SUBJECT: Solaris 2.x - NIS+ Environment
Description :
CONTENT: chapter 9.1 - NIS+ Environment
1. °³¿ä
NetworkÀÇ »ç¿ëÀÌ ´Ã¾î³ª°í, ±×°÷¿¡ ¿¬°áµÈ ½Ã½ºÅÛÀÇ ¼ö°¡ Áõ°¡ÇÔ¿¡ µû¶ó networkÀÇ
°¢°¢ÀÇ ½Ã½ºÅÛµéÀº ±×µéÀÇ network¿¡ °ü·ÃµÈ °ü¸®ÇؾßÇÒ Á¤º¸ÀÇ ¼ö°¡ Áõ°¡ÇÏ°Ô
µÈ´Ù. Áï, network»óÀÇ ¸ðµç ½Ã½ºÅÛÀÇ ÁÖ¼ÒµéÀ» ¾Ë¾Æ¾ß ÇÏ°í, mountingÀ» À§ÇÑ Á¤º¸
µé°ú ÀϹÝÀûÀÎ password¿¡´ëÇÑ Á¤º¸µéÀ» ¾Ë¾Æ¾ß ÇÏ°í, clientµéÀº server¿¡ ´ëÇÑ
Á¤º¸¸¦ ¾Ë¾Æ¾ßÇÏ°í serverµéÀº ±×µéÀÇ client¿¡ ´ëÇÑ Á¤º¸¸¦ ¾Ë¾Æ¾ß ÇÑ´Ù. ÇÏÁö¸¸,
ÀÌ·¯ÇÑ Á¤º¸µéÀÇ °ü¸®´Â ¼Ò±Ô¸ðÀÇ network»ó¿¡¼´Â ¿ëÀÌÇÏ¿´Áö¸¸, ´ë±Ô¸ðÀÇ network
»ó¿¡¼´Â Èûµé°Ô µÇ¾ú´Ù. ÀÌ·¯ÇÑ ¹®Á¦Á¡À» ÇØ°áÇÏ°íÀÚ ÇÑ°ÍÀÌ NIS+·Î NISÀÇ Çâ»óµÈ
¹öÀüÀÌ´Ù.
2. NIS+¶õ ?
NIS+´Â »ç¿ëÀÚ, workstation, network resourceµé¿¡ °üÇÑ Á¤º¸µéÀ» Á¦°øÇÏ´Â
service¸¦ ¸»ÇÑ´Ù. ÀÌ°ÍÀº ÀûÁ¤ÇÑ Security¸¦ À¯ÁöÇÏ¸é¼ Á¤º¸µéÀ» Á¦°øÇÑ´Ù.
3. NIS+ Client-Server Model
3.1 Client
client´Â network¿¡¼ Á¤º¸¸¦ »ç¿ëÇϱâÀ§ÇÑ request¸¦ º¸³»´Â ½Ã½ºÅÛ È¤Àº
process¸¦ ¸»ÇÑ´Ù. ÀÌ·± processµéÀº request¸¦ ¸¸µé±âÀ§ÇØ RPC libraryµéÀ»
callÇÏ¿© »ç¿ëÇÑ´Ù.
3.2 Server
server´Â client process¿¡´ëÇÑ Á¤º¸¸¦ µ¹·ÁÁÖ°í, database¿¡¼ request Á¤º¸¸¦
Á¶»çÇÏ°í, client process request¸¦ °¡Áö´Â process¶ó°í ÇÒ¼öÀÖ´Ù.
¸ðµç domainÀº ÇϳªÀÇ master server¿Í 0°³ ÀÌ»óÀÇ replica serverµéÀ» °¡Á®¾ß ÇÑ´Ù.
3.2.1 Master server
master server´Â tableÀÇ Çü½Ä¿¡¼ database information¿¡ ´ëÇÑ master setÀ»
°¡Áø´Ù. ÀÌ·± tableÀÇ º¯°æ ȤÀº »ý¼ºÀº replica server¿¡°Ô ÀÚµ¿À¸·Î pushµÈ´Ù.
3.2.2 Replica server
replica server´Â master server°¡ downµÈ °æ¿ì¿¡ Á¤º¸¿¡´ëÇÑ backup source¸¦
Á¦°øÇÏ°í , client requestµé¿¡ ´ëÇÏ¿© ÀÀ´äÇÏ´Â ºÎ´ãÀ» ºÐ»êÇϱâÀ§ÇÑ tableµéÀÇ
º¹»çº»À» À¯ÁöÇÑ´Ù.
4. Hierarchical NIS+ Domains
½Ã½ºÅÛµéÀÇ ÁýÇÕ°ú ±×·± ½Ã½ºÅ۵鿡°Ô Á¦°øµÇ´Â Á¤º¸µéÀ» domainÀ̶ó°í ºÎ¸¥´Ù.
