NIS Debian HOWTO Miquels, miquels@cistron.nl v3.2.1-3, 2 Mar 1998 À̹ü¼®shinsuk@ai-cse.sch.ac.kr 12 Dec 1998 ÀÌ HOWTO´Â ´ÙÀ½¿¡ ´ëÇØ ¼³¸íÇÕ´Ï´Ù. ______________________________________________________________________ ¸ñÂ÷ 1. Áö¿ª NIS Ŭ¶óÀ̾ðÆ®¸¦ ¾î¶»°Ô ¼³Á¤Çϴ°¡ 2. NIS¸¦ ÅëÇØ ÀÚ¿øÀ» ¾î¶»°Ô ÀÌ¿ëÇϴ°¡ 3. NIS master ¼­¹ö¸¦ ¾î¶»°Ô ¼³Á¤Çϴ°¡ 4. SHADOW PASSWORDS 5. HOW TO SETUP A NIS SLAVE SERVER ______________________________________________________________________ 1. Áö¿ª NIS Ŭ¶óÀ̾ðÆ®¸¦ ¾î¶»°Ô ¼³Á¤Çϴ°¡ 1. netbase, netstd, nis ÆÐÅ°Áö¸¦ ¼³Ä¡ÇÕ´Ï´Ù. 2. ¼³Ä¡ °úÁ¤¿¡¼­ NIS domainnameÀ» ¹¯½À´Ï´Ù. ÀÌ°ÍÀº NIS¸¦ »ç¿ëÇÒ ½Ã½ºÅÛµéÀÇ ±×·ìÀ» ³ªÅ¸³»´Â À̸§À¸·Î hostname°ú´Â ´Ù¸¨´Ï´Ù. 3. ¸¸¾à NIS ¼­¹ö°¡ Áö¿ª ³×Æ®¿öÅ© ¾È¿¡ ÀÖÁö ¾ÊÀ¸¸é ¸î °¡Áö ¹Ì¼¼Á¶Á¤ÀÌ ÇÊ¿äÇÕ´Ï´Ù. ypbind ÇÁ·Î¼¼½º´Â /etc/yp.conf ¶ó´Â ¼³Á¤ ÆÄÀÏÀ» °¡Áö°í ÀÖ½À´Ï´Ù. ¿©±â¿¡ NIS ¼­¹öÀÇ À̸§À» Àû½À´Ï´Ù. - ´õ ÀÚ¼¼ÇÑ Á¤º¸´Â ypbind(8) ¸Å´º¾óÀ» º¸½Ê½Ã¿À. 4. NIS¸¦ ½ÃÀÛÇÕ´Ï´Ù. /etc/init.d/nis stop /etc/init.d/nis start 2. NIS¸¦ ÅëÇØ ÀÚ¿øÀ» ¾î¶»°Ô ÀÌ¿ëÇϴ°¡ 1. FOR libc6 /etc/nsswitch.conf ÆÄÀÏÀÇ passwd, group, shadow, netgroup ¿£Æ®¸®¸¦ ´ÙÀ½°ú °°ÀÌ ¹Ù²ß´Ï´Ù. passwd: compat group: compat shadow: compat netgroup: nis libc6Àº ÆÄÀϷκÎÅÍ netgroup Á¤º¸¸¦ Àдµ¥ ¸î °¡Áö ¹®Á¦¸¦ °¡Áö°í ÀÖ½À´Ï´Ù. ±×·¯´Ï netgroup ¿£Æ®¸®¿¡ "db"³ª "files"¸¦ ¾²Áö ¸¶½Ê½Ã¿À. ¸ðµç netgroup