ó¶àÊýϵͳ½øÈë¶ÌÔݵͳ½á״̬¡£ »ùÓÚÕâÑùµÄ¿¼ÂÇ£¬ ÄúÐèҪѡÔñһ̨²»¾­³£ÖØÐÂÆô¶¯£¬ »òÓÃÓÚ¿ª·¢µÄ»úÆ÷À´³Ðµ£ÆäÔðÈΡ£ Èç¹ûÄúµÄÍøÂ粻̫棬 Ò²¿ÉÒÔʹÓÃÔËÐÐ×ÅÆäËû·þÎñµÄ»úÆ÷À´°²·Å NIS ·þÎñ£¬ Ö»ÊÇÐèҪעÒ⣬ Ò»µ© NIS ·þÎñÆ÷²»¿ÉÓ㬠Ôò ËùÓÐ µÄ NIS ¿Í»§»ú¶¼»áÊܵ½Ó°Ïì¡£

29.4.4.2 NIS ·þÎñÆ÷

¡¡¡¡ËùÓÐµÄ NIS ÐÅÏ¢µÄÕý¹æ°æ±¾£¬ ¶¼±»±£´æÔÚһ̨µ¥¶ÀµÄ³Æ×÷ NIS Ö÷·þÎñÆ÷µÄ»úÆ÷ÉÏ¡£ ÓÃÓÚ±£´æÕâЩÐÅÏ¢µÄÊý¾Ý¿â£¬ ³ÆÎª NIS Ó³Éä(map)¡£ ÔÚ FreeBSD ÖУ¬ ÕâЩӳÉä±»±£´æÔÚ /var/yp/[domainname] À ÆäÖÐ [domainname] ÊÇÌṩ·þÎñµÄ NIS ÓòµÄÃû×Ö¡£ һ̨ NIS ·þÎñÆ÷£¬ ¿ÉÒÔͬʱ֧³Ö¶à¸öÓò£¬ Òò´Ë¿ÉÒÔ½¨Á¢ºÜ¶àÕâÑùµÄĿ¼£¬ ËùÖ§³ÅÒ»¸öÓò¶ÔÓ¦Ò»¸ö¡£ ÿһ¸öÓò¶¼»áÓÐÒ»×é¶ÀÁ¢µÄÓ³Éä¡£

¡¡¡¡NIS Ö÷ºÍ´Ó·þÎñÆ÷£¬ ͨ¹ý ypserv ·þÎñ³ÌÐòÀ´´¦ÀíËùÓÐµÄ NIS ÇëÇó¡£ ypserv ÓÐÔðÈνÓÊÕÀ´×Ô NIS ¿Í»§»úµÄÇëÇó£¬ ·­ÒëÇëÇóµÄÓò£¬ ²¢½«Ãû×ÖÓ³ÉäΪÏà¹ØµÄÊý¾Ý¿âÎļþµÄ·¾¶£¬ È»ºó½«À´×ÔÊý¾Ý¿âµÄÊý¾Ý´«»Ø¿Í»§»ú¡£

29.4.4.2.1 ÅäÖà NIS Ö÷·þÎñÆ÷

¡¡¡¡ÅäÖÃÖ÷ NIS ·þÎñÆ÷Ïà¶Ô¶øÑÔÊ®·ÖµÄ¼òµ¥£¬ ¶øÆä¾ßÌå²½ÖèÔòÈ¡¾öÓÚÄúµÄÐèÒª¡£ FreeBSD ÌṩÁËÒ»²½µ½Î»µÄ NIS Ö§³Ö¡£ ÄúÐèÒª×öµÄÈ«²¿ÊÂÇ飬 Ö»ÊÇÔÚ /etc/rc.conf ÖмÓÈëһЩÅäÖ㬠ÆäËû¹¤×÷»áÓÉ FreeBSD Íê³É¡£

  1. nisdomainname="test-domain"
    
    ÕâÒ»Ðн«ÔÚÍøÂçÆô¶¯ (ÀýÈçÖØÐÂÆô¶¯) ʱ£¬ °Ñ NIS ÓòÃûÅäÖÃΪ test-domain¡£
  2. nis_server_enable="YES"
    
    Õ⽫ҪÇó FreeBSD ÔÚÍøÂç×ÓϵͳÆô¶¯Ö®ºóÁ¢¼´Æô¶¯ NIS ·þÎñ½ø³Ì¡£
  3. nis_yppasswdd_enable="YES"
    
    Õ⽫ÆôÓà rpc.yppasswdd ·þÎñ³ÌÐò£¬ ÈçÇ°ÃæÌáµ½µÄ£¬ ËüÔÊÐíÓû§ÔÚ¿Í»§»úÉÏÐÞ¸Ä×Ô¼ºµÄ NIS ¿ÚÁî¡£

×¢Òâ: Ëæ NIS ÅäÖõIJ»Í¬£¬ ¿ÉÄÜ»¹ÐèÒªÔö¼ÓÆäËûһЩÏîÄ¿¡£ Çë²Î¼û ¹ØÓÚ NIS ·þÎñÆ÷ͬʱ³äµ± NIS ¿Í»§»ú ÕâÒ»½Ú£¬ ÒÔÁË½â½øÒ»²½µÄÇé¿ö¡£

¡¡¡¡ÉèÖúÃÇ°ÃæÕâЩÅäÖÃÖ®ºó£¬ ÐèÒªÒÔ³¬¼¶Óû§Éí·ÝÔËÐÐ /etc/netstart ÃüÁî¡£ Ëü»á¸ù¾Ý /etc/rc.conf µÄÉèÖÃÀ´ÅäÖÃϵͳÖÐµÄÆäËû²¿·Ö¡£ ×îºó£¬ ÔÚ³õʼ»¯ NIS Ó³Éä֮ǰ£¬ »¹ÐèÒªÊÖ¹¤Æô¶¯ ypserv ·þÎñ³ÌÐò£º

# /etc/rc.d/ypserv start

29.4.4.2.2 ³õʼ»¯ NIS Ó³Éä

¡¡¡¡NIS Ó³Éä ÊÇһЩÊý¾Ý¿âÎļþ£¬ ËüÃÇλÓÚ /var/yp Ŀ¼ÖС£ ÕâЩÎļþ»ù±¾É϶¼ÊǸù¾Ý NIS Ö÷·þÎñÆ÷µÄ /etc Ŀ¼×Ô¶¯Éú³ÉµÄ£¬ ΨһµÄÀýÍâÊÇ£º /etc/master.passwd Îļþ¡£ Ò»°ãÀ´Ëµ£¬ Äú»áÓзdz£³ä·ÖµÄÀíÓɲ»½« root ÒÔ¼°ÆäËû¹ÜÀíÕʺŵĿÚÁî·¢µ½ËùÓÐ NIS ÓòÉϵķþÎñÆ÷ÉÏ¡£ Òò´Ë£¬ ÔÚ¿ªÊ¼³õʼ»¯ NIS Ó³Éä֮ǰ£¬ ÎÒÃÇÓ¦¸Ã£º

# cp /etc/master.passwd /var/yp/master.passwd
# cd /var/yp
# vi master.passwd

¡¡¡¡ÕâÀ ɾ³ýµôºÍϵͳÓйصÄÕʺŶÔÓ¦µÄÏî (bin¡¢ tty¡¢ kmem¡¢ games£¬ µÈµÈ)£¬ ÒÔ¼°ÆäËû²»Ï£Íû±»À©É¢µ½ NIS ¿Í»§»úµÄÕʺŠ(ÀýÈç root ºÍÈÎºÎÆäËû UID 0 (³¬¼¶Óû§) µÄÕʺÅ)¡£

×¢Òâ: È·ÈÏ /var/yp/master.passwd Õâ¸öÎļþÊÇͬ×éÓû§£¬ ÒÔ¼°ÆäËûÓû§²»¿É¶ÁµÄ (ģʽ 600)£¡ Èç¹ûÐèÒªµÄ»°£¬ Óà chmod ÃüÁîÀ´¸ÄËü¡£