NIS+ domainÀº ÇϳªÀÇ Á¶Á÷¿¡ ´ëÇÑ °èÃþÀûÀÎ ±¸Á¶¸¦ ½ÇÁ¦·Î ¹Ý¿µÇÑ subdomainÀ¸·Î ³ª´©¾î
Áú¼ö ÀÖ´Ù.
- Hierachical DomainÀÇ ¿¹
¿¹¸¦µé¸é, Acme Inc°¡ ¿©¼¸°³ÀÇ divisionÀ¸·Î ³ª´©¾îÁú¶§ÀÇ ¸ð½ÀÀº ´ÙÀ½°ú °°´Ù.
acme.com.
|
|
+-----------------------------+----------------------------------------------+
| | | | | |
hardware.acme.com. | marketing.acme.com. | finance.acme.com. |
| | |
software.acme.com. sales.acme.com. legal.acme.com.
|
|
+------------------------------+
| |
testing.software.acme.com. engineering.software.acme.com.
- NIS+ Objects
NIS+ namespace´Â NIS+ Á¤º¸°¡ ÀúÀåµÈ °èÃþÀû ±¸Á¶ÀÌ´Ù. °¢°¢ÀÇ namespace´Â
namespaceÀÇ »óÀ§¿¡ ÀÖ´Â root domainÀ» Á¦°øÇÏ´Â root master server¸¦ °¡Áø´Ù.
±×¸®°í, NIS+ namespace´Â NIS+ command·Î¸¸ accessµÈ´Ù.
NIS+ objectÀÇ ¼¼°¡Áö ÀϹÝÀûÀÎ À¯ÇüÀº directory objects, table objects, group object
°¡ ÀÖ´Ù.
- Directory object´Â namespaceÀÇ ÁÖ¿ä ±¸¼º¿ä¼ÒÀÌ´Ù.
À̵éÀº ´Ù¸¥ directory object , table object , group object¸¦ Æ÷ÇÔÇÑ´Ù.
- Table object´Â NIS+ namespace¿¡ Á¤º¸¸¦ ÀúÀåÇÑ´Ù. Solaris 2.X ȯ°æÀº »ç¿ëÀÚµé,
workstationµé , network¿¡´ëÇÑ resource¿¡´ëÇÑ Á¤º¸ÀÇ ´Ù¸¥ À¯ÇüÀ» ÀúÀåÇÏ´Â °¢°¢ÀÇ
16°³ À¯ÇüÀÇ tableÀ» Á¦°øÇÑ´Ù. NIS+ tableµéÀÇ ÁýÇÕÀº ´ÜÁö ƯÁ¤ domain¸¸À» À§ÇÑ
Á¤º¸µéÀ» ÀúÀåÇÏ´Â °ÍÀÌ´Ù.
- Group object´Â NIS+ security¸¦ À§ÇØ »ç¿ëÇÏ´Â °ÍÀÌ´Ù. NIS+ groupÀº NIS+ security
¸¦ À¯¿ëÇÏ°Ô »ç¿ëÇϱâÀ§ÇØ ´ÜÀÏ À̸§¿¡ ÀÇÇØ È®ÀεǴ »ç¿ëÀÚµé , workstationµéÀÇ
ÁýÇÕÀÌ´Ù.
5. Directory Objects
Directory Object´Â namespaceÀÇ framework¸¦ ¸¸µç´Ù. namespaceÀÇ ÃÖ»óÀ§¿¡ ÀÖ´Â
directory object´Â root directory¶ó°í ºÒ¸®¿î´Ù. root directory nameÀº namespaceÀÇ
°èÃþ±¸Á¶¿¡¼ root(top) domainÀ» ³ªÅ¸³½´Ù.
org_dir directory´Â NIS+ table objectµéÀ» ÀúÀåÇÑ´Ù.
group_dir directory´Â NIS+ gropup objectµéÀ» ÀúÀåÇÑ´Ù.
NIS+ domainÀº NIS+ tableÀÇ ÁýÇÕÀ» °¡Áø org_dir subdirectory¿Í group_dir subdirectory
·Î ±¸¼ºµÈ´Ù. Topmost directory´Â root directoryÀÌ´Ù. ¸¸¾à, namespace°¡ flatÇϸé,
´ÜÁö ÇϳªÀÇ directoryÀÌÁö¸¸, ±× directory´Â root directoryÀÌ´Ù.
6. Using NIS+ Object Names
NIS+ object nameµéÀº ±×µéÀÇ À̸§À» root directory name¿¡ Ãß°¡ÇÔÀ¸·Î ±¸¼ºµÈ´Ù.