Á¤º¸´Â NIS ¼­¹ö¸¦ ÅëÇØ ¾ò¾îÁö°Ô µË´Ï´Ù. 2. USERS: NIS clientsÀÇ /etc/passwd¿¡ ´ÙÀ½ ÁÙÀ» Ãß°¡ÇÕ´Ï´Ù. +:::::: »ç¿ëÀÚ(user)ÀÇ Æ÷ÇÔ/Â÷´ÜÀ» À§ÇØ +¿Í - ±âÈ£¸¦ »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù. »ç¿ëÀÚ guest¸¦ Á¦¿ÜÇÏ·Á¸é /etc/passwd ÆÄÀÏ¿¡ -guest¸¦ Ãß°¡ÇÕ´Ï´Ù. »ç¿ëÀÚ linux°¡ ´Ù¸¥ ½©(e.g. ksg)À» »ç¿ëÇÏ±æ ¿øÇÑ´Ù¸é /etc/passwd¿¡ +linux::::::/bin/ksh¸¦ Ãß°¡ÇØ ÁÖ¸é µË´Ï´Ù. º¯°æÀ» ¿øÇÏÁö ¾Ê´Â Çʵå´Â ºóä·Î ³öµÓ´Ï´Ù. ¿¹·Î, miquels, dth, ed¸¸ ·Î±×ÀÎÀ» Çã¶ôÇÏ°í ´Ù¸¥ »ç¿ëÀÚÀÇ °èÁ¤ Á¤º¸¸¸À» À¯ÁöÇÏ·Á¸é: +miguels:::::: +ed:::::: +dth:::::: +:*::::::/etc/NoShell ¿¹¿¡¼­¿Í °°ÀÌ ¸®´ª½º¿¡¼­´Â Æнº¿öµå Çʵ嵵 overrideÇÒ ¼ö ÀÖ½À´Ï´Ù. 3. GROUPS: /etc/group¿¡ ´ÙÀ½ ÁÙÀ» Ãß°¡ÇÕ´Ï´Ù. +::: 4. HOSTS: º¸Åë NIS¸¦ ÅëÇØ host lookupÀº ÇÏÁö ¾Ê°í DNS¸¦ »ç¿ëÇÕ´Ï´Ù. ²À NIS¸¦ ÅëÇØ ÇØ¾ß ÇÑ´Ù¸é ¿©±â¼­ ÇϽʽÿÀ. o For libc5 applications: NIS ¼­¹öÀÇ NIS host ¸ÊÀ» »ç¿ëÇÏ·Á¸é /etc/host.conf¸¦ ¼öÁ¤ÇØ¾ß ÇÕ´Ï´Ù. ´ÙÀ½°ú °°ÀÌ order ÁÙ¿¡ nis¶ó´Â ´Ü¾î¸¦ Ãß°¡ÇÕ´Ï´Ù: order hosts,nis multi on o For libc6 applications: /etc/nsswitch.confÀÇ hosts ¿£Æ®¸®¸¦ ¼öÁ¤ÇÕ´Ï´Ù: hosts: nis files 3. NIS master ¼­¹ö¸¦ ¾î¶»°Ô ¼³Á¤Çϴ°¡ 1. nis ÆÐÅ°Áö¸¦ ¼³Ä¡ÇÕ´Ï´Ù. RPC daemonµé(rpc.portmap)À» ¼³Ä¡Çϱâ À§ÇØ netbase¿Í netstdµµ ¼³Ä¡ÇØ¾ß ÇÕ´Ï´Ù. 2. master, slave ±¸ºÐ¾øÀÌ NIS ¼­¹ö·Î »ç¿ëµÉ ¸ðµç ½Ã½ºÅÛÀÇ À̸§ÀÌ /etc/hosts ÆÄÀϳ»¿¡ ÀÖ¾î¾ß ÇÕ´Ï´Ù. °¢ IP