¡¡¡¡Íê³ÉÕâЩ¹¤×÷Ö®ºó£¬ ¾Í¿ÉÒÔ³õʼ»¯ NIS Ó³ÉäÁË£¡ FreeBSD ÌṩÁËÒ»¸öÃûΪ ypinit µÄ½Å±¾À´°ïÖúÄúÍê³ÉÕâÏ×÷ (ÏêϸÐÅÏ¢£¬ Çë¼ûÆäÁª»úÊÖ²á)¡£ Çë×¢Ò⣬ Õâ¸ö½Å±¾ÔÚ¾ø´ó¶àÊý UNIX ²Ù×÷ϵͳÉ϶¼¿ÉÒÔÕÒµ½£¬ µ«²¢²»ÊÇËùÓвÙ×÷ϵͳµÄ¶¼Ìṩ¡£ ÔÚ Digital UNIX/Compaq Tru64 UNIX ÉÏËüµÄÃû×ÖÊÇ ypsetup¡£ ÓÉÓÚÎÒÃÇÕýÔÚÉú³ÉµÄÊÇ NIS Ö÷·þÎñÆ÷µÄÓ³É䣬 Òò´ËÓ¦¸ÃʹÓà ypinit µÄ -m ²ÎÊý¡£ Èç¹ûÒѾ­Íê³ÉÁËÉÏÊö²½Ö裬 ÒªÉú³É NIS Ó³É䣬 Ö»ÐèÖ´ÐУº

ellington# ypinit -m test-domain
Server Type: MASTER Domain: test-domain
Creating an YP server will require that you answer a few questions.
Questions will all be asked at the beginning of the procedure.
Do you want this procedure to quit on non-fatal errors? [y/n: n] n
Ok, please remember to go back and redo manually whatever fails.
If you don't, something might not work.
At this point, we have to construct a list of this domains YP servers.
rod.darktech.org is already known as master server.
Please continue to add any slave servers, one per line. When you are
done with the list, type a <control D>.
master server   :  ellington
next host to add:  coltrane
next host to add:  ^D
The current list of NIS servers looks like this:
ellington
coltrane
Is this correct?  [y/n: y] y

[..output from map generation..]

NIS Map update completed.
ellington has been setup as an YP master server without any errors.

¡¡¡¡ypinit Ó¦¸Ã»á¸ù¾Ý /var/yp/Makefile.dist À´´´½¨ /var/yp/Makefile Îļþ¡£ ´´½¨ÍêÖ®ºó£¬ Õâ¸öÎļþ»á¼Ù¶¨ÄúÕýÔÚ²Ù×÷Ö»ÓÐ FreeBSD »úÆ÷µÄµ¥·þÎñÆ÷ NIS »·¾³¡£ ÓÉÓÚ test-domain »¹ÓÐÒ»¸ö´Ó·þÎñÆ÷£¬ Äú±ØÐë±à¼­ /var/yp/Makefile£º

ellington# vi /var/yp/Makefile

¡¡¡¡Ó¦¸ÃÄܹ»¿´µ½ÕâÑùÒ»ÐУ¬ ÆäÄÚÈÝÊÇ

NOPUSH = "True"

¡¡¡¡(Èç¹û»¹Ã»ÓÐ×¢Ê͵ôµÄ»°)¡£

29.4.4.2.3 ÅäÖà NIS ´Ó·þÎñÆ÷

¡¡¡¡ÅäÖà NIS ´Ó·þÎñÆ÷£¬ ÉõÖÁ±ÈÅäÖÃÖ÷·þÎñÆ÷»¹Òª¼òµ¥¡£ µÇ¼µ½´Ó·þÎñÆ÷ÉÏ£¬ ²¢°´ÕÕÇ°ÃæµÄ·½·¨£¬ ±à¼­ /etc/rc.conf Îļþ¡£ ΨһµÄÇø±ðÊÇ£¬ ÔÚÔËÐÐ ypinit ʱÐèҪʹÓà -s ²ÎÊý¡£ ÕâÀïµÄ -s Ñ¡Ï ͬʱҪÇóÌṩ NIS Ö÷·þÎñÆ÷µÄÃû×Ö£¬ Òò´ËÎÒÃǵÄÃüÁîÐÐÓ¦¸ÃÊÇ£º

coltrane# ypinit -s ellington test-domain

Server Type: SLAVE Domain: test-domain Master: ellington

Creating an YP server will require that you answer a few questions.
Questions will all be asked at the beginning of the procedure.

Do you want this procedure to quit on non-fatal errors? [y/n: n]  n

Ok, please remember to go back and redo manually whatever fails.
If you don't, something might not work.
There will be no further questions. The remainder of the procedure
should take a few minutes, to copy the databases from ellington.
Transferring netgroup...
ypxfr: Exiting: Map successfully transferred
Transferring netgroup.byuser...
ypxfr: Exiting: Map successfully transferred
Transferring netgroup.byhost...
ypxfr: Exiting: Map successfully transferred
Transferring master.passwd.byuid...
ypxfr: Exiting: Map successfully transferred
Transferring passwd.byuid...
ypxfr: Exiting: Map successfully transferred
Transferring passwd.byname...
ypxfr: Exiting: Map successfully transferred
Transferring group.bygid...
ypxfr: Exiting: Map successfully transferred
Transferring group.byname...
ypxfr: Exiting: Map successfully transferred
Transferring services.byname...
ypxfr: Exiting: Map successfully transferred
Transferring rpc.bynumber...
ypxfr: Exiting: Map successfully transferred
Transferring rpc.byname...
ypxfr: Exiting: Map successfully transferred
Transferring protocols.byname...
ypxfr: Exiting: Map successfully transferred
Transferring master.passwd.byname...
ypxfr: Exiting: Map successfully transferred
Transferring networks.byname...
ypxfr: Exiting: Map successfully transferred
Transferring networks.byaddr...
ypxfr: Exiting: Map successfully transferred
Transferring netid.byname...
ypxfr: Exiting: Map successfully transferred
Transferring hosts.byaddr...
ypxfr: Exiting: Map successfully transferred
Transferring protocols.bynumber...
ypxfr: Exiting: Map successfully transferred
Transferring ypservers...
ypxfr: Exiting: Map successfully transferred
Transferring hosts.byname...
ypxfr: Exiting: Map successfully transferred

coltrane has been setup as an YP slave server without any errors.
Don't forget to update map ypservers on ellington.

¡¡¡¡ÏÖÔÚÓ¦¸Ã»áÓÐÒ»¸ö½Ð×ö /var/yp/test-domain µÄĿ¼¡£ ÔÚÕâ¸öĿ¼ÖУ¬ Ó¦¸Ã±£´æ NIS Ö÷·þÎñÆ÷ÉϵÄÓ³ÉäµÄ¸±±¾¡£ ½ÓÏÂÀ´ÐèҪȷ¶¨ÕâЩÎļþ¶¼¼°Ê±µØÍ¬²½¸üÐÂÁË¡£ ÔÚ´Ó·þÎñÆ÷ÉÏ£¬ ÏÂÃæµÄ /etc/crontab Ï°ïÖúÄúÈ·±£ÕâÒ»µã£º

20      *       *       *       *       root   /usr/libexec/ypxfr passwd.byname
21      *       *       *       *       root   /usr/libexec/ypxfr passwd.byuid

¡¡¡¡ÕâÁ½Ðн«Ç¿ÖÆ´Ó·þÎñÆ÷½«Ó³ÉäÓëÖ÷·þÎñÆ÷ͬ²½¡£ ÓÉÓÚÖ÷·þÎñÆ÷»á³¢ÊÔÈ·±£ËùÓÐÆä NIS Ó³ÉäµÄ±ä¶¯¶¼Öª»á´Ó·þÎñÆ÷£¬ Òò´ËÕâЩÏî²¢²»ÊǾø¶Ô±ØÐèµÄ¡£ ²»¹ý£¬ ÓÉÓÚ±£³ÖÆäËû¿Í»§¶ËµÄ¿ÚÁîÐÅÏ¢ÕýÈ·ÐÔÊ®·ÖÖØÒª£¬ ¶øÕâÔòÒÀÀµÓÚ´Ó·þÎñÆ÷£¬ Ç¿ÁÒÍÆ¼öÃ÷È·Ö¸¶¨ÈÃϵͳʱ³£Ç¿ÖƸüпÚÁîÓ³Éä¡£ ¶ÔÓÚ·±Ã¦µÄÍøÂç¶øÑÔ£¬ ÕâÒ»µãÓÈÆäÖØÒª£¬ ÒòΪÓÐʱ¿ÉÄܳöÏÖÓ³Éä¸üв»ÍêÈ«µÄÇé¿ö¡£

¡¡¡¡ÏÖÔÚ£¬ ÔÚ´Ó·þÎñÆ÷ÉÏÖ´ÐÐ /etc/netstart£¬ ¾Í¿ÉÒÔÆô¶¯ NIS ·þÎñÁË¡£

29.4.4.3 NIS ¿Í»§»ú

¡¡¡¡NIS ¿Í»§»ú»áͨ¹ý ypbind ·þÎñ³ÌÐòÀ´ÓëÌØ¶¨µÄ NIS ·þÎñÆ÷½¨Á¢Ò»ÖÖ³Æ×÷°ó¶¨µÄÁªÏµ¡£ ypbind »á¼ì²éϵͳµÄĬÈÏÓò (ÕâÊÇͨ¹ý domainname ÃüÁîÀ´ÉèÖõÄ)£¬ ²¢¿ªÊ¼ÔÚ±¾µØÍøÂçÉϹ㲥 RPC ÇëÇó¡£ ÕâЩÇëÇó»áÖ¸¶¨ ypbind ³¢Ê԰󶨵ÄÓòÃû¡£ Èç¹ûÒѾ­ÅäÖÃÁË·þÎñÆ÷£¬ ²¢ÇÒÕâЩ·þÎñÆ÷½Óµ½Á˹㲥£¬ Ëü½«»ØÓ¦ ypbind£¬ ºóÕßÔò¼Ç¼·þÎñÆ÷µÄµØÖ·¡£ Èç¹ûÓжà¸ö¿ÉÓõķþÎñÆ÷ (ÀýÈçÒ»¸öÖ÷·þÎñÆ÷£¬ ¼ÓÉ϶à¸ö´Ó·þÎñÆ÷)£¬ ypbind ½«Ê¹ÓõÚÒ»¸öÏìÓ¦µÄµØÖ·¡£ ´ÓÕâһʱ¿Ì¿ªÊ¼£¬ ¿Í»§»ú»á°ÑËùÓÐµÄ NIS ÇëÇóÖ±½Ó·¢¸øÄǸö·þÎñÆ÷¡£ ypbind ż¶û»á ¡°ping¡± ·þÎñÆ÷ÒÔÈ·ÈÏÆäÈÔÈ»ÔÚÕý³£ÔËÐС£ Èç¹ûÔÚºÏÀíµÄʱ¼äÄÚûÓеõ½ÏìÓ¦£¬ Ôò ypbind »á°ÑÓò±ê¼ÇΪδ°ó¶¨£¬ ²¢Ôٴη¢Æð¹ã²¥£¬ ÒÔÆÚÕÒµ½Áíһ̨·þÎñÆ÷¡£

29.4.4.3.1 ÉèÖÃ NIS ¿Í»§»ú

¡¡¡¡ÅäÖÃһ̨ FreeBSD »úÆ÷×÷Ϊ NIS ¿Í»§»úÊǷdz£¼òµ¥µÄ¡£

  1. ±à¼­ /etc/rc.conf Îļþ£¬ ²¢ÔÚÆäÖмÓÉÏÏÂÃæ¼¸ÐУ¬ ÒÔÉèÖà NIS ÓòÃû£¬ ²¢ÔÚÍøÂçÆô¶¯Ê±Æô¶¯ ypbind£º

    nisdomainname="test-domain"
    nis_client_enable="YES"
    
  2. Òª´Ó NIS ·þÎñÆ÷µ¼ÈëËùÓеĿÚÁîÏ ÐèÒª´ÓÄúµÄ /etc/master.passwd ÎļþÖÐɾ³ýËùÓÐÓû§£¬ ²¢Ê¹Óà vipw ÔÚÕâ¸öÎļþµÄ×îºóÒ»ÐмÓÈ룺

    +:::::::::
    

    ×¢Òâ: ÕâÒ»Ðн«Èà NFS ·þÎñÆ÷µÄ¿ÚÁîÓ³ÉäÖеÄÕʺÅÄܹ»µÇ¼¡£ Ò²ÓкܶàÐÞ¸ÄÕâÒ»ÐÐÀ´ÅäÖà NIS ¿Í»§»úµÄ°ì·¨¡£ Çë²Î¼ûÉÔºóµÄ netgroups С½Ú ÒÔÁË½â½øÒ»²½µÄÇé¿ö¡£ ÒªÁ˽â¸ü¶àÐÅÏ¢£¬ ¿ÉÒÔ²ÎÔÄ O'Reilly µÄ Managing NFS and NIS Õâ±¾Êé¡£

    ×¢Òâ: ÐèÒªÖÁÉÙ±£ÁôÒ»¸ö±¾µØÕʺŠ(Ò²¾ÍÊDz»Í¨¹ý NIS µ¼Èë) ÔÚÄúµÄ /etc/master.passwd ÎļþÖУ¬ ¶øÕâ¸öÕʺÅÓ¦¸ÃÊÇ wheel ×éµÄ³ÉÔ±¡£ Èç¹û NIS ·¢Éú²»²â£¬ Õâ¸öÕʺſÉÒÔÓÃÀ´Ô¶³ÌµÇ¼£¬ ³ÉΪ root£¬ ²¢ÐÞÕýÎÊÌâ¡£

  3. Òª´Ó NIS ·þÎñÆ÷Éϵ¼Èë×éÐÅÏ¢£¬ ÐèÒªÔÚ /etc/group Îļþĩβ¼ÓÈ룺

    +:*::
    

¡¡¡¡ÏëÒªÁ¢¼´Æô¶¯ NIS ¿Í»§¶Ë£¬ ÐèÒªÒÔ³¬¼¶Óû§Éí·ÝÔËÐÐÖ´ÐÐÏÂÁÐÃüÁ

# /etc/netstart
# /etc/rc.d/ypbind start

¡¡¡¡Íê³ÉÕâЩ²½ÖèÖ®ºó£¬ ¾ÍÓ¦¸Ã¿ÉÒÔͨ¹ýÔËÐÐ ypcat passwd À´¿´µ½ NIS ·þÎñÆ÷µÄ¿ÚÁîÓ³ÉäÁË¡£

29.4.5 NIS µÄ°²È«ÐÔ

¡¡¡¡»ù±¾ÉÏ£¬ ÈκÎÔ¶³ÌÓû§¶¼¿ÉÒÔ·¢ÆðÒ»¸ö RPC µ½ ypserv(8) ²¢»ñµÃÄúµÄ NIS Ó³ÉäµÄÄÚÈÝ£¬ Èç¹ûÔ¶³ÌÓû§Á˽âÄúµÄÓòÃûµÄ»°¡£ Òª±ÜÃâÕâÀàδ¾­ÊÚȨµÄ·ÃÎÊ£¬ ypserv(8) Ö§³ÖÒ»¸ö³ÆÎª ¡°securenets¡± µÄÌØÐÔ£¬ ÓÃÒÔ½«·ÃÎÊÏÞÖÆÔÚÒ»×éÌØ¶¨µÄ»úÆ÷ÉÏ¡£ ÔÚÆô¶¯¹ý³ÌÖУ¬ ypserv(8) »á³¢ÊÔ´Ó /var/yp/securenets ÖмÓÔØ securenet ÐÅÏ¢¡£

×¢Òâ: Õâ¸ö·¾¶Ëæ -p ²ÎÊý¸Ä±ä¡£ Õâ¸öÎļþ°üº¬ÁËһЩÏ ÿһÏîÖаüº¬ÁËÒ»¸öÍøÂç±êʶºÍ×ÓÍøÑÚÂ룬 ÖмäÓÿոñ·Ö¿ª¡£ ÒÔ ¡°#¡± ¿ªÍ·µÄÐлᱻÈÏΪÊÇ×¢ÊÍ¡£ ʾ·¶µÄ securenets ÎļþÈçÏÂËùʾ£º

# allow connections from local host -- mandatory
127.0.0.1     255.255.255.255
# allow connections from any host
# on the 192.168.128.0 network
192.168.128.0 255.255.255.0
# allow connections from any host
# between 10.0.0.0 to 10.0.15.255
# this includes the machines in the testlab
10.0.0.0      255.255.240.0

¡¡¡¡Èç¹û ypserv(8) ½Óµ½ÁËÀ´×ÔÆ¥ÅäÉÏÊöÈÎÒ»¹æÔòµÄµØÖ·µÄÇëÇó£¬ ÔòËü»áÕý³£´¦ÀíÇëÇó¡£ ·´Ö®£¬ ÔòÇëÇ󽫱»ºöÂÔ£¬ ²¢¼Ç¼һÌõ¾¯¸æÐÅÏ¢¡£ Èç¹û /var/yp/securenets Îļþ²»´æÔÚ£¬ Ôò ypserv »áÔÊÐíÀ´×ÔÈÎÒâÖ÷»úµÄÇëÇó¡£

¡¡¡¡ypserv ³ÌÐòÒ²Ö§³Ö Wietse Venema µÄ TCP Wrapper Èí¼þ°ü¡£ ÕâÑù£¬ ¹ÜÀíÔ±¾ÍÄܹ»Ê¹Óà TCP Wrapper µÄÅäÖÃÎļþÀ´´úÌæ /var/yp/securenets Íê³É·ÃÎÊ¿ØÖÆ¡£