ÀÌ°ÍÀº ¼ÒÀ§ fully qualified nameÀ̶ó°í ºÎ¸¥´Ù.
- partially qualified names
partially-qualified NIS+ component nameÀº »ó´ë path-name¿¡ ºñÀ¯µÇ°í , ´ÜÁö ±×°ÍÀº
componentÀÇ À̸§ÀÌ´Ù. ( hosts )
- Fully qualified names
fully qualified nameÀº ±¸¼º¿ä¼ÒµéÀÇ ¿Ïº®ÇÑ À̸§ÀÌ´Ù.
ex) auto_home.org_dir.sales.acme.com.
- root domain name
root domain nameÀº dot¸¦ °¡Áö°í ³¡³ª´Â µÎ°¡Áö ±¸¼º¿ä¼Ò¸¦ Æ÷ÇÔÇÏ°í ÀÖ¾î¾ß¸¸ ÇÑ´Ù.
ex) acme.com.
7. NIS+ servers and client
NIS+ namespace¿¡ ÀÖ´Â objectµéÀº NIS+ server»ó¿¡ ÀúÀåµÈ´Ù. serverµéÀº request¸¦
¿äûÇÏ´Â clientµé¿¡°Ô Á¤º¸¸¦ Á¦°øÇÑ´Ù. ¸ðµç NIS+ doaminÀº ÀÚ½ÅÀÇ domain¾È¿¡¼ Á¤º¸¸¦
Á¦°øÇÏ´Â server¿¡´ëÇÑ list¸¦ ¸í½ÃÇؾ߸¸ ÇÑ´Ù. ÇϳªÀÇ NIS+ client´Â ¾î¶² NIS+ domain
¾È¿¡ ¼ÓÇÏ°Ô µÈ´Ù. client°¡ Ãʱâȵɶ§, ±×°ÍÀÇ domain nameÀº È®ÀεǸç, kernel¿¡
ÀúÀåµÇ°Ô µÈ´Ù. ±×¶§¿¡, coldstart fileÀº client¸¦ À§ÇØ ¸¸µé¾îÁö°Ô µÈ´Ù. ÀÌ·± ÈÀÏÀº
clientÀÇ domainÀ» Áö¿øÇÏ´Â ¸ðµç NIS+ serverµé¿¡ ´ëÇÑ listÀÌ´Ù.
client°¡ ÀÚ½ÅÀÇ domain ¿¡ request¸¦ º¸³¾¶§, ±× domainÀ» Áö¿øÇÏ´Â server¿¡°Ô º¸³»Áö°Ô µÈ´Ù.
¾î¶² NIS+ server ´Â client°¡ µÉ¼öÀÖ°í, ±×¸®°í ±×°ÍÀº domainÀ» Áö¿øÇϴ°Íó·³ domain¿¡ ¼ÓÇÏ°Ô µÈ´Ù.
server°¡ ¼ÓÇÑ domainÀº root domainÀ¸·Î ´Ù·ç¾îÁú¶§¸¦ Á¦¿ÜÇÏ°í´Â , ±×°ÍÀ» Áö¿øÇÏ´Â doamin
À§¿¡ Ç×»ó ÀְԵȴÙ. root doaminÀ» Áö¿øÇÏ´Â server´Â root domain¿¡ ¼ÓÇÏ°Ô µÈ´Ù.
+-------+
| queen | acme.com.
+-------+
|
|
+--------------------+----------------------+
| |
+------+ +------+
| king | sales.acme.com. | jack | eng.acme.com.
+------+ +------+
|
|
+----------+
| princess | west.sales.acme.com.
+----------+
+-------------------------------------------------------------------+
| server | Belongs to | supports |
+-------------------------------------------------------------------+
| queen | acme.com. | acme.com. |
+-------------------------------------------------------------------+
| king | acme.com. | slaes.acme.com. |
+-------------------------------------------------------------------+
| jack | acme.com. | eng.acme.com. |
+-------------------------------------------------------------------+
| princess | sales.acme.com. | west.sales.acme.com. |
+-------------------------------------------------------------------+
8. NIS+ Master servers and Replica servers
À§ÀÇ ¿¹´Â ÇϳªÀÇ server¿¡ ÀÇÇØ Áö¿øµÇ´Â °¢°¢ÀÇ domainÀ» º¸¿©ÁÖ°í ÀÖ´Ù. »ç½Ç, NIS+
domainÀº ÇϳªÀÇ master server ȤÀº Çϳª , ±×ÀÌ»óÀÇ replica server¿¡ÀÇÇØ Áö¿øµÇ°í
ÀÖ´Ù. À§ÀÇ ¿¹¿¡¼ º¸¸é, ÇϳªÀÇ root server ( master server - queen )°¡ ÀÖ´Ù.