ÁÖ¼Ò µÚ¿¡ ù ¹ø° hostnameÀÌ FQDN(Fully Qualified Domain Name)À̾î¾ß ÇÏ°í, ±×¿¡ À̾î domainnameÀ» Á¦¿ÜÇÑ hostname¸¸À» ±âÀÔÇÕ´Ï´Ù. ¿¹¸¦ µé¸é: 192.168.88.10 troi.cistron.nl troi NIS´Â DNS¸¦ »ç¿ëÇÏÁö ¾Ê±â ¶§¹®¿¡ NIS server ³»ÀÇ NIS host file(º¸Åë /etc/hosts)µµ ÀÌ ¼³Á¤À» ÇØ¾ß ÇÕ´Ï´Ù. 3. /etc/defaultdomain¿¡ NIS domainÀ» ¼³Á¤ÇÕ´Ï´Ù. NIS domainÀº NIS¸¦ »ç¿ëÇÏ´Â ½Ã½ºÅÛµéÀÇ ±×·ìÀ» ³ªÅ¸³»´Â À̸§À¸·Î hostname°ú´Â ´Ù¸¨´Ï´Ù. ÀÌ°ÍÀº º¸Åë DNS domainnameÀ» ÀÌ°Í¿¡µµ »ç¿ëÇÕ´Ï´Ù. ÀÌ°ÍÀº ¸¹Àº »ç¶÷µé¿¡ ÀÇÇØ º¸¾È À§ÇèÀ» ÁöÀûµÇ°í ÀÖ½À´Ï´Ù. domainnameÀ» ¾Æ´Â °Í¸¸À¸·Î ¿ø°ÝÁö¿¡¼­ NIS server¿¡ query¸¦ º¸³»°í NIS ¸ÊµéÀ» ¹ÞÀ» °¡´É¼ºÀÌ Àֱ⠶§¹®ÀÔ´Ï´Ù. ÀÌ°ÍÀ» ¸·±âÀ§ÇØ ¸ðÈ£ÇÑ domainnameÀ» ¼±ÅÃÇؼ­´Â ¾ÈµË´Ï´Ù. ´ÜÁö Áö¿ª ³×Æ®¿öÅ© ÀÌ¿Ü¿¡¼­ NIS ¼­¹ö¿¡ Á¢±ÙÇÒ ¼ö ¾øµµ·Ï ÇÏ¸é µË´Ï´Ù. 4. /etc/init.d/nis ÆÄÀÏ ³»ÀÇ ypserv¸¦ master·Î (ypserv=master) ¼³Á¤ÇÕ´Ï´Ù. 5. À§¿¡¼­ ¸»ÇÑ °Í°ú °°ÀÌ, Áö¿ª ³×Æ®¿öÅ© ¹øÈ£¸¦ /etc/ypserv.securenets¿¡ Ãß°¡ÇÕ´Ï´Ù. ±âº»°ªÀ¸·Î ¸ðµç ½Ã½ºÅÛÀÌ NIS server¿¡ Á¢±ÙÇÒ ¼ö ÀÖµµ·Ï µÇ¾î ÀÖÁö¸¸ ÀÌ·¸°Ô ÇÏÁö ¾Ê´Â °ÍÀ» ±ÇÀåÇÕ´Ï´Ù. º¸¾ÈÀÇ °­È­¸¦ À§ÇØ /etc/ypserv.conf ÆÄÀÏÀ» ¼öÁ¤ÇÏ¿© password¸¦ ³ª¿ÀÁö ¾Êµµ·Ï(mangle)ÇÒ ¼ö ÀÖ½À´Ï´Ù. (³×Æ®¿öÅ© ³»¿¡ µ¥ºñ¾ÈÀÌ ¾Æ´Ñ slave serverµéÀÌ ÀÖÀ» ¶§¿¡´Â ÀÌ°ÍÀ» »ç¿ëÇؼ­´Â ¾ÈµË´Ï´Ù.) 6. "/usr/lib/yp/ypinit -m"À» ÀÔ·ÂÇÏ¿© ¼­¹ö¸¦ ¼³Á¤ÇÕ´Ï´Ù. 7. ´ÙÀ½À» ÀÔ·ÂÇÏ¿© ¼­¹ö¸¦ ½ÃÀÛÇÕ´Ï´Ù. /etc/init.d/nis