¸®´ª½º ±âŸ ÀÚ·á |
---|
Á¦¸ñ | [Âü°í] DebianÀÇ NIS 1999/01/18 (14:30) |
À̸§ | ±èÈ¿¿ø |
¹øÈ£ | 138 |
Á¶È¸ | 528 |
º»¹® |
nis.debian.howto 3.2.1-3 miquels@cistron.nl 02-Mar-1998 ¹ø¿ª : À̹ü¼® shinsuk@ai-cse.sch.ac.kr 12-Dec-1998 0. ¼Ò°³ ÀÌ HOWTO´Â ´ÙÀ½¿¡ ´ëÇØ ¼³¸íÇÕ´Ï´Ù. 1. NIS client-only ½Ã½ºÅÛÀ» ¾î¶»°Ô ¼³Á¤Çϴ°¡ 2. NIS¸¦ ÅëÇØ ÀÚ¿øÀ» ¾î¶»°Ô ÀÌ¿ëÇϴ°¡ 3. NIS master ¼¹ö¸¦ ¾î¶»°Ô ¼³Á¤Çϴ°¡ 4. shadow passwords 5. NIS slave ¼¹ö¸¦ ¾î¶»°Ô ¼³Á¤Çϴ°¡ 1. Áö¿ª NIS Ŭ¶óÀ̾ðÆ®¸¦ ¾î¶»°Ô ¼³Á¤Çϴ°¡ 1.1 netbase, netstd, nis ÆÐÅ°Áö¸¦ ¼³Ä¡ÇÕ´Ï´Ù. 1.2 ¼³Ä¡°úÁ¤¿¡¼ NIS domainname À» ¹¯½À´Ï´Ù. ÀÌ°ÍÀº NIS¸¦ »ç¿ëÇÒ ½Ã½ºÅÛµéÀÇ ±×·ìÀ» ³ªÅ¸³»´Â À̸§À¸·Î hostname°ú´Â ´Ù¸¨´Ï´Ù. 1.3 ¸¸¾à NIS ¼¹ö°¡ Áö¿ª ³×Æ®¿öÅ© ¾È¿¡ ÀÖÁö ¾ÊÀ¸¸é ¸î°¡Áö ¹Ì¼¼ Á¶Á¤ÀÌ ÇÊ¿äÇÕ´Ï´Ù. ypbind ÇÁ·Î¼¼½º´Â /etc/yp.conf ¶ó´Â ¼³Á¤ ÆÄÀÏÀ» °¡Áö°í ÀÖ½À´Ï´Ù. ¿©±â¿¡ NIS ¼¹öÀÇ À̸§À» Àû½À´Ï´Ù. - ´õ ÀÚ¼¼ÇÑ Á¤º¸´Â ypbind(8) ¸Þ´º¾óÀ» º¸½Ê½Ã¿À. 1.4 NIS¸¦ ½ÃÀÛÇÕ´Ï´Ù. /etc/init.d/nis stop /etc/init.d/nis start 2. NIS¸¦ ÅëÇØ ÀÚ¿øÀ» ¾î¶»°Ô ÀÌ¿ëÇϴ°¡ 2.1 FOR LIBC6 /etc/nsswitch.conf ÆÄÀÏÀÇ passwd, group, shadow, netgroup ¿£Æ®¸®¸¦ ´ÙÀ½°ú °°ÀÌ ¹Ù²ß´Ï´Ù. passwd: compat group: compat shadow: compat netgroup: nis libc6Àº ÆÄÀϷκÎÅÍ netgroup Á¤º¸¸¦ Àдµ¥ ¸î°¡Áö ¹®Á¦¸¦ °¡Áö°í ÀÖ½À´Ï´Ù. ±×·¯´Ï netgroup ¿£Æ®¸®¿¡ "db" ³ª "files" ¸¦ ¾²Áö ¸¶½Ê½Ã¿À. ¸ðµç netgroup Á¤º¸´Â NIS ¼¹ö¸¦ ÅëÇØ ¾ò¾îÁö°Ô µË´Ï´Ù. 2.2 USERS: NIS clients ÀÇ /etc/passwd ¿¡ ´ÙÀ½ ÁÙÀ» Ãß°¡ÇÕ´Ï´Ù. +:::::: »ç¿ëÀÚ(user)ÀÇ Æ÷ÇÔ/Â÷´ÜÀ» À§ÇØ + ¿Í - ±âÈ£¸¦ »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù. »ç¿ëÀÚ guest¸¦ Á¦¿Ü·Á¸é /etc/passwd ÆÄÀÏ¿¡ -guest ¸¦ Ãß°¡ÇÕ´Ï´Ù. »ç¿ëÀÚ linux°¡ ´Ù¸¥ ½© (e.g. ksh)À» »ç¿ëÇÏ±æ ¿øÇÑ´Ù¸é /etc/passwd ¿¡ +linux::::::/bin/ksh ¸¦ Ãß°¡ÇØ ÁÖ¸é µË´Ï´Ù. º¯°æÀ» ¿øÇÏÁö ¾Ê´Â Çʵå´Â ºóä·Î ³öµÓ´Ï´Ù. ¿¹·Î, miquels, dth, ed ¸¸ ·Î±×ÀÎÀ» Çã¶ôÇÏ°í ´Ù¸¥ »ç¿ëÀÚÀÇ °èÁ¤ Á¤º¸¸¸À» À¯ÁöÇÏ·Á¸é: +miguels:::::: +ed:::::: +dth:::::: +:*::::::/etc/NoShell ¿¹¿¡¼¿Í °°ÀÌ ¸®´ª½º¿¡¼´Â Æнº¿öµå Çʵ嵵 override ÇÒ ¼ö ÀÖ½À´Ï´Ù. 2.3 GROUPS: /etc/group ¿¡ ´ÙÀ½ ÁÙÀ» Ãß°¡ÇÕ´Ï´Ù. +::: 2.4 HOSTS: º¸Åë NIS¸¦ ÅëÇØ host lookupÀº ÇÏÁö¾Ê°í DNS¸¦ »ç¿ëÇÕ´Ï´Ù. ²À NIS¸¦ ÅëÇØ ÇØ¾ß ÇÑ´Ù¸é ¿©±â¼ ÇϽʽÿÀ. 2.4.1 For libc5 applications: NIS ¼¹öÀÇ NIS host ¸ÊÀ» »ç¿ëÇÏ·Á¸é /etc/host.conf¸¦ ¼öÁ¤ÇØ¾ß ÇÕ´Ï´Ù. ´ÙÀ½°ú °°ÀÌ order ÁÙ¿¡ nis¶ó´Â ´Ü¾î¸¦ Ãß°¡ÇÕ´Ï´Ù: order hosts,nis multi on 2.4.2 For libc6 applications: /etc/nsswitch.conf ÀÇ hosts ¿£Æ®¸®¸¦ ¼öÁ¤ÇÕ´Ï´Ù: hosts: nis files 3. NIS master ¼¹ö¸¦ ¾î¶»°Ô ¼³Á¤Çϴ°¡ 3.1 nis ÆÐÅ°Áö¸¦ ¼³Ä¡ÇÕ´Ï´Ù. RPC daemon µé (rpc.portmap)À» ¼³Ä¡Çϱâ À§ÇØ netbase ¿Í netstd µµ ¼³Ä¡ÇØ¾ß ÇÕ´Ï´Ù. 3.2 master, slave ±¸ºÐ¾øÀÌ NIS ¼¹ö·Î »ç¿ëµÉ ¸ðµç ½Ã½ºÅÛÀÇ À̸§ÀÌ /etc/hosts ÆÄÀϳ»¿¡ ÀÖ¾î¾ß ÇÕ´Ï´Ù. °¢ IP ÁÖ¼Ò µÚ¿¡ ù¹ø° hostnameÀÌ FQDN (Fully Qualified Domain Name) À̾î¾ß ÇÏ°í, ±×¿¡ À̾î domainname À» Á¦¿ÜÇÑ hostname ¸¸À» ±âÀÔÇÕ´Ï´Ù. ¿¹¸¦ µé¸é: 192.168.88.10 troi.cistron.nl troi NIS´Â DNS¸¦ »ç¿ëÇÏÁö ¾Ê±â ¶§¹®¿¡ NIS server ³»ÀÇ NIS host file (º¸Åë /etc/hosts) µµ ÀÌ ¼³Á¤À» ÇؾßÇÕ´Ï´Ù. 3.3 /etc/defaultdomain ¿¡ NIS domainÀ» ¼³Á¤ÇÕ´Ï´Ù. NIS domainÀº NIS ¸¦ »ç¿ëÇÏ´Â ½Ã½ºÅÛµéÀÇ ±×·ìÀ» ³ªÅ¸³»´Â À̸§À¸·Î hostname °ú´Â ´Ù¸¨´Ï´Ù. ÀÌ°ÍÀº º¸Åë DNS domainnameÀ» ÀÌ°Í¿¡µµ »ç¿ëÇÕ´Ï´Ù. ÀÌ°ÍÀº ¸¹Àº »ç¶÷µé¿¡ ÀÇÇØ º¸¾È À§ÇèÀ» ÁöÀûµÇ°í ÀÖ½À´Ï´Ù. domainname À» ¾Æ´Â °Í¸¸À¸·Î ¿ø°ÝÁö¿¡¼ NIS server¿¡ query¸¦ º¸³»°í NIS ¸ÊµéÀ» ¹ÞÀ» °¡´É¼ºÀÌ Àֱ⠶§¹®ÀÔ´Ï´Ù. ÀÌ°ÍÀ» ¸·±âÀ§ÇØ ¸ðÈ£ÇÑ domainname À» ¼±ÅÃÇؼ´Â ¾ÈµË´Ï´Ù. ´ÜÁö /etc/ypserv.securenets ¿Í /etc/ypserv.conf À» Àû´çÈ÷ ¼³Á¤ÇÏ¿© Áö¿ª ³×Æ®¿öÅ© ÀÌ¿Ü¿¡¼ NIS ¼¹ö¿¡ Á¢±ÙÇÒ ¼ö ¾øµµ·Ï ÇÏ¸é µË´Ï´Ù. 3.4 /etc/init.d/nis ÆÄÀϳ»ÀÇ ypserv¸¦ master·Î (ypserv=master) ¼³Á¤ÇÕ´Ï´Ù. 3.5 À§¿¡¼ ¸»ÇÑ °Í°ú °°ÀÌ, Áö¿ª ³×Æ®¿öÅ© ¹øÈ£¸¦ /etc/ypserv.securenets ¿¡ Ãß°¡ÇÕ´Ï´Ù. ±âº»°ªÀ¸·Î ¸ðµç ½Ã½ºÅÛÀÌ NIS server ¿¡ Á¢±Ù ÇÒ ¼ö ÀÖµµ·Ï µÇ¾î ÀÖÁö¸¸ ÀÌ·¸°Ô ÇÏÁö ¾Ê´Â °ÍÀ» ±ÇÀåÇÕ´Ï´Ù. º¸¾ÈÀÇ °È¸¦ À§ÇØ /etc/ypserv.conf ÆÄÀÏÀ» ¼öÁ¤ÇÏ¿© password ¸¦ ³ª¿ÀÁö ¾Êµµ·Ï(mangle) ÇÒ ¼ö ÀÖ½À´Ï´Ù. (³×Æ®¿öÅ© ³»¿¡ µ¥ºñ¾ÈÀÌ ¾Æ´Ñ slave server µéÀÌ ÀÖÀ» ¶§¿¡´Â ÀÌ°ÍÀ» »ç¿ëÇؼ´Â ¾ÈµË´Ï´Ù.) 3.6 "/usr/lib/yp/ypinit -m" À» ÀÔ·ÂÇÏ¿© ¼¹ö¸¦ ¼³Á¤ÇÕ´Ï´Ù. 