µÎ°³ÀÇ master¿Í replica server´Â NIS+ table informationÀ» ÀúÀåÇÏ°í client request¿¡
ÀÀ´äÇÑ´Ù. ÇÏÁö¸¸, ´ÜÁö master´Â table¿¡´ëÇÑ master copy¸¦ ÀúÀåÇÑ´Ù. Replica´Â master
º¹Á¦º»ÀÇ Áߺ¹À» ÀúÀåÇÏ´Â °ÍÀÌ´Ù. replica server¸¦ °¡Áö´Â ÇϳªÀÇ ÀÌÁ¡Àº ¾ÈÀü¼ºÀÌ´Ù.
¸¸¾à, master server°¡ request¸¦ handleÇÒ¼ö ¾ø´Ù¸é, replica serverµéÁßÀÇ ¾î¶²°ÍÀÌ
reply¸¦ ÇÒ¼öÀÖ´Ù. ´Ù¸¥ÇϳªÀÇ ÀÌÁ¡Àº ½Ã½ºÅÛ°ü¸®¸¦ ½±°ÔÇÒ¼ö ÀÖ°Ô ÇÏ´Â °ÍÀÌ´Ù. °ü¸®ÀÚ´Â
ÇϳªÀÇ À§Ä¡¿¡¼ table informationÀ» loadÇÏ°í, ±× master server´Â replica server¿¡°Ô
±×°ÍÀ» ÀüÆÄÇÑ´Ù. ºñ½ÁÇÏ°Ô, update´Â master server¿¡ÀÇÇØ ¸¸µé¾îÁö°í, master server´Â
replica server¿¡°Ô update»çÇ×À» ÀüÆÄÇÑ´Ù.
9. NIS+ Security
9.1 NIS+ Principals
NIS+ security´Â unauthorized access·ÎºÎÅÍ Á¤º¸¸¦ º¸È£ÇÑ´Ù. Access´Â NIS+ ¿øÄ¢¿¡
µû¸¥´Ù.
NIS+ principalÀº ´ÙÀ½°ú °°´Ù.
- NIS+ client¿¡ loginÇÏ´Â user
ȤÀº
- NIS+ client»ó¿¡¼ root·Î loginÇÏ´Â user
NIS+ security¸¦ ÀÌ·ç±â À§Çؼ, ¾î¶² »ç¿ëÀÚ´Â rootó·³ loginÇÒ¼ö ÀÖ¾î¾ß ÇÑ´Ù.
+-----------------------------------------------------------+
| °á±¹, NIS+ principalÀº ÀϹݻç¿ëÀÚÀ̰ųª workstation ÀÓ |
+-----------------------------------------------------------+
NIS+ security privilege´Â µÎ´Ü°èÀÇ NIS+ principalÀ¸·Î ³ª´©¾î Áø´Ù.
1) principalÀ» È®ÀÎÇÏ´Â credentialÀº domainÀÇ cred table¿¡ ÀúÀåµÈ´Ù.
2) namespace»ó¿¡ ÀÖ´Â °¢°¢ÀÇ object´Â ´Ù¸¥ ¹üÁÖÀÇ NIS+ principal¿¡ access ±Ç¸®¸¦ ºÎ¿©ÇÑ´Ù.
ÀÌ·± security informationÀº object definition¿¡ ÀúÀåµÈ´Ù.
principal request°¡ object¿¡ accessµÉ¶§, NIS+ server´Â ƯÁ¤ÇÑ object¿¡ ÀÇÇØ access ±Ç¸®°¡
principal¿¡ ºÎ¿©µÇ¾ú´ÂÁö¸¦ È®ÀÎÇÑ´Ù.
¸¸¾à, access ±Ç¸®°¡ ÀÏÄ¡Çϸé, server´Â ±× request¿¡ ÀÀ´äÇÑ´Ù.
¸¸¾à, ÀÏÄ¡ÇÏÁö ¾ÊÀ¸¸é, server´Â request¸¦ ºÎÀÎÇÏ°í error message¸¦ µ¹·ÁÁØ´Ù.
9.2 NIS+ Security
NIS+ server°¡ NIS+ client·ÎºÎÅÍ request ¿äûÀ» ¹ÞÀ»¶§, ¿ì¼± principalÀ»
È®ÀÎÇÑ´Ù. ±×¶§, NIS+ server´Â principalÀÌ accessÇϱ⠿øÇÏ´Â object¸¦ ã°í
pincipalÀÌ ±× object¿¡ ÀûÀýÇÑ Á¢±Ù±ÇÇÑÀ» °¡Á³´ÂÁö ¿©ºÎ¸¦ °áÁ¤ÇÑ´Ù.