stop /etc/init.d/nis start ¼­¹ö(ypserv)¿Í Æнº¿öµå µ¥¸ó(yppasswdd)ÀÌ ½ÃÀ۵˴ϴÙ. NIS ¼­¹ö¿¡ÀÇ Á¢±ÙÀ» Á¦ÇÑÇϱ⸦ ¿øÇϸé NIS ¼­¹ö¸¦ Ŭ¶óÀ̾ðÆ®¿Í ¸¶Âù°¡Áö·Î ypbind¸¦ ½ÇÇàÇÏ°í /etc/passwd ÆÄÀÏÀÇ Áß°£¿¡ plus-entries¸¦ Ãß°¡ÇÏ¿© ¼³Á¤ÇÕ´Ï´Ù. ¶óÀ̺귯¸® ÇÔ¼ö´Â ù ¹ø° NIS entry ÈÄÀÇ ¸ðµç normal entries¸¦ ¹«½ÃÇÏ°í, ³ª¸ÓÁö¸¦ NIS¸¦ ÅëÇØ ¾ò°Ô µË´Ï´Ù. ÀÌ ¹æ¹ýÀº NIS¿¡ÀÇ Á¢±Ù ±ÔÄ¢À» °ü¸®ÇÏ´Â ¹æ¹ýÀÔ´Ï´Ù. ¿¹: root:x:0:0:root:/root:/bin/bash daemon:*:1:1:daemon:/usr/sbin: bin:*:2:2:bin:/bin: sys:*:3:3:sys:/dev: sync:*:4:100:sync:/bin:/bin/sync games:*:5:100:games:/usr/games: man:*:6:100:man:/var/catman: lp:*:7:7:lp:/var/spool/lpd: mail:*:8:8:mail:/var/spool/mail: news:*:9:9:news:/var/spool/news: uucp:*:10:50:uucp:/var/spool/uucp: nobody:*:65534:65534:noone at all,,,,:/dev/null: +miquels:::::: +:*:::::/etc/NoShell [ All normal users AFTER this line! ] tester:*:299:10: Just a test account:/tmp: miquels:1234567890123:101:10:Miquel van Smooreburg:/home/miquels:/bin/zsh »ç¿ëÀÚ tester´Â Á¸ÀçÇÏÁö¸¸, ½©ÀÌ /etc/NoShell·Î ÁöÁ¤µÇ¾î ÀÖ°í, miguels´Â º¸Åë Á¢±ÙÀ» °®°Ô µË´Ï´Ù. ´Ù¸¥ ¹æ¹ýÀ¸·Î, /var/yp/MakefileÀ» ¼öÁ¤ÇÏ°í NIS°¡ ´Ù¸¥ Æнº¿öµå ÆÄÀÏÀ» »ç¿ëÇϵµ·Ï ¼³Á¤ÇÒ ¼ö ÀÖ½À´Ï´Ù. Å« ½Ã½ºÅÛ¿¡¼­´Â, NIS Æнº¿öµå¿Í ±×·ìÆÄÀÏÀ» ÀϹÝÀûÀ¸·Î /var/yp/ypfiles/¿¡ ÀúÀåÇÕ´Ï´Ù. ÀÌ°ÍÀ» »ç¿ëÇÒ °æ¿ì¿£ Æнº¿öµå ÆÄÀÏÀ» °ü¸®ÇÏ´Â "passwd", "chfn", "adduser"µîÀÇ ÀÏ¹Ý °ü¸® µµ±¸¸¦ ´õÀÌ»ó »ç¿ëÇÒ ¼ö ¾ø°Ô µÇ¾î Ưº°ÇÑ µµ±¸¸¦ Á÷Á¢ ¸¸µé¾î »ç¿ëÇØ¾ß ÇÕ´Ï´Ù. ±×·¯³ª yppasswd, ypchsh, ypchfnÀº yppasswdd¸¦ -D ¿É¼ÇÀ¸·Î NIS Æнº¿öµå¿Í ½¦µµ¿ìÀÇ À§Ä¡¸¦ ÁöÁ¤ÇÏ¸é »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù. ÀÌ À¯Æ¿¸®Æ¼µé°ú yppasswdd µ¥¸óÀÇ µ¥ºñ¾È ¹öÀüÀº ºñÇ¥ÁØ È®ÀåÀ» °¡Áö°í ÀÖ½À´Ï´Ù. "Root"´Â root Æнº¿öµå¸¦ »ç¿ëÇÏ¿© ´Ù¸¥ »ç¶÷µéÀÇ Æнº¿öµå, finger Á¤º¸¿Í ½©À» º¯°æÇÒ ¼ö ÀÖ½À´Ï´Ù. NIS Æнº¿öµå ÆÄÀÏÀ» Á÷Á¢ ¼öÁ¤Çϰųª Ç¥ÁØ /etc/passwd ÆÄÀÏÀ» »ç¿ëÇÑ´Ù¸é, NIS ¼Ò½º ÆÄÀÏÀÌ ÀÌ ÁßÀÇ Çϳª¶óµµ º¯°æµÈ ÈÄ /var/yp µð·ºÅ丮¿¡¼­ make¸¦ ½ÇÇà½ÃÄÑ NIS ¸ÊÀ» °»½ÅÇØ¾ß ÇÏ´Â °ÍÀ» ±â¾ïÇϽʽÿÀ. ÀÌ°ÍÀº cronÀ¸·Î ¹ã¿¡ ¼öÇà½ÃÄÑ ÃÖ½ÅÀÇ NIS ¸ÊÀ» À¯ÁöÇϵµ·Ï ÇÏ´Â °ÍÀÌ Àû´çÇÕ´Ï´Ù. 4. SHADOW PASSWORDS ¸®´ª½º libc5´Â ½¦µµ¿ì NIS ¸ÊÀ» Áö¿øÇÏÁö ¾Ê½À´Ï´Ù. libc5¿¡ Á¾¼ÓÀûÀÎ ÀÀ¿ë ÇÁ·Î±×·¥À» »ç¿ëÇÒ °æ¿ì¿£ ½¦µµ¿ì NIS ¸ÊÀ» »ç¿ëÇؼ­´Â ¾ÈµË´Ï´Ù. ´ë½Å ´ÙÀ½ÀÇ ¹æ¹ýµéÀ» »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù. 1. SHADOW-LIKE SECURITY NIS°¡ Æнº¿öµå¸¦ ã´Â °ÍÀ» "mangling"ÇÏ¿© ½¦µµ¿ì¿Í ºñ½ÁÇÑ º¸¾ÈÀ» Á¦°øÇÒ ¼ö ÀÖ½À´Ï´Ù. "ypserv.conf" ¸ÇÆäÀÌÁö¿Í /etc/ypserv.confÀÇ ÁÖ¼®À» Àо½Ê½Ã¿À. 2. REAL SHADOW SUPPORT libc6Àº NIS ³»¿¡ ½¦µµ¿ì Áö¿øÀÌ Æ÷ÇԵǾî ÀÖ½À´Ï´Ù. ÀÌ°ÍÀº ´ç½ÅÀÌ ¿øÇÏ´Â °Í°ú °°ÀÌ µ¿ÀÛÇÒ °ÍÀÔ´Ï´Ù; NIS ¼­¹ö·ÎºÎÅÍ ½¦µµ¿ì¸¦ ¹Þ¾Æ »ç¿ëÇϱ⸸ ÇÏ¸é µË´Ï´Ù. ½¦µµ¿ì ¸ÊÀº makedbm¿¡ ¿É¼Ç "-s"(secure)¸¦ ÁÖ¸é ¸¸µé¾î Áý´Ï´Ù. ÀÌ°ÍÀº ÇöÀçÀÇ ¸ðµç /var/yp/Makefile³»¿¡¼­ ÀÚµ¿À¸·Î ¼öÇàµË´Ï´Ù. ÁÖ)½¦µµ¿ì Æнº¿öµå¸¦ »ç¿ëÇÏ°í ÀÖ´Ù¸é 2.2¿Í °°Àº "plus" entries¸¦ /etc/passwd ¿Í /etc/shadow ¸ðµÎ¿¡ Ãß°¡½Ãų ÇÊ¿ä°¡ ÀÖ½À´Ï´Ù. ¿Ã¹Ù¸¥ ÇüÅ·ΠÃß°¡ÇϽʽÿÀ; passwd¿Í shadowÆÄÀÏÀº ´Ù¸¥ ÇʵåµéÀ» °¡Áö°í ÀÖ½À´Ï´Ù. 5. HOW TO SETUP A NIS SLAVE SERVER 1. ¸ÕÀú, ½Ã½ºÅÛÀ» NIS Ŭ¶óÀ̾ðÆ®·Î ¼³Á¤ÇϽʽÿÀ(1À» º¸½Ê½Ã¿À). 2. À̾ À§¿¡ ¼³¸íÇѵ¥·Î 3.1ºÎÅÍ 3.5±îÁö ¼³Á¤ÇϵÇ, 3.4¿¡¼­ /etc/init.d/nis ÆÄÀϳ»ÀÇ ypserv¸¦ slave(ypserv=slave)·Î ¼³Á¤ÇϽʽÿÀ. 3. µ¥¸óÀ» ½ÇÇàÇÏ°í ÃʱâÈ­ÇϽʽÿÀ. /etc/init.d/nis stop /etc/init.d/nis start /usr/lib/yp/ypinit -s <ÁÖ NIS ¼­¹ö À̸§> 4. ÀÌÁ¦ ÁÖ NIS ¼­¹ö¿¡ Á¾ NIS ¼­¹ö Áö¿øÀ» ¼³Á¤ÇÕ´Ï´Ù. ¸ÕÀú ÁÖ NIS ¼­¹ö¿¡ ÀÖ´Â NIS MakefileÀ» Á¶Á¤ÇÏ¿© ¾ÕÀ¸·ÎÀÇ ¸ðµç °»½ÅµÈ Á¤º¸¸¦ ÀÚµ¿À¸·Î Á¾ NIS ¼­¹ö¿¡ Àü´ÞÇϵµ·Ï ÇÕ´Ï´Ù. /var/yp/Makefile³»ÀÇ NOPUSH º¯¼ö¸¦ ´ÙÀ½°ú °°ÀÌ ¼³Á¤ÇϽʽÿÀ. NOPUSH="false" ÀÌÁ¦ ÁÖ ¼­¹ö´Â "/usr/lib/yp/ypinit -m" ¸í·É ½ÇÇàÀ¸·Î Á¾ ¼­¹öµéÀÇ Á¤º¸¸¦ Àü´ÞÇÕ´Ï´Ù. Á¾ ¼­¹öµéÀÇ À̸§À» ÀÔ·ÂÇϽʽÿÀ. ¸ÊÀ» ´Ù½Ã ¸¸µé¾î Á¾ ¼­¹ö·Î ÀڷḦ Àü´ÞÇÕ´Ï´Ù. 5. Á¾ ¼­¹öÀÇ ·çÆ® crontab¿¡ ´ÙÀ½À» Ãß°¡ÇÕ´Ï´Ù. (crontab -e) 20 * * * * /usr/lib/yp/ypxfr_1perhour 40 5 * * * /usr/lib/yp/ypxfr_1perday 55 6, 18 * * * /usr/lib/yp/ypxfr_2perday ÀÌ°ÍÀº ¸ðµç NIS ¸ÊµéÀÌ ÃֽŠÁ¤º¸·Î °»½ÅµÇµµ·Ï Çϸç, Á¤º¸ °»½Å½Ã Á¾ ¼­¹öÀÇ ´Ù¿îÀ¸·Î ºüÁø Á¤º¸µµ °»½ÅµË´Ï´Ù.