×¢Òâ: ¾¡¹ÜÕâÁ½ÖÖ·ÃÎÊ¿ØÖÆ»úÖÆ¶¼Äܹ»ÌṩijÖ̶ֳȵݲȫ£¬ µ«ÊÇ£¬ ºÍÌØÈ¨¶Ë¿Ú¼ì²éÒ»Ñù£¬ ËüÃÇÎÞ·¨±ÜÃâ ¡°IP αÔ족 ¹¥»÷¡£ ÄúµÄ·À»ðǽӦ¸Ã×èÖ¹ËùÓÐÓë NIS ÓйصķÃÎÊ¡£

ʹÓà /var/yp/securenets µÄ·þÎñÆ÷£¬ ¿ÉÄÜ»áÎÞ·¨ÎªÄ³Ð©Ê¹ÓÃ³Â¾ÉµÄ TCP/IP ʵÏÖµÄ NIS ¿Í»§»ú·þÎñ¡£ ÕâЩʵÏÖ¿ÉÄÜ»áÔڹ㲥ʱ£¬ ½«Ö÷»úλ¶¼ÉèÖÃΪ 0£¬ »òÔÚ¼ÆËã¹ã²¥µØÖ·Ê±ºöÂÔ×ÓÍøÑÚÂë¡£ ¾¡¹ÜÕâЩÎÊÌâ¿ÉÒÔͨ¹ýÐ޸Ŀͻ§»úµÄÅäÖÃÀ´½â¾ö£¬ ÆäËûһЩÎÊÌâÒ²¿ÉÄܵ¼Ö²»µÃ²»ÌÔÌ­ÄÇЩ¿Í»§»úϵͳ£¬ »òÕß²»Ê¹Óà /var/yp/securenets¡£

ÔÚʹÓÃ³Â¾ÉµÄ TCP/IP ʵÏÖµÄϵͳÉÏ£¬ ʹÓà /var/yp/securenets ÊÇÒ»¸ö·Ç³£Ôã¸âµÄ×ö·¨£¬ ÒòΪÕ⽫µ¼ÖÂÄúµÄÍøÂçÉ쵀 NIS ɥʧ´ó²¿·Ö¹¦ÄÜ¡£

ʹÓà TCP Wrapper Èí¼þ°ü£¬ »áµ¼ÖÂÄúµÄ NIS ·þÎñÆ÷µÄÏìÓ¦ÑÓ³ÙÔö¼Ó¡£ ¶øÔö¼ÓµÄÑÓ³Ù£¬ Ôò¿ÉÄܻᵼÖ¿ͻ§¶Ë³ÌÐò³¬Ê±£¬ ÌØ±ðÊÇÔÚ·±Ã¦µÄÍøÂç»òÕߺÜÂýµÄ NIS ·þÎñÆ÷ÉÏ¡£ Èç¹ûÄúµÄij¸ö¿Í»§»úÒò´Ë¶ø²úÉúһЩÒì³££¬ ÔòÓ¦½«ÕâЩ¿Í»§»ú±äΪ NIS ´Ó·þÎñÆ÷£¬ ²¢Ç¿ÖÆÆä°ó¶¨×Ô¼º¡£

29.4.6 ²»ÔÊÐíijЩÓû§µÇ¼

¡¡¡¡ÔÚÎÒÃǵÄʵÑéÊÒÖУ¬ basie Õą̂»úÆ÷£¬ ÊÇһ̨½ÌԱרÓõŤ×÷Õ¾¡£ ÎÒÃDz»Ï£Íû½«Õą̂»úÆ÷Äóö NIS Óò£¬ ¶øÖ÷ NIS ·þÎñÆ÷É쵀 passwd Îļþ£¬ Ôòͬʱ°üº¬Á˽ÌÔ±ºÍѧÉúµÄÕʺš£ ÕâʱӦ¸ÃÔõô×ö£¿

¡¡¡¡ÓÐÒ»ÖÖ°ì·¨À´½ûÖ¹ÌØ¶¨µÄÓû§µÇ¼»úÆ÷£¬ ¼´Ê¹ËûÃÇÉí´¦ NIS Êý¾Ý¿âÖ®ÖС£ ÒªÍê³ÉÕâÒ»¹¤×÷£¬ Ö»ÐèÒªÔÚ¿Í»§»úµÄ /etc/master.passwd ÎļþÖмÓÈëһЩ -username ÕâÑùµÄÏ ÆäÖУ¬ username ÊÇÏ£Íû½ûÖ¹µÇ¼µÄÓû§Ãû¡£ Ò»°ãÍÆ¼öʹÓà vipw À´Íê³ÉÕâ¸ö¹¤×÷£¬ ÒòΪ vipw »á¶ÔÄúÔÚ /etc/master.passwd ÎļþÉÏËù×÷µÄÐ޸ĽøÐкϷ¨ÐÔ¼ì²é£¬ ²¢Ôڱ༭½áÊøÊ±ÖØÐ¹¹½¨¿ÚÁîÊý¾Ý¿â¡£ ÀýÈ磬 Èç¹ûÏ£Íû½ûÖ¹Óû§ bill µÇ¼ basie£¬ ÎÒÃÇÓ¦¸Ã£º

basie# vipw
[ÔÚĩβ¼ÓÈë -bill£¬ ²¢Í˳ö]
vipw: rebuilding the database...
vipw: done

basie# cat /etc/master.passwd

root:[password]:0:0::0:0:The super-user:/root:/bin/csh
toor:[password]:0:0::0:0:The other super-user:/root:/bin/sh
daemon:*:1:1::0:0:Owner of many system processes:/root:/sbin/nologin
operator:*:2:5::0:0:System &:/:/sbin/nologin
bin:*:3:7::0:0:Binaries Commands and Source,,,:/:/sbin/nologin
tty:*:4:65533::0:0:Tty Sandbox:/:/sbin/nologin
kmem:*:5:65533::0:0:KMem Sandbox:/:/sbin/nologin
games:*:7:13::0:0:Games pseudo-user:/usr/games:/sbin/nologin
news:*:8:8::0:0:News Subsystem:/:/sbin/nologin
man:*:9:9::0:0:Mister Man Pages:/usr/share/man:/sbin/nologin
bind:*:53:53::0:0:Bind Sandbox:/:/sbin/nologin
uucp:*:66:66::0:0:UUCP pseudo-user:/var/spool/uucppublic:/usr/libexec/uucp/uucico
xten:*:67:67::0:0:X-10 daemon:/usr/local/xten:/sbin/nologin
pop:*:68:6::0:0:Post Office Owner:/nonexistent:/sbin/nologin
nobody:*:65534:65534::0:0:Unprivileged user:/nonexistent:/sbin/nologin
+:::::::::
-bill

basie#

29.4.7 ʹÓà Netgroups

Contributed by Udo Erdelhoff.

¡¡¡¡Ç°Ò»½Ú½éÉܵķ½·¨£¬ ÔÚÄúÐèҪΪ·Ç³£ÉÙµÄÓû§ºÍ/»ò»úÆ÷½øÐÐÌØÊâµÄ¹æÔòÅäÖÃʱ»¹Ëã´ÕºÏ¡£ ÔÚ¸ü´óµÄÍøÂçÉÏ£¬ Äú Ò»¶¨»á Íü¼Ç½ûֹijЩÓû§µÇ¼µ½Ãô¸ÐµÄ»úÆ÷ÉÏ£¬ »òÕߣ¬ ÉõÖÁ±ØÐëµ¥¶ÀµØÐÞ¸Äÿһ̨»úÆ÷µÄÅäÖ㬠Òò¶ø¶ªµôÁË NIS ×îÖØÒªµÄÓÅÔ½ÐÔ£º ¼¯ÖÐʽ ¹ÜÀí¡£

¡¡¡¡NIS ¿ª·¢ÈËԱΪÕâ¸öÎÊÌâÌṩµÄ½â¾ö·½°¸£¬ ±»³Æ×÷ netgroups¡£ ËüÃǵÄ×÷ÓúÍÓïÒ壬 »ù±¾ÉÏ¿ÉÒÔµÈͬÓÚ UNIX ÎļþϵͳÉÏʹÓõÄ×é¡£ Ö÷ÒªµÄÇø±ðÊÇËüÃÇûÓÐÊý×Ö»¯µÄ ID£¬ ÒÔ¼°¿ÉÒÔÔÚ netgroup ÖÐͬʱ°üº¬Óû§ºÍÆäËû netgroup¡£

