Managing NFS and NIS, 2nd Edition - Mike Eisler [46]
nismaster# make group
The commands in this example do not update the netid map, because the netid map doesn't depend on the group map at all. The netid map depends on the /etc/group file — as does the group map — but in the previous example, you would have instructed make to build only the group map. If you build the group map without updating the netid map, users will become very confused about their group memberships: their login shells will read netid and get old group information, even though the NIS map source files appear correct.
The best solution to this problem is to build all maps that are out-of-date by using make with no arguments:
nismaster# cd /var/yp
nismaster# make
Once the map is built, the NIS Makefile distributes it, using yppush, to the slave servers named in the ypservers map. yppush walks through the list of NIS servers and performs an RPC call to each slave server to check the timestamp on the map to be transferred. If the map is out-of-date, yppush uses another RPC call to the slave server to initiate a transfer of the map.
A map that is corrupted or was not successfully transferred to all slave servers can be explicitly rebuilt and repushed by removing its timestamp file on the master server:
master# cd /var/yp
master# rm hosts.time
master# make hosts
This procedure should be used if a map was built when the NIS master server's time was set incorrectly, creating a map that becomes out-of-date when the time is reset. If you need to perform a complete reconstruction of all NIS maps, for any reason, remove all of the timestamp files and run make:
master# cd /var/yp
master# rm *.time
master# make
This extreme step is best reserved for testing the map distribution mechanism, or recovering from corruption of the NIS map directory.
Password file updates
One exception to the yppush push-on-demand strategy is the passwd map. Users need to be able to change their passwords without system manager intervention. The hosts file, for example, is changed by the superuser and then pushed to other servers when it is rebuilt. In contrast, when you change your password, you (as a nonprivileged user) modify the local password file. To change a password in an NIS map, the change must be made on the master server and distributed to all slave servers in order to be seen back on the client host where you made the change.
yppasswd is a user utility that is similar to the passwd program, but it changes the user's password in the original source file on the NIS master server. yppasswd usually forces the password map to be rebuilt, although at sites choosing not to rebuild the map on demand, the new password will not be distributed until the next map transfer. yppasswd is used like passwd, but it reports the server name on which the modifications are made. Here is an example:
[wahoo]% yppasswd
Changing NIS password for stern on mahimahi.
Old password:
New password:
Retype new password:
NIS entry changed on mahimahi
Some versions of passwd (such as Solaris 2.6 and higher) check to see if the password file is managed by NIS, and invoke yppasswd if this is the case. Check your vendor's documentation for procedures particular to your system.
NIS provides read-only access to its maps. There is nothing in the NIS protocol that allows a client to rewrite the data for a key. To accept changes to maps, a server distinct from the NIS server is required that modifies the source file for the map and then rebuilds the NIS map from the modified ASCII file. To handle incoming yppasswd change requests, the master server must run the yppasswdd daemon (note the second "d" in the daemon's name). This RPC daemon gets started in the /usr/lib/netsvc/yp/ypstart boot script on the master NIS server only:
if [ "$master" = "$hostname" -a X$YP_SERVER = "XTRUE" ]; then
...
if [ -x $YPDIR/rpc.yppasswdd ]; then
PWDIR=`grep "^PWDIR" /var/yp/Makefile 2> /dev/null` \
&& PWDIR=`expr "$PWDIR" : `.*=[ ]*<[^ ]*>``
if [ "$PWDIR" ]; then
if [ "$PWDIR" = "/etc" ]; then
unset PWDIR
else
PWDIR="-D $PWDIR"
fi
fi
$YPDIR/rpc.yppasswdd