| WIKI | FAQ | Tech FAQ | |
 http://csua.com/feed/ | |
| ||||||
| 5/25 |
| 2002/7/2-4 [Computer/SW/Unix] UID:25268 Activity:very high |
7/2 Does it make sense to run NFS without NIS/NIS+? I've heard that file
permissions won't work if you're running NFS w/o NIS.
\_ nfs can run perfectly fine w/o NIS... thers not dependancy
either way.. the file perm shit is dumb and wrong or you badly
misunderstood... blah why do i post in the motd? -shac
\_ It's good that you post on the motd. Not the dumbass posters
who haven't figured out how to google.
\_ NIS is not required to run NFS but you still have to come up with
a way to synchronize the UID's and login names on all machines
accessing NFS file systems if you care about file ownership.
Here are some possible ways of doing this:
1) rebuild the /etc/passwd and /etc/group files on all of your hosts
(using the default portion of the file that came with the OS and
the site added entries)
2) use NIS.
3) use LDAP
DON'T use NIS+ as it has been EOLed in future solaris releases.
\_ http://wwws.sun.com/software/solaris/faqs/nisplus.html
\_ OP here. Sorry for the dumbass question. My problem was that I
didn't realize that root has *less* access than other users by
default. This is a good url:
http://www.ebsinc.com/solaris/network/nfs.html
\_ There's a good reason for it. For those too lazy to read the
URL, I assume it's going to say that root is usually mapped to
'nobody' because otherwise you're in the situation where someone
else can plug their box into your network. They're suddenly root
on all your nfs shares. Bad news.
\_ as opposed to being able to su to any user on your NFS
shares--not a whole lot of difference. If you're exporting
NFS to people you don't trust, you've already lost. -tom
\_ It's not about people, it's about physical access to
the network. NFS wasn't designed to be secure but at
least they can't trojan system binaries as root, only
user owned files. This is an important difference.
Security isn't all or nothing. Layers, son, layers.
\_ uh, you're exporting system binaries on writable
filesystems via NFS? you need more than layers. -tom
\_ FYI, robust NFS implementations support strong
authentication methods including kerberos 5.
Unfortunately, Linux NFS client doesn't support
any of that fancy authentication stuff so you
must choose between Linux and security..
\_ Uh, you've never used a dickless client? i have
\_ Did you miss the part about "writable
filesystems"? A diskless client doesn't need
to be able to write to its /usr partition.
If you allow this, then you're an accident
waiting to happen. --scotsman
\_ Nope. Your call. Not my problem. You'll
find out the hard way one day.
exactly what i need, thanks for all your help.
you can stop helping anytime... you've already
provided such great help from your vast depth
of knowledge from working with so many diverse
systems over the course of your lengthy career,
i couldn't possibly ask you to help any more
than you already have.
\_ You know, you can stop listening also. It's
not like you're a powerless victim.
\_ OP: tom is helpful. so is shaq.
\_ OP: tom is helpful. so is shaq. YMMV.
\_ tom is the techie guru god of all knowing. tom has never been
wrong. i religiously follow all of toms advice.
\_ I don't know everything. But I probably know more than you
do. -tom
\_ I won't lick your ass, but I appreciate your postings.
Don't always agree wtih you, but do appreciate them.
\_ What? nonononono this is wrong. You know *EVERYTHING*!
You've *NEVER* been wrong! It's *NEVER* happened!
\_ Sarcasm aside, not knowing everything and never being
wrong are not mutually exclusive.
\_ But when you have an opinion about *EVERYTHING* and
you're *NEVER* wrong, you therefore know everything
as well. Life is good.
\_ obLithium. |
| 5/25 |
|
| wwws.sun.com/software/solaris/faqs/nisplus.html Products & Services > 10 Software > 11 Operating Systems > 12 Solaris Operating System (SPARC & x86 Platforms) > Solaris Operating System NIS+ End-of-Feature (EOF) Announcement FAQ Table of Contents 1. What is the status of NIS+ for the Solaris 9 Operating System? Sun's customers have indicated a preference for using IETF standards for naming services based on Lightweight Directory Access Protocol (LDAP). Sun is indicating formally that there are plans for NIS+ to be removed after the Solaris 9 release. The iPlanet Directory Server incorporates the latest technology and is based on LDAP standards. Does this mean that customers will no longer be able to use NIS+? Customers can continue to use NIS+ in the Solaris 9 Operating System. Customers should plan their migration to the iPlanet Directory Server. Will customers still be able to obtain support for NIS+ in the Solaris 9 release? Customers who have support contracts will continue to get support through normal channels. Support typically continues to be available for 5 years from the actual removal of the feature. Complete migrations from one naming service to another take time and planning. By announcing the EOF well in advance of the actual removal of NIS+, Sun is giving customers time to plan and the tools to execute their migrations. The EOF announcement means that there will be no more feature enhancements to NIS+ and that the functionality may be removed at a major release after the final Solaris 9 update. Tools to facilitate migration from NIS+ to LDAP are available as part of the Solaris 9 Operating System. Through products and services Sun is enabling customers to make the transition to LDAP based naming services. Once these transitions are well underway, Sun will evaluate the appropriate time to formally announce the transition plan for NIS. It is likely that our plan will follow the one for NIS+, modified by experiences gained during that transition. The earliest that such an announcement would occur will be the Solaris 10 release. Where can I find more information about Naming and Directory Services (DNS, NIS, and LDAP)? There is a Solaris system administration guide dedicated to 24 Naming and Directory Services. Chapter 19 of this guide covers transitioning from NIS+ to LDAP. |