¡¡¡¡Netgroups ±»Éè¼ÆÓÃÀ´´¦Àí´óµÄ¡¢ ¸´Ôӵİüº¬Êý°ÙÓû§ºÍ»úÆ÷µÄÍøÂç¡£ Ò»·½Ã棬 ÔÚÄú²»µÃ²»´¦ÀíÕâÀàÇéÐÎʱ£¬ ÕâÊÇÒ»¸öºÜÓÐÓõĶ«Î÷¡£ ¶øÁíÒ»·½Ã棬 ËüµÄ¸´ÔÓÐÔÓÖʹµÃͨ¹ý·Ç³£¼òµ¥µÄÀý×ÓºÜÄѽâÊÍ netgroup µ½µ×ÊÇʲô¡£ ÕâÒ»½ÚµÄÆäÓಿ·ÖµÄÀý×Ó½«Õ¹Ê¾Õâ¸öÎÊÌâ¡£

¡¡¡¡¼ÙÉèÄúÔÚʵÑéÊÒÖгɹ¦µØ²¿Êð NIS ÒýÆðÁËÉÏ˾µÄÐËȤ¡£ Äú½ÓÏÂÀ´µÄÈÎÎñÊǽ« NIS ÓòÀ©Õ¹£¬ ÒÔ¸²¸ÇУ԰ÖеÄһЩÆäËûµÄ»úÆ÷¡£ ÏÂÃæÁ½¸ö±í¸ñÖаüÀ¨ÁËÐÂÓû§ºÍлúÆ÷£¬ ¼°Æä¼òҪ˵Ã÷¡£

Óû§Ãû ˵Ã÷
alpha, beta IT ²¿ÃŵįÕͨ¹ÍÔ±
charlie, delta IT ²¿ÃŵÄѧͽ
echo, foxtrott, golf, ... ÆÕͨ¹ÍÔ±
able, baker, ... ĿǰµÄʵϰÉú
»úÆ÷Ãû ˵Ã÷
war, death, famine, pollution ×îÖØÒªµÄ·þÎñÆ÷¡£ Ö»ÓÐ IT ²¿ÃŵĹÍÔ±²ÅÔÊÐíµÇ¼ÕâЩ»úÆ÷¡£
pride, greed, envy, wrath, lust, sloth ²»Ì«ÖØÒªµÄ·þÎñÆ÷£¬ ËùÓÐ IT ²¿ÃŵijÉÔ±£¬ ¶¼¿ÉÒԵǼÕâЩ»úÆ÷¡£
one, two, three, four, ... ÆÕͨ¹¤×÷Õ¾¡£ Ö»ÓÐ ÕæÕýµÄ ¹ÍÔ±²ÅÔÊÐíµÇ¼ÕâЩ»úÆ÷¡£
trashcan һ̨²»°üº¬¹Ø¼üÊý¾ÝµÄ¾É»úÆ÷¡£ ¼´Ê¹ÊÇʵϰÉú£¬ Ò²ÔÊÐíµÇ¼Ëü¡£

¡¡¡¡Èç¹ûÄú³¢ÊÔͨ¹ýÒ»¸öÒ»¸öµØ×èÖ¹Óû§À´ÊµÏÖÕâЩÏÞÖÆ£¬ ¾ÍÐèÒªÔÚÿһ¸öϵͳµÄ passwd ÎļþÖУ¬ Ϊÿһ¸ö²»ÔÊÐíµÇ¼¸ÃϵͳµÄÓû§Ìí¼Ó¶ÔÓ¦µÄ -user ÐС£ Èç¹ûÍü¼ÇÁËÈκÎÒ»¸ö£¬ ¾Í¿ÉÄÜ»áÔì³ÉÎÊÌâ¡£ ÔÚ½øÐгõʼÅäÖÃʱ£¬ ÕýÈ·µØÅäÖÃÒ²Ðí²»ÊÇʲôÎÊÌ⣬ µ«Ëæ×ÅÈÕ¸´Ò»ÈÕµØÌí¼ÓÐÂÓû§£¬ ×ÜÓÐÒ»Ìì Äú»áÍü¼ÇΪÐÂÓû§Ìí¼Óij¸öÐС£ ±Ï¾¹£¬ Murphy ÊÇÒ»¸öÀÖ¹ÛµÄÈË¡£

¡¡¡¡Ê¹Óà netgroups À´´¦ÀíÕâÒ»×´¿ö¿ÉÒÔ´øÀ´Ðí¶àºÃ´¦¡£ ²»ÐèÒªµ¥¶ÀµØ´¦Àíÿһ¸öÓû§£» Äú¿ÉÒÔ¸³ÓèÓû§Ò»¸ö»ò¶à¸ö netgroups Éí·Ý£¬ ²¢ÔÊÐí»ò½ûֹijһ¸ö netgroup µÄËùÓгÉÔ±µÇ¼¡£ Èç¹ûÌí¼ÓÁËеĻúÆ÷£¬ Ö»ÐèÒª¶¨Òå netgroup µÄµÇ¼ÏÞÖÆ¡£ Èç¹ûÔö¼ÓÁËÐÂÓû§£¬ Ò²Ö»ÐèÒª½«Óû§¼ÓÈëÒ»¸ö»ò¶à¸ö netgroup¡£ ÕâЩ±ä»¯ÊÇÏ໥¶ÀÁ¢µÄ£º ²»ÔÙÐèÒª ¡°¶Ôÿһ¸öÓû§ºÍ»úÆ÷Ö´ÐÐ ¡­¡­¡±¡£ Èç¹ûÄúµÄ NIS ÅäÖþ­¹ýÁ˽÷É÷µÄ¹æ»®£¬ ¾ÍÖ»ÐèÒªÐÞ¸ÄÒ»¸öÖÐÑëµÄÅäÖÃÎļþ£¬ ¾ÍÄܹ»ÔÊÐí»ò½ûÖ¹·ÃÎÊij̨»úÆ÷µÄȨÏÞÁË¡£

¡¡¡¡µÚÒ»²½Êdzõʼ»¯ NIS Ó³Éä netgroup¡£ FreeBSD µÄ ypinit(8) ĬÈÏÇé¿öϲ¢²»´´½¨Õâ¸öÓ³É䣬 µ«ËüµÄ NIS ʵÏÖÄܹ»ÔÚ´´½¨Õâ¸öÓ³ÉäÖ®ºóÁ¢¼´¶ÔÆäÌṩ֧³Ö¡£ Òª´´½¨¿ÕÓ³É䣬 ¼òµ¥µØÊäÈë

ellington# vi /var/yp/netgroup

¡¡¡¡²¢¿ªÊ¼Ôö¼ÓÄÚÈÝ¡£ ÔÚÎÒÃǵÄÀý×ÓÖУ¬ ÖÁÉÙÐèÒªËĸö nergruop£º IT ¹ÍÔ±£¬ IT ѧͽ£¬ ÆÕͨ¹ÍÔ±ºÍʵϰÉú¡£

IT_EMP  (,alpha,test-domain)    (,beta,test-domain)
IT_APP  (,charlie,test-domain)  (,delta,test-domain)
USERS   (,echo,test-domain)     (,foxtrott,test-domain) \
        (,golf,test-domain)
INTERNS (,able,test-domain)     (,baker,test-domain)

¡¡¡¡IT_EMP, IT_APP µÈµÈ£¬ ÊÇ netgroup µÄÃû×Ö¡£ ÿһ¸öÀ¨ºÅÖеÄ×éÖУ¬ ¶¼ÓÐһЩÓû§Õʺš£ ×éÖеÄÈý¸ö×Ö¶ÎÊÇ£º

  1. ÔÚÄÄЩ»úÆ÷ÉÏÄܹ»Ê¹ÓÃÕâЩÏî¡£ Èç¹û²»Ö¸¶¨Ö÷»úÃû£¬ ÔòÏîÔÚËùÓлúÆ÷É϶¼ÓÐЧ¡£ Èç¹ûÖ¸¶¨ÁËÖ÷»ú£¬ ÔòºÜÈÝÒ×Ôì³É»ìÏý¡£

  2. ÊôÓÚÕâ¸ö netgroup µÄÕʺš£

  3. ÕÊºÅµÄ NIS Óò¡£ Äú¿ÉÒÔ´ÓÆäËû NIS ÓòÖаÑÕʺŵ¼Èëµ½ÄúµÄ netgroup ÖУ¬ Èç¹ûÄú¹ÜÀí¶à¸ö NIS ÓòµÄ»°¡£

¡¡¡¡Ã¿Ò»¸ö×ֶζ¼¿ÉÒÔ°üÀ¨Í¨Åä·û¡£ ²Î¼û netgroup(5) Á˽â¸ü¶àϸ½Ú¡£

×¢Òâ: Netgroup µÄÃû×ÖÒ»°ãÀ´Ëµ²»Ó¦³¬¹ý 8 ¸ö×Ö·û£¬ ÌØ±ðÊǵ±ÄúµÄ NIS ÓòÖÐÓлúÆ÷´òËãÔËÐÐÆäËü²Ù×÷ϵͳµÄʱºò¡£ Ãû×ÖÊÇÇø·Ö´óСдµÄ£» ʹÓôóд×Öĸ×÷Ϊ netgroup µÄÃû×Ö£¬ Äܹ»ÈÃÄú¸üÈÝÒ×µØÇø·ÖÓû§¡¢ »úÆ÷ºÍ netgroup µÄÃû×Ö¡£

ijЩ NIS ¿Í»§³ÌÐò (FreeBSD ÒÔÍâµÄÄÇЩ) ¿ÉÄÜÎÞ·¨´¦Àíº¬ÓдóÁ¿ÏîµÄ netgroup¡£ ÀýÈ磬 ijЩÔçÆÚ°æ±¾µÄ SunOS »áÔÚ netgroup Öаüº¬¶àÓÚ 15 ¸ö Ïî ʱ³öÏÖÎÊÌâ¡£ ÒªÈÆ¹ýÕâ¸öÎÊÌ⣬ ¿ÉÒÔ´´½¨¶à¸ö ×Ónetgroup£¬Ã¿Ò»¸öÖаüº¬ÉÙÓÚ 15 ¸öÓû§£¬ ÒÔ¼°Ò»¸ö°üº¬ËùÓÐ ×Ónetgroup µÄÕæÕýµÄ netgroup£º

BIGGRP1  (,joe1,domain)  (,joe2,domain)  (,joe3,domain) [...]
BIGGRP2  (,joe16,domain)  (,joe17,domain) [...]
BIGGRP3  (,joe31,domain)  (,joe32,domain)
BIGGROUP  BIGGRP1 BIGGRP2 BIGGRP3

Èç¹ûÐèÒª³¬¹ý 225 ¸öÓû§£¬ ¿ÉÒÔ¼ÌÐøÖØ¸´ÉÏÃæµÄ¹ý³Ì¡£

¡¡¡¡¼¤»î²¢·Ö·¢Ð嵀 NIS Ó³Éä·Ç³£¼òµ¥£º

ellington# cd /var/yp
ellington# make

¡¡¡¡Õâ¸ö²Ù×÷»áÉú³ÉÈý¸ö NIS Ó³É䣬 ¼´ netgroup¡¢ netgroup.byhost ºÍ netgroup.byuser¡£ Óà ypcat(1) ¿ÉÒÔ¼ì²éÕâЩ NIS Ó³ÉäÊÇ·ñ¿ÉÓÃÁË£º

ellington% ypcat -k netgroup
ellington% ypcat -k netgroup.byhost
ellington% ypcat -k netgroup.byuser

¡¡¡¡µÚÒ»¸öÃüÁîµÄÊä³ö£¬ Ó¦¸ÃÓë /var/yp/netgroup µÄÄÚÈÝÏà½ü¡£ µÚ¶þ¸öÃüÁ Èç¹ûûÓÐÖ¸¶¨±¾»úרÓÐµÄ netgroup£¬ ÔòÓ¦¸ÃûÓÐÊä³ö¡£ µÚÈý¸öÃüÁ ÔòÓÃÓÚÏÔʾij¸öÓû§¶ÔÓ¦µÄ netgroup ÁÐ±í¡£

¡¡¡¡¿Í»§»úµÄÉèÖÃÒ²ºÜ¼òµ¥¡£ ÒªÅäÖ÷þÎñÆ÷ war£¬ Ö»Ðè½øÈë vipw(8) ²¢°Ñ

+:::::::::

¡¡¡¡¸ÄΪ

+@IT_EMP:::::::::

¡¡¡¡ÏÖÔÚ£¬ Ö»ÓÐ netgroup IT_EMP Öж¨ÒåµÄÓû§»á±»µ¼Èëµ½ war µÄ¿ÚÁîÊý¾Ý¿âÖУ¬ Òò´ËÖ»ÓÐÕâЩÓû§Äܹ»µÇ¼¡£

¡¡¡¡²»¹ý£¬ Õâ¸öÏÞÖÆÒ²»á×÷ÓÃÓÚ shell µÄ ~£¬ ÒÔ¼°ËùÓÐÔÚÓû§ÃûºÍÊý×ÖÓû§ ID Ö®¼äʵʩת»»µÄº¯ÊýµÄ¹¦ÄÜ¡£ »»ÑÔÖ®£¬ cd ~user ½«²»»áÕý³£¹¤×÷£¬ ¶ø ls -l Ò²½«ÏÔʾÊý×ÖµÄ ID ¶ø²»ÊÇÓû§Ãû£¬ ²¢ÇÒ find . -user joe -print ½«Ê§°Ü£¬ ²¢¸ø³ö ¡°No such user¡± µÄ´íÎóÐÅÏ¢¡£ ÒªÐÞÕýÕâ¸öÎÊÌ⣬ ÄúÐèÒªµ¼ÈëËùÓеÄÓû§Ï ¶ø ²»ÔÊÐíËûÃǵǼ·þÎñÆ÷¡£

¡¡¡¡Õâ¿ÉÒÔͨ¹ýÔÚ /etc/master.passwd ¼ÓÈëÁíÒ»ÐÐÀ´Íê³É¡£ ÕâÐеÄÄÚÈÝÊÇ£º

¡¡¡¡+:::::::::/sbin/nologin£¬ Òâ˼ÊÇ ¡°µ¼ÈëËùÓеÄÏ µ«µ¼ÈëÏîµÄ shell ÔòÌæ»»Îª /sbin/nologin¡±¡£ ͨ¹ýÔÚ /etc/master.passwd ÖÐÔö¼ÓĬÈÏÖµ£¬ ¿ÉÒÔÌæ»»µô passwd ÖеÄÈÎÒâ×ֶΡ£

¾¯¸æ: Îñ±ØÈ·ÈÏ +:::::::::/sbin/nologin ÕâÒ»ÐгöÏÖÔÚ +@IT_EMP::::::::: Ö®ºó¡£ ·ñÔò£¬ ËùÓÐ´Ó NIS µ¼ÈëµÄÓû§ÕʺŽ«ÒÔ /sbin/nologin ×÷ΪµÇ¼ shell¡£

¡¡¡¡Íê³ÉÉÏÃæµÄÐÞ¸ÄÖ®ºó£¬ ÔÚ IT ²¿ÃÅÓÐÁËÐÂÔ±¹¤Ê±£¬ Ö»ÐèÐÞ¸ÄÒ»¸ö NIS Ó³Éä¾Í×ã¹»ÁË¡£ ÄúÒ²¿ÉÒÔÓÃÀàËÆµÄ·½·¨£¬ ÔÚ²»Ì«ÖØÒªµÄ·þÎñÆ÷ÉÏ£¬ °ÑÏÈǰ±¾µØ°æ±¾µÄ /etc/master.passwd ÖÐµÄ +::::::::: ¸ÄΪ£º

+@IT_EMP:::::::::
+@IT_APP:::::::::
+:::::::::/sbin/nologin

¡¡¡¡Ïà¹ØµÄÓÃÓÚÆÕͨ¹¤×÷Õ¾µÄÅäÖÃÔòÓ¦ÊÇ£º

+@IT_EMP:::::::::
+@USERS:::::::::
+:::::::::/sbin/nologin

¡¡¡¡Ò»ÇÐÆ½°²ÎÞÊ£¬ Ö±µ½ÊýÖÜºó£¬ ÓÐÒ»Ìì²ßÂÔ·¢ÉúÁ˱仯£º IT ²¿ÃÅÒ²¿ªÊ¼ÕÐÊÕʵϰÉúÁË¡£ IT ʵϰÉúÔÊÐíʹÓÃÆÕͨµÄÖÕ¶Ë£¬ ÒÔ¼°²»Ì«ÖØÒªµÄ·þÎñÆ÷£» ¶ø IT ѧͽ£¬ Ôò¿ÉÒԵǼÖ÷·þÎñÆ÷¡£ ÄúÔö¼ÓÁËÐ嵀 netgroup IT_INTERN£¬ ÒÔ¼°Ð嵀 IT ʵϰÉúµ½Õâ¸ö netgroup ²¢¿ªÊ¼ÐÞ¸Äÿһ̨»úÆ÷ÉϵÄÅäÖá­¡­ ÀÏ»°ËµµÃºÃ£º¡°Ç£Ò»·¢£¬ ¶¯È«Éí¡±¡£