¸¸¾à, objectÀÇ Á¤ÀÇ°¡ principalÀÌ ¿Ã¹Ù¸¥ Á¢±Ù±ÇÇÑÀ» °¡Á³´Ù¸é,
server´Â Á¢±ÙÀ» Çã°¡ÇÑ´Ù.
+---------------------------------+
| PrincipalÀÌ NIS+·Î access ¿äû |
+---------------------------------+
|
|
+------------------------------------------------------+
| server´Â credentialÀ» Á¶»çÇÏ°í principalÀ» È®ÀÎÇÑ´Ù | --> authentication(Áõ¸í)
+------------------------------------------------------+
|
|
+---------------------------------+
| server´Â object Á¤ÀǸ¦ Á¶»çÇÑ´Ù | --> authorization(ÀÎÁõ)
+---------------------------------+
|
V
+------+ +---------------------------+ +------+
| NO | <-----| principalÀº accesµÇ´Â°¡ ? |------>| YES |
+------+ +---------------------------+ +------+
| |
V V
+----------+ +----------+
| server´Â | | server´Â |
| Á¢±ÙÀ» | | Á¢±ÙÀ» |
| °ÅºÎÇÑ´Ù | | Çã°¡ÇÑ´Ù |
+----------+ +----------+
principalÀ» È®ÀÎÇÏ´Â ÀýÂ÷´Â authenticationÀ¸·Î ¾Ë·ÁÁ® ÀÖ´Ù. object¿¡ ´ëÇÑ access
±ÇÇÑÀ» °Ë»çÇÏ´Â ÀýÂ÷´Â authorizationÀ¸·Î ¾Ë·ÁÁ® ÀÖ´Ù.
9.3 Authentication
authenticationÀº NIS+ server·Î ¿äûÇÏ´Â principalÀ» È®ÀÎÇÏ´Â ÀýÂ÷ÀÌ´Ù.
authenticationÀÇ ¸ñÀûÀº object·ÎÀÇ access ±ÇÇÑÀÌ Á¶»çµÉ¼ö ÀÖµµ·Ï(authorization process)
principal nameÀ» ¾ò´Â°ÍÀÌ´Ù.
NIS+ server´Â ÀÚ½ÅÀÇ crendentialÀ» °Ë»çÇÔÀ¸·Î½á principalÀ» È®ÀÎÇÑ´Ù.
NIS+´Â µÎ°¡Áö ÇüÅÂÀÇ crendentialÀ» ¼ö¿ëÇÑ´Ù.
- LOCAL credentials : LOCAL credentialÀº clientÀÇ UID¸¦ NIS+ principal nameÀ¸·Î
¸¸µå´Âµ¥ »ç¿ëµÈ´Ù.
LOCAL credentialÀº password record·ÎºÎÅÍ client userÀÇ UID,GID¸¦
ÃßÃâÇÏ¿© ¸¸µé¾îÁö°í, ¸¸µé¾îÁø crendentialµéÀ» ÀÚ±â domainÀÇ
cred table¿¡ ÀúÀåÇÑ´Ù.
- DES credentials : DES credentialÀº principalÀ» È®ÀÎÇϱâ À§ÇØ ¿ä±¸µÇ´Â additional password
(or key)»ó¿¡¼ ¸¸µëÀ¸·Î½á »ý¼ºµÈ´Ù..
ÀÌ·± additional key°¡ Á¦°øµÇÁö ¾Ê´Â´Ù¸é, principalÀº
unauthenticateµÇ´Â °ÍÀ¸·Î °í·ÁµÇ°í, object¸¦ accessÇϴ°ÍÀÌ
°ÅºÎµÈ´Ù.
Ç×»ó principalÀÇ login password¿Í DES key´Â °°´Ù.
NIS+ principalÀ» È®ÀÎÅ° À§ÇÑ Á¤º¸´Â cred table¿¡ ÀúÀåµÈ´Ù.
°¢°¢ÀÇ NIS+ domainÀ» À§ÇØ ÇϳªÀÇ cred tableÀÌ ÀÖ´Ù.
cred tableÀº ƯÁ¤ÇÑ domainÀ» accessÇϱ⸦ ¿øÇÏ´Â NIS+ principalÀ» À§ÇÑ
authentication information¸¦ ÀúÀåµÈ´Ù.
9.4 Authorization
NIS+ authorizationÀº NIS+ principalÀÌ NIS+ object¿¡ ´ëÇÑ access±Ç¸®¸¦ ÀÎÁ¤ÇÏ´Â ÀýÂ÷ÀÌ´Ù.
access ±Ç¸®¿¡´Â ³×°¡Áö À¯ÇüÀÌ ÀÖ´Ù.