3.7 ´ÙÀ½À» ÀÔ·ÂÇÏ¿© ¼¹ö¸¦ ½ÃÀÛÇÕ´Ï´Ù. /etc/init.d/nis stop /etc/init.d/nis start ¼¹ö (ypserv)¿Í Æнº¿öµå µ¥¸ó (yppasswdd)ÀÌ ½ÃÀ۵˴ϴÙ. NIS ¼¹ö¿¡ÀÇ Á¢±ÙÀ» Á¦ÇÑÇϱ⸦ ¿øÇϸé NIS ¼¹ö¸¦ Ŭ¶óÀ̾ðÆ®¿Í ¸¶Âù°¡Áö·Î ypbind ¸¦ ½ÇÇàÇÏ°í /etc/passwd ÆÄÀÏÀÇ Áß°£¿¡ plus-entries¸¦ Ãß°¡ÇÏ¿© ¼³Á¤ÇÕ´Ï´Ù. ¶óÀ̺귯¸® ÇÔ¼ö´Â ù¹ø° NIS entry ÈÄÀÇ ¸ðµç normal entries ¸¦ ¹«½ÃÇÏ°í, ³ª¸ÓÁö¸¦ NIS¸¦ ÅëÇØ ¾ò°Ô µË´Ï´Ù. ÀÌ ¹æ¹ýÀº NIS¿¡ÀÇ Á¢±Ù ±ÔÄ¢À» °ü¸®ÇÏ´Â ¹æ¹ýÀÔ´Ï´Ù. ¿¹: root:x:0:0:root:/root:/bin/bash daemon:*:1:1:daemon:/usr/sbin: bin:*:2:2:bin:/bin: sys:*:3:3:sys:/dev: sync:*:4:100:sync:/bin:/bin/sync games:*:5:100:games:/usr/games: man:*:6:100:man:/var/catman: lp:*:7:7:lp:/var/spool/lpd: mail:*:8:8:mail:/var/spool/mail: news:*:9:9:news:/var/spool/news: uucp:*:10:50:uucp:/var/spool/uucp: nobody:*:65534:65534:noone at all,,,,:/dev/null: +miquels:::::: +:*:::::/etc/NoShell [ All normal users AFTER this line! ] tester:*:299:10:Just a test account:/tmp: miquels:1234567890123:101:10:Miquel van Smoorenburg:/home/miquels:/bin/zsh »ç¿ëÀÚ tester ´Â Á¸ÀçÇÏÁö¸¸, ½©ÀÌ /etc/NoShell ·Î ÁöÁ¤µÇ¾î ÀÖ°í, miguels ´Â º¸Åë Á¢±ÙÀ» °®°Ô µË´Ï´Ù. ´Ù¸¥ ¹æ¹ýÀ¸·Î, /var/yp/Makefile À» ¼öÁ¤ÇÏ°í NIS °¡ ´Ù¸¥ Æнº¿öµå ÆÄÀÏÀ» »ç¿ëÇϵµ·Ï ¼³Á¤ÇÒ ¼ö ÀÖ½À´Ï´Ù. Å« ½Ã½ºÅÛ¿¡¼´Â, NIS Æнº¿öµå¿Í ±×·ìÆÄÀÏÀ» ÀϹÝÀûÀ¸·Î /var/yp/ypfiles/ ¿¡ ÀúÀåÇÕ´Ï´Ù. ÀÌ°ÍÀ» »ç¿ëÇÒ °æ¿ì¿£ Æнº¿öµå ÆÄÀÏÀ» °ü¸®ÇÏ´Â "passwd", "chfn", "adduser"µîÀÇ ÀÏ¹Ý °ü¸® µµ±¸¸¦ ´õÀÌ»ó »ç¿ëÇÒ ¼ö ¾ø°ÔµÇ¾î Ưº°ÇÑ µµ±¸¸¦ Á÷Á¢ ¸¸µé¾î »ç¿ëÇØ¾ß ÇÕ´Ï´Ù. ±×·¯³ª yppasswd, ypchsh, ypchfnÀº yppasswdd ¸¦ -D ¿É¼ÇÀ¸·Î NIS Æнº¿öµå¿Í ½¦µµ¿ìÀÇ À§Ä¡¸¦ ÁöÁ¤ÇÏ¸é »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù. ÀÌ À¯Æ¿¸®Æ¼µé°ú yppasswdd µ¥¸óÀÇ µ¥ºñ¾È ¹öÀüÀº ºñÇ¥ÁØ È®ÀåÀ» °¡Áö°í ÀÖ½À´Ï´Ù. "Root"´Â root Æнº¿öµå¸¦ »ç¿ëÇÏ¿© ´Ù¸¥ »ç¶÷µéÀÇ Æнº¿öµå, finger Á¤º¸¿Í ½©À» º¯°æÇÒ ¼ö ÀÖ½À´Ï´Ù. NIS Æнº¿öµå ÆÄÀÏÀ» Á÷Á¢ ¼öÁ¤Çϰųª Ç¥ÁØ /etc/passwd ÆÄÀÏÀ» »ç¿ëÇÑ´Ù¸é, NIS ¼Ò½º ÆÄÀÏÀÌ ÁßÀÇ Çϳª¶óµµ º¯°æµÈ ÈÄ /var/yp µð·ºÅ丮¿¡¼ make ¸¦ ½ÇÇà½ÃÄÑ NIS ¸ÊÀ» °»½ÅÇØ¾ß ÇÏ´Â °ÍÀ» ±â¾ïÇϽʽÿÀ. ÀÌ°ÍÀº cronÀ¸·Î ¹ã¿¡ ¼öÇà½ÃÄÑ ÃÖ½ÅÀÇ NIS ¸ÊÀ» À¯ÁöÇϵµ·Ï ÇÏ´Â °ÍÀÌ Àû´çÇÕ´Ï´Ù. 4. SHADOW PASSWORDS ¸®´ª½º libc5 ´Â ½¦µµ¿ì NIS ¸ÊÀ» Áö¿øÇÏÁö ¾Ê½À´Ï´Ù. libc5¿¡ Á¾¼ÓÀûÀÎ ÀÀ¿ë ÇÁ·Î±×·¥À» »ç¿ëÇÒ °æ¿ì¿£ ½¦µµ¿ì NIS ¸ÊÀ» »ç¿ëÇؼ´Â ¾ÈµË´Ï´Ù. ´ë½Å ´ÙÀ½ÀÇ ¹æ¹ýµéÀ» »ç¿ëÇÒ ¼ö ÀÖ½À´Ï´Ù. 4.1 SHADOW-LIKE SECURITY NIS°¡ Æнº¿öµå¸¦ ã´Â °ÍÀ» "mangling"ÇÏ¿© ½¦µµ¿ì¿Í ºñ½ÁÇÑ º¸¾ÈÀ» Á¦°øÇÒ ¼ö ÀÖ½À´Ï´Ù. "ypserv.conf" ¸ÇÆÐÀÌÁö¿Í /etc/ypserv.conf ÀÇ ÁÖ¼®À» Àо½Ê½Ã¿À. 4.2 REAL SHADOW SUPPORT libc6Àº NIS ³»¿¡ ½¦µµ¿ì Áö¿øÀÌ Æ÷ÇԵǾî ÀÖ½À´Ï´Ù. ÀÌ°ÍÀº ´ç½ÅÀÌ ¿øÇÏ´Â °Í°ú °°ÀÌ µ¿ÀÛÇÒ °Í ÀÔ´Ï´Ù; NIS ¼¹ö·ÎºÎÅÍ ½¦µµ¿ì¸¦ ¹Þ¾Æ »ç¿ëÇϱ⸸ ÇÏ¸é µË´Ï´Ù. ½¦µµ¿ì ¸ÊÀº makedbm¿¡ ¿É¼Ç "-s" (secure) ¸¦ ÁÖ¸é ¸¸µé¾îÁý´Ï´Ù. ÀÌ°ÍÀº ÇöÀçÀÇ ¸ðµç /var/yp/Makefile ³»¿¡¼ ÀÚµ¿À¸·Î ¼öÇàµË´Ï´Ù. ÁÖ) ½¦µµ¿ì Æнº¿öµå¸¦ »ç¿ëÇÏ°í ÀÖ´Ù¸é 2.2 ¿Í °°Àº "plus" entries¸¦ /etc/passwd ¿Í /etc/shadow ¸ðµÎ¿¡ Ãß°¡½Ãų ÇÊ¿ä°¡ ÀÖ½À´Ï´Ù. ¿Ã¹Ù¸¥ ÇüÅ·ΠÃß°¡ÇϽʽÿÀ; passwd ¿Í shadow ÆÄÀÏÀº ´Ù¸¥ ÇʵåµéÀ» °¡Áö°í ÀÖ½À´Ï´Ù. 5. HOW TO SETUP A NIS SLAVE SERVER 5.1 ¸ÕÀú, ½Ã½ºÅÛÀ» NIS Ŭ¶óÀ̾ðÆ®·Î ¼³Á¤ÇϽʽÿÀ. (1À» º¸½Ê½Ã¿À) 5.2 ÀÌ¾î¼ À§¿¡ ¼³¸íÇÑ´ë·Î 3.1 ºÎÅÍ 3.5 ±îÁö ¼³Á¤ÇϵÇ, 3.4¿¡¼ /etc/init.d/nis ÆÄÀϳ»ÀÇ ypserv¸¦ slave (ypserv=slave)·Î ¼³Á¤ÇϽʽÿÀ. 5.3 µ¥º»À» ½ÇÇàÇÏ°í ÃʱâÈÇϽʽÿÀ. /etc/init.d/nis stop /etc/init.d/nis start /usr/lib/yp/ypinit -s <ÁÖ NIS ¼¹ö À̸§> 5.4 ÀÌÁ¦ ÁÖ NIS ¼¹ö¿¡ Á¾ NIS ¼¹ö Áö¿øÀ» ¼³Á¤ÇÕ´Ï´Ù. ¸ÕÀú ÁÖ NIS ¼¹ö¿¡ ÀÖ´Â NIS Makefile À» Á¶Á¤ÇÏ¿© ¾ÕÀ¸·ÎÀÇ ¸ðµç °»½ÅµÈ Á¤º¸¸¦ ÀÚµ¿À¸·Î Á¾ NIS ¼¹ö¿¡ Àü´ÞÇϵµ·Ï ÇÕ´Ï´Ù. /var/yp/Makefile ³»ÀÇ NOPUSH º¯¼ö¸¦ ´ÙÀ½°ú °°ÀÌ ¼³Á¤ÇϽʽÿÀ. NOPUSH="false" ÀÌÁ¦ ÁÖ ¼¹ö´Â "/usr/lib/yp/ypinit -m" ¸í·É ½ÇÇàÀ¸·Î Á¾ ¼¹öµéÀÇ Á¤º¸¸¦ Àü´ÞÇÕ´Ï´Ù. Á¾ ¼¹öµéÀÇ À̸§À» ÀÔ·ÂÇϽʽÿÀ. ¸ÊÀ» ´Ù½Ã ¸¸µé¾î Á¾ ¼¹ö·Î ÀڷḦ Àü´ÞÇÕ´Ï´Ù. 5.5 Á¾ ¼¹öÀÇ ·çÆ® crontab¿¡ ´ÙÀ½À» Ãß°¡ÇÕ´Ï´Ù. (crontab -e) 20 * * * * /usr/lib/yp/ypxfr_1perhour 40 6 * * * /usr/lib/yp/ypxfr_1perday 55 6,18 * * * /usr/lib/yp/ypxfr_2perday ÀÌ°ÍÀº ¸ðµç NIS ¸ÊµéÀÌ ÃֽŠÁ¤º¸·Î °»½ÅµÇµµ·Ï Çϸç, Á¤º¸ °»½Å ½Ã Á¾ ¼¹öÀÇ ´Ù¿îÀ¸·Î ºüÁø Á¤º¸µµ °»½ÅµË´Ï´Ù. |