¡¡¡¡NIS ͨ¹ý netgroup À´½¨Á¢ netgroup µÄÄÜÁ¦£¬ Õý¿ÉÒÔ±ÜÃâÕâÑùµÄÇéÐΡ£ Ò»ÖÖ¿ÉÄܵķ½·¨Êǽ¨Á¢»ùÓÚ½ÇÉ«µÄ netgroup¡£ ÀýÈ磬 Äú¿ÉÒÔ´´½¨³ÆÎª BIGSRV µÄ netgroup£¬ ÓÃÓÚ¶¨Òå×îÖØÒªµÄ·þÎñÆ÷ÉϵĵǼÏÞÖÆ£¬ ÒÔ¼°ÁíÒ»¸ö³ÉΪ SMALLSRV µÄ netgroup£¬ ÓÃÒÔ¶¨Òå´ÎÖØÒªµÄ·þÎñÆ÷£¬ ÒÔ¼°µÚÈý¸ö£¬ ÓÃÓÚÆÕͨ¹¤×÷Õ¾µÄ netgroup USERBOX¡£ ÕâÈý¸ö netgroup ÖеÄÿһ¸ö£¬ ¶¼°üº¬ÁËÔÊÐíµÇ¼µ½ÕâЩ»úÆ÷ÉϵÄËùÓÐ netgroup¡£ ÄúµÄ NIS Ó³ÉäÖеÄÐÂÏîÈçÏÂËùʾ£º

BIGSRV    IT_EMP  IT_APP
SMALLSRV  IT_EMP  IT_APP  ITINTERN
USERBOX   IT_EMP  ITINTERN USERS

¡¡¡¡ÕâÖÖ¶¨ÒåµÇ¼ÏÞÖÆµÄ·½·¨£¬ ÔÚÄúÄܹ»½«»úÆ÷·Ö×é²¢¼ÓÒÔÏÞÖÆµÄʱºò¿ÉÒÔ¹¤×÷µÄÏ൱ºÃ¡£ ²»ÐÒµÄÊÇ£¬ ÕâÊÇÖÖÀýÍ⣬ ¶ø·Ç³£¹æÇé¿ö¡£ ¶àÊýʱºò£¬ ÐèÒª°´»úÆ÷È¥¶¨ÒåµÇ¼ÏÞÖÆ¡£

¡¡¡¡Óë»úÆ÷Ïà¹ØµÄ netgroup ¶¨Ò壬 ÊÇ´¦ÀíÉÏÊö²ßÂԸ͝µÄÁíÒ»ÖÖ¿ÉÄܵķ½·¨¡£ ´Ëʱ£¬ ÿ̨»úÆ÷µÄ /etc/master.passwd ÖУ¬ ¶¼°üº¬Á½¸ö ¡°+¡± ¿ªÍ·µÄÐС£ µÚÒ»¸öÓÃÓÚÌí¼ÓÔÊÐíµÇ¼µÄ netgroup Õʺţ¬ ¶øµÚ¶þ¸öÔòÓÃÓÚÔö¼ÓÆäËüÕʺţ¬ ²¢°Ñ shell ÉèÖÃΪ /sbin/nologin¡£ ʹÓà ¡°È«´óд¡± µÄ»úÆ÷Ãû×÷Ϊ netgroup ÃûÊǸöºÃÖ÷Òâ¡£ »»ÑÔÖ®£¬ ÕâЩÐÐÓ¦¸ÃÀàËÆÓÚ£º

+@BOXNAME:::::::::
+:::::::::/sbin/nologin

¡¡¡¡Ò»µ©ÔÚËùÓлúÆ÷É϶¼Íê³ÉÁËÕâÑùµÄÐ޸ģ¬ ¾ÍÔÙÒ²²»ÐèÒªÐ޸ı¾µØµÄ /etc/master.passwd ÁË¡£ ËùÓÐδÀ´µÄÐ޸ͼ¿ÉÒÔÔÚ NIS Ó³ÉäÖнøÐС£ ÕâÀïÊÇÒ»¸öÀý×Ó£¬ ÆäÖÐչʾÁËÔÚÕâÒ»Ó¦ÓÃÇé¾°ÖÐËùÐèÒªµÄ netgroup Ó³É䣬 ÒÔ¼°ÆäËüһЩ³£Óõļ¼ÇÉ£º

# Define groups of users first
IT_EMP    (,alpha,test-domain)    (,beta,test-domain)
IT_APP    (,charlie,test-domain)  (,delta,test-domain)
DEPT1     (,echo,test-domain)     (,foxtrott,test-domain)
DEPT2     (,golf,test-domain)     (,hotel,test-domain)
DEPT3     (,india,test-domain)    (,juliet,test-domain)
ITINTERN  (,kilo,test-domain)     (,lima,test-domain)
D_INTERNS (,able,test-domain)     (,baker,test-domain)
#
# Now, define some groups based on roles
USERS     DEPT1   DEPT2     DEPT3
BIGSRV    IT_EMP  IT_APP
SMALLSRV  IT_EMP  IT_APP    ITINTERN
USERBOX   IT_EMP  ITINTERN  USERS
#
# And a groups for a special tasks
# Allow echo and golf to access our anti-virus-machine
SECURITY  IT_EMP  (,echo,test-domain)  (,golf,test-domain)
#
# machine-based netgroups
# Our main servers
WAR       BIGSRV
FAMINE    BIGSRV
# User india needs access to this server
POLLUTION  BIGSRV  (,india,test-domain)
#
# This one is really important and needs more access restrictions
DEATH     IT_EMP
#
# The anti-virus-machine mentioned above
ONE       SECURITY
#
# Restrict a machine to a single user
TWO       (,hotel,test-domain)
# [...more groups to follow]

¡¡¡¡Èç¹ûÄúÕýʹÓÃijÖÖÊý¾Ý¿âÀ´¹ÜÀíÕʺţ¬ Ó¦¸Ã¿ÉÒÔʹÓÃÄúµÄÊý¾Ý¿âµÄ±¨¸æ¹¤¾ßÀ´´´½¨Ó³ÉäµÄµÚÒ»²¿·Ö¡£ ÕâÑù£¬ ÐÂÓû§¾Í×Ô¶¯µØ¿ÉÒÔ·ÃÎÊÕâЩ»úÆ÷ÁË¡£

¡¡¡¡×îºóµÄÌáÐÑ£º ʹÓûùÓÚ»úÆ÷µÄ netgroup ²¢²»×ÜÊÇÊÊÓõġ£ Èç¹ûÕýÔÚΪѧÉúʵÑéÊÒ²¿ÊðÊýʮ̨ÉõÖÁÉϰŲ̀ͬÑùµÄ»úÆ÷£¬ ÄúÓ¦¸ÃʹÓûùÓÚ½ÇÉ«µÄ netgroup£¬ ¶ø²»ÊÇ»ùÓÚ»úÆ÷µÄ netgroup£¬ ÒÔ±ã°Ñ NIS Ó³ÉäµÄ³ß´ç±£³ÖÔÚÒ»¸öºÏÀíµÄ·¶Î§ÄÚ¡£

29.4.8 ÐèÒªÀμǵÄÊÂÏî

¡¡¡¡ÕâÀïÊÇһЩÆäËüÔÚʹÓà NIS »·¾³Ê±ÐèҪעÒâµÄµØ·½¡£

29.4.9 NIS v1 ¼æÈÝÐÔ

¡¡¡¡FreeBSD µÄ ypserv ÌṩÁËijЩΪ NIS v1 ¿Í»§Ìṩ·þÎñµÄÖ§³ÖÄÜÁ¦¡£ FreeBSD µÄ NIS ʵÏÖ£¬ ֻʹÓà NIS v2 ЭÒ飬 µ«ÆäËüʵÏÖ¿ÉÄÜ»á°üº¬ v1 ЭÒ飬 ÒÔÌṩ¶Ô¾ÉϵͳµÄÏòϼæÈÝÄÜÁ¦¡£ ËæÕâЩϵͳÌṩµÄ ypbind ·þÎñ½«Ê×Ïȳ¢ÊÔ°ó¶¨ NIS v1 ·þÎñÆ÷£¬ ¼´Ê¹ËüÃDz¢²»ÕæµÄÐèÒªËü (ÓÐЩÉõÖÁ¿ÉÄÜ»áÒ»Ö±¹ã²¥ËÑË÷ÇëÇó£¬ ¼´Ê¹ÒѾ­´Óij̨ v2 ·þÎñÆ÷µÃµ½ÁË»ØÓ¦Ò²ÊÇÈç´Ë)¡£ ×¢Ò⣬ ¾¡¹ÜÖ§³ÖÒ»°ãµÄ¿Í»§»úµ÷Ó㬠Õâ¸ö°æ±¾µÄ ypserv ²¢²»ÄÜ´¦Àí v1 µÄÓ³Éä´«ËÍÇëÇó£» Òò¶ø£¬ Ëü¾Í²»ÄÜÓë½ÏÔçµÄÖ§³Ö v1 ЭÒéµÄ NIS ·þÎñÆ÷ÅäºÏʹÓ㬠ÎÞÂÛÊÇ×÷ΪÖ÷·þÎñÆ÷»¹ÊÇ´Ó·þÎñÆ÷¡£ ÐÒÔ˵ÄÊÇ£¬ ÏÖ½ñÓ¦¸ÃÒѾ­Ã»ÓÐÈÔÈ»ÔÚÓõÄÕâÑùµÄ·þÎñÆ÷ÁË¡£