========================================================================
Access Right Description
========================================================================
Read principalÀº object¿¡´ëÇÑ ³»¿ëµéÀ» ÀÐÀ»¼ö
ÀÖ´Ù.
Modify principalÀº objectÀÇ ³»¿ëÀ» ¼öÁ¤ÇÒ¼ö ÀÖ´Ù.
Create principalÀº table ȤÀº directory¾ÈÀÇ »õ·Î¿î
objectsÀ» ¸¸µé¼ö ÀÖ´Ù.
Destory principalÀº table ȤÀº directory¾ÈÀÇ object
µéÀ» Æı«ÇÒ¼öÀÖ´Ù.
========================================================================
NIS+ access±Ç¸®´Â file permission°ú °°Àº °ÍÀ¸·Î »ý°¢µÉ¼ö ÀÖ´Ù.
9.4.1 Access Rights
authorizationÀÇ ¸ñÀû°ú access ±Ç¸®µéÀ» ÀÎÁ¤Å° À§ÇØ
principalµéÀ» 4°¡Áö ÇüÅ·ΠºÐ·ùÇÑ´Ù.
=================================================================
category Description
=================================================================
owner single NIS+ principal
group NIS+ principalÀÇ ÁýÇÕ
world NIS+¿¡ ÀÇÇØ È®ÀÎµÈ ¸ðµç principal
nobody unauthenticate principal
=================================================================
access±Ç¸®´Â 16ÀÚ¸® ¹®ÀÚ list·Î Ç¥½ÃµÈ´Ù.
ÀÌ·± access±Ç¸®´Â objectµéÀÇ Á¤ÀÇÀÇ ÇѺκÐÀ¸·Î ¸í½ÃµÈ´Ù.
r--- rmcd rm-- r---
Nobody ----
owner ----
group ----
world ----
NIS+ groupÀº security convenienceÀ» À§ÇØ ÇÔ²² ±¸¼ºµÈ ÇϳªÀÌ»óÀÇ NIS+ principalÀÌ´Ù.
NIS+ group¿¡ ´ëÇÑ Á¤º¸´Â ¸ðµç NIS+ domaindÀÇ subdirectoryÀÎ groups_dirÇÏ¿¡¼
NIS+ group object¿¡ ÀúÀåµÈ´Ù.
Âü°í·Î NIS+ group table¿¡ ÀúÀåµÇ´Â °ÍÀº ¾Æ´Ï´Ù. ¿©±â¼ ¸»ÇÏ´Â groupÀº UNIX groupÀÌ´Ù.
¸ðµç access±Ç¸®´Â nisls command¸¦ ÀÌ¿ëÇÏ¸é ³ªÅ¸³ª°Ô µÈ´Ù.
10. NIS+ Security Levels
À§¿¡¼ ¾ð±ÞÇÑ authorization schemeÀÇ ½ÇÇàÀº security¿¡ ´ëÇÑ domain level¿¡ ÀÇÇØ °áÁ¤µÈ´Ù.
NIS+ server´Â ¼¼°¡ÁöÀÇ security levelÁßÀÇ Çϳª·Î ÀÛµ¿ÀÌ µÈ´Ù; 0 , 1 , 2
ÀÌ·± security levelµéÀº principalÀÇ credentialÀÌ °Ë»çµÇ´Â Á¤µµ¸¦ °áÁ¤ÇÏ´Â °ÍÀÌ´Ù.
=====================================================================================
security level Description
=====================================================================================
0 principalÀÇ credential¿¡ ´ëÇÑ °Ë»ç°¡ ÇàÇØÁöÁö ¾Ê´Â´Ù.
¾î¶² clientµµ ÀÛµ¿À» ¼öÇàÇϵµ·Ï ÇÑ´Ù.
ÀÌ levelÀº ÃʱâÀÇ NIS+ namespaceµéÀ» settingÇÏ°í testing
ÇϱâÀ§ÇÑ ¸ñÀûÀ¸·Î »ç¿ëµÈ´Ù.
=====================================================================================
1 principalÀÇ credentialÀ» °Ë»çÇÏ°í LOCAL ȤÀº DES
authenticationÀ» ¼ö¿ë.
local credentialµéÀº ½±°Ô À§Á¶µÉ¼ö Àֱ⶧¹®¿¡, untrusted server
µéÀÌ accessÇÒÁö ¸ð¸£´Â network»ó¿¡¼´Â ÀÌ°ÍÀ» »ç¿ëÇÏÁö ¸»¾Æ¾ß ÇÑ´Ù.
=====================================================================================
2 principalÀÇ credentialÀ» °Ë»çÇÏ°í DES authentication¸¸À» ¼ö¿ë.
ÀÌlevelÀº ÃÖ»óÀÇ security levelÀ» Á¦°øÇÏ°í , NIS+ server¿¡¼´Â
default levelÀÌ´Ù.
=====================================================================================
NIS+ server¿¡¼ ¼öÇàµÇ´Â rpc.nisd¶ó ºÒ¸®´Â NIS+ service daemonÀº /etc/init.d/rpc script·Î
ºÎÅÍ ¼öÇàµÈ´Ù. Default security levelÀº 2ÀÌ´Ù.
testÇÏ´Â ¸ñÀûÀ¸·Î lower security levelÀÇ NIS+ ȯ°æÀ¸·Î ¿î¿µÇÑ´Ù¸é, root master
serverÀÇ rpc script¸¦ -S optionÀ» °¡Áö°í ¿î¿µÇÏ¸é µÈ´Ù.
/usr/sbin/rpc.nisd -r -S 0 ( -r => root server·Î¼ ¿î¿µÇϱâ À§ÇÑ daemon option )
11. Name service switch process
Name service switch process´Â NIS+ client°¡ /etc ȤÀº NIS+ tableµé°ú °°Àº ÇϳªÀÌ»óÀÇ
sourceµé·ÎºÎÅÍ Á¤º¸¸¦ ¾ò°Ô ÇØÁØ´Ù.
Name service switch configurationÀÎ /etc/nsswitch.conf fileÀº 15Á¾·ùÀÇ information list¿Í
ÀÌ·±ÇÑ sourceµéÀÌ Ã£¾îÁö´Â ¼ø¼¸¦ Æ÷ÇÔÇÏ°í ÀÖ´Ù.
±× ÈÀÏÀÇ ÇüÅ´ ´ÙÀ½°ú °°´Ù.
group source(s)
hosts source(s)
passwd source(s)
- Sources
ÇϳªÀÌ»óÀÇ sourceµéÀÌ °¢°¢ÀÇ database¸¦ À§ÇØ ¸í½ÃµÉ¼ö ÀÖ´Ù.
==============================================================================
sources Description
==============================================================================
files clientµéÀÇ local /etc fileµé
nisplus NIS+ table
nis NIS map
compat password¿Í groupÀÇ old-styleÀÎ "+"¸¦ Áö¿ø
dns hosts entry¿¡¸¸ Àû¿ë
==============================================================================
example ) /etc/nsswitch.conf file
passwd: files nisplus
group: files nisplus
ÀÌ·± syntax´Â ¸¸¾à localÀÇ passwd¿Í group fileµéÀ» Á¶»çÇÏ¿© ¾øÀ»¶§ NIS+ passwd¿Í
group fileµéÀ» Á¶»çÇ϶ó´Â °ÍÀÌ´Ù.
´ÜÁö, local passwd¿Í group file¿¡ ±¹ÇÑÇؼ access¸¦ Á¦ÇÑÇÑ´Ù¸é nisplusÇ׸ñÀ» »èÁ¦ÇÏ¸é µÈ´Ù.
example ) cat /etc/nsswitch.conf
#
# /etc/nsswitch.files:
#
# An example file that could be copied over to /etc/nsswitch.conf; it
# does not use any naming service.
#
#"hosts:" & "services:" in this file are used only if the /etc/netconfig
# file contains "switch.so" as a nametoaddr library for "inet" transports.
passwd: files
group: files
hosts: files
networks: files
protocols: files
rpc: files
ethers: files
netmasks: files
bootparams: files
publickey: files
# At present there isn't a 'files' backend for netgroup; the system will
# figure it out pretty quickly, and won't use netgroups at all.
netgroup: files
automount: files
aliases: files
services: files
12. Name service switch status / action values
- return status
°¢°¢ÀÇ source´Â NIS+ infromationÀ» ¿äûÇÏ´Â »ç¿ëÀÚ¿¡°Ô value¸¦ returnÇÏ´Â
status code¸¦ µ¹·ÁÁØ´Ù.
================================================================================
status code Description
================================================================================
SUCCESS requestµÈ entry¸¦ ¹ß°ß
UNAVAIL source°¡ »ç¿ëºÒ°¡´ÉÇÔ
NOT FOUND source´Â ¾î¶°ÇÑ entryµµ Æ÷ÇÔÇÏ°í ÀÖÁö ¾ÊÀ½
TRY AGAIN source´Â " I'm busy, try later " message¸¦ returnÇÔ
================================================================================
- Actions
°¢°¢ÀÇ status code¸¦ À§ÇØ, µÎ°¡Áö actionÀÌ °¡´ÉÇÏ´Ù.
=============================================
action description
=============================================
continue ´ÙÀ½ source¸¦ ½Ãµµ
return entry Á¶»ç¸¦ ¸ØÃã
=============================================
Default actionÀº ´ÙÀ½°ú °°´Ù.