29.4.10 ͬʱ×÷Ϊ NIS ¿Í»§»úµÄ NIS ·þÎñÆ÷

¡¡¡¡ÔÚ¶à·þÎñÆ÷ÓòµÄ»·¾³ÖУ¬ Èç¹û·þÎñÆ÷ͬʱ×÷Ϊ NIS ¿Í»§£¬ ÔÚÔËÐÐ ypserv Ê±ÒªÌØ±ðСÐÄ¡£ Ò»°ãÀ´Ëµ£¬ Ç¿ÖÆ·þÎñÆ÷°ó¶¨×Ô¼ºÒª±ÈÔÊÐíËüÃǹ㲥°ó¶¨ÇëÇóÒªºÃ£¬ ÒòΪÕâÖÖÇé¿öÏÂËüÃÇ¿ÉÄÜ»áÏ໥°ó¶¨¡£ ijЩ¹ÖÒìµÄ¹ÊÕÏ£¬ ºÜ¿ÉÄÜÊÇÓÉÓÚijһ̨·þÎñÆ÷Í£»ú£¬ ¶øÆäËü·þÎñÆ÷¶¼ÒÀÀµÆä·þÎñËùµ¼Öµġ£ ×îÖÕ£¬ ËùÓеĿͻ§»ú¶¼»á³¬Ê±²¢°ó¶¨µ½ÆäËü·þÎñÆ÷£¬ µ«Õâ¸öÑÓ³Ù¿ÉÄÜ»áÏ൱¿É¹Û£¬ ¶øÇÒ»Ö¸´Ö®ºóÈÔÈ»´æÔÚÔٴη¢Éú´ËÀàÎÊÌâµÄÒþ»¼¡£

¡¡¡¡Äú¿ÉÒÔÇ¿ÖÆÒ»Ì¨»úÆ÷°ó¶¨µ½Ìض¨µÄ·þÎñÆ÷£¬ ÕâÊÇͨ¹ý ypbind µÄ -S ²ÎÊýÀ´Íê³ÉµÄ¡£ Èç¹û²»Ï£Íûÿ´ÎÆô¶¯ NIS ·þÎñÆ÷ʱ¶¼ÊÖ¹¤Íê³ÉÕâÏ×÷£¬ ¿ÉÒÔÔÚ /etc/rc.conf ÖмÓÈ룺

nis_client_enable="YES"	# run client stuff as well
nis_client_flags="-S NIS domain,server"

¡¡¡¡²Î¼û ypbind(8) ÒÔÁ˽â¸ü¶àÇé¿ö¡£

29.4.11 ¿ÚÁî¸ñʽ

¡¡¡¡ÔÚʵÏÖ NIS ʱ£¬ ¿ÚÁî¸ñʽµÄ¼æÈÝÐÔÎÊÌâÊÇÒ»ÖÖ×îΪ³£¼ûµÄÎÊÌâ¡£ ¼ÙÈçÄúµÄ NIS ·þÎñÆ÷ʹÓà DES ¼ÓÃÜ¿ÚÁ ÔòËüÖ»ÄÜÖ§³ÖʹÓà DES µÄ¿Í»§»ú¡£ ÀýÈ磬 Èç¹ûÄúµÄÍøÂçÉÏÓÐ Solaris NIS ¿Í»§»ú£¬ Ôò¼¸ºõ¿Ï¶¨ÐèҪʹÓà DES ¼ÓÃÜ¿ÚÁî¡£

¡¡¡¡Òª¼ì²éÄúµÄ·þÎñÆ÷ºÍ¿Í»§»úʹÓõĿÚÁî¸ñʽ£¬ ÐèÒª²é¿´ /etc/login.conf¡£ Èç¹ûÖ÷»ú±»ÅäÖÃΪʹÓà DES ¼ÓÃܵĿÚÁ Ôò default class ½«°üº¬ÀàËÆÕâÑùµÄÏ

default:\
	:passwd_format=des:\
	:copyright=/etc/COPYRIGHT:\
	[Further entries elided]

¡¡¡¡ÆäËûһЩ¿ÉÄÜµÄ passwd_format °üÀ¨ blf ºÍ md5 (·Ö±ð¶ÔÓ¦ÓÚ Blowfish ºÍ MD5 ¼ÓÃÜ¿ÚÁî)¡£

¡¡¡¡Èç¹ûÐÞ¸ÄÁË /etc/login.conf£¬ ¾Í±ØÐëÖØ½¨µÇ¼ÐÔÄÜÊý¾Ý¿â£¬ ÕâÊÇͨ¹ýÒÔ root Éí·ÝÔËÐÐÏÂÃæµÄ³ÌÐòÀ´Íê³ÉµÄ£º

# cap_mkdb /etc/login.conf

×¢Òâ: ÒѾ­ÔÚ /etc/master.passwd ÖеĿÚÁîµÄ¸ñʽ²»»á±»¸üУ¬ Ö±µ½Óû§ÔڵǼÐÔÄÜÊý¾Ý¿âÖØ½¨ Ö®ºó Ê×´ÎÐ޸ĿÚÁîΪֹ¡£

¡¡¡¡½ÓÏÂÀ´£¬ ΪÁËÈ·±£ËùÓеĿÚÁî¶¼°´ÕÕÄúÑ¡ÔñµÄ¸ñʽ¼ÓÃÜÁË£¬ »¹ÐèÒª¼ì²é /etc/auth.conf ÖÐ crypt_default ¸ø³öµÄÓÅÏÈÑ¡ÔñµÄ¿ÚÁî¸ñʽ¡£ ÒªÍê³É´Ë¹¤×÷£¬ ½«ÄúÑ¡ÔñµÄ¸ñʽ·Åµ½ÁбíµÄµÚÒ»Ïî¡£ ÀýÈ磬 µ±Ê¹Óà DES ¼ÓÃܵĿÚÁîʱ£¬ ¶ÔÓ¦ÏîӦΪ£º

crypt_default	=	des blf md5

¡¡¡¡ÔÚÿһ̨»ùÓÚ FreeBSD µÄ NIS ·þÎñÆ÷ºÍ¿Í»§»úÉÏÍê³ÉÉÏÊö¹¤×÷Ö®ºó£¬ ¾Í¿ÉÒԿ϶¨ÄúµÄÍøÂçÉÏËüÃǶ¼ÔÚʹÓÃͬÑùµÄ¿ÚÁî¸ñʽÁË¡£ Èç¹ûÔÚ NIS ¿Í»§»úÉÏ×öÉí·ÝÑé֤ʱ·¢ÉúÎÊÌ⣬ ÕâÒ²ÊǵÚÒ»¸ö¿ÉÄܳöÏÖÎÊÌâµÄµØ·½¡£ ×¢Ò⣺ Èç¹ûÄúÏ£ÍûÔÚ»ìºÏµÄÍøÂçÉϲ¿Êð NIS ·þÎñÆ÷£¬ ¿ÉÄܾÍÐèÒªÔÚËùÓÐϵͳÉ϶¼Ê¹Óà DES£¬ ÒòΪÕâÊÇËùÓÐϵͳ¶¼Äܹ»Ö§³ÖµÄ×îµÍÏ޶ȵĹ«¹²±ê×¼¡£

±¾ÎĵµºÍÆäËüÎĵµ¿É´ÓÕâÀïÏÂÔØ£ºftp://ftp.FreeBSD.org/pub/FreeBSD/doc/.

Èç¹û¶ÔÓÚFreeBSDÓÐÎÊÌ⣬ÇëÏÈÔĶÁÎĵµ£¬Èç²»Äܽâ¾öÔÙÁªÏµ<questions@FreeBSD.org>.
¹ØÓÚ±¾ÎĵµµÄÎÊÌâÇë·¢ÐÅÁªÏµ <doc@FreeBSD.org>.