- SUCCESS = return
- UNAVAIL = continue
- NOT FOUND = continue
- TRY AGAIN = continue
ex) cat /etc/nsswitch.conf
...
hosts: nisplus [NOTFOUND=return] files
...
ÀÌ syntaxÀÇ Àǹ̴ NIS+ hosts table¸¸ÀÌ Á¶»çµÉ¼ö ÀÖ´Ù´Â °ÍÀÌ´Ù.
local table°ú NIS+ tableµÑ´Ù Á¶»çÇÏ·Á¸é, [NOTFOUND=return]ÀÇ ºÎºÐÀ» Áö¿ì¸é µÈ´Ù.
13. Name service switch configuration file
name service switch configuration fileÀÇ ³×°¡Áö versionÀÌ Solaris 2.X release¿¡
Æ÷ÇԵǾî ÀÖ´Ù.
- /etc/nsswitch.conf fileÀº network Á¤º¸¸¦ À§ÇØ Á¶»çµÇ¾î¾ß ÇÒ source·Î¼, install½Ã
¼±ÅÃµÈ name service¸¦ ¸í½ÃÇÑ default configuration fileÀÌ´Ù.
- /etc/nsswitch.files fileÀº local systemÀÇ /etc fileµé¸¸ Á¶»çÇÏ´Â ´ëü
name service switch fileÀÌ´Ù.
- /etc/nsswitch.nis fileÀº ¸ÕÀú local fileÀ» ´ÙÀ½¿¡ NIS database°¡ ÂüÁ¶µÇ´Â passwwd,
group,automount,aliases map°°Àº °ÍÀ» Á¦¿ÜÇÑ ¸ðµç Á¤º¸¿¡´ëÇÑ primary source·Î¼
NIS database¸¦ »ç¿ëÇÑ´Ù.
¿Ö³ÄÇϸé, passwd¿Í group fileÀ» À§ÇÑ Á¶»ç´Â local fileÀ» ¸ÕÀú ã°í, ³ªÁß¿¡ NIS
database¸¦ ã±â¶§¹®¿¡, passwd file¿¡´Â "+"Ç¥½Ã°¡ ÇÊ¿ä°¡ ¾ø´Ù.
- /etc/nsswitch.nisplus fileÀº local fileÀ» ¸ÕÀú ã°í, ³ªÁß¿¡ NIS database°¡ ÂüÁ¶µÇ´Â
passwd,group,automount,aliases tableÀ» Á¦¿ÜÇÏ°í ¸ðµç Á¤º¸¸¦ À§ÇÑ primary source·Î
NIS+¸¦ »ç¿ëÇÑ´Ù.
Default /etc/nsswitch.conf fileÀº installµ¿¾È ¾î¶² name service°¡ ¼±ÅõǴÂÁö¿¡ µû¶ó °áÁ¤µÈ´Ù.
À§¿¡¼ ¾ð±ÞÇÑ ´Ù¸¥ switch fileµéÀº name service configurationÀÌ º¯°æµÉ¶§ /etc/nsswitch.conf
file¿¡ º¹»çÇÏ¿© »ç¿ëÇÒ¼ö ÀÖ´Ù.
SUBJECT: Solaris 2.x - NIS+ Environment
CONTENT: chapter 9.2 - configuration the NIS+ Environment
1. Configuring an NIS+ Root Master
1) NIS+ root master»ó¿¡ root·Î login
2) path¸¦ setting.
# PATH=/usr/lib/nis:$PATH ; export PATH
3) domain nameÀ» set.
# domainname solar.com.
# domainname > /etc/defaultdomain
4) NIS+ sourceµéÀ» Æ÷ÇÔÇÏ´Â name service switch fileÀ» º¯°æ.
# cp /etc/nsswitch.nisplus /etc/nsswitch.conf
5) root master¸¦ ÃʱâÈ.
# nisinit -r ( -r => NIS+ root server·Î ÃʱâÈ)
6) security level 0·Î NIS+ domainÀ» ½ÃÀÛ.
# rpc.nisd -r -S 0
( security level 0´Â setup°ú testingÀ» À§ÇØ »ç¿ëµÇ´Â °Í )
( security level 0¿¡¼´Â, ¾î¶² userµµ NIS+ mapÀ» editÇÒ¼ö ÀÖÀ½)
7) NIS+ directory structure¸¦ setup.
# nissetup solar.com.
8) NIS tableµé¿¡ data file informationÀ» Ãß°¡
# cd /etc
# nisaddent -r -f hosts hosts ( -r => ÇöÁ¸ÇÏ´Â entry »èÁ¦ÈÄ ´Ù½Ã ¸¸µë)
# nisaddent -r -f passwd passwd
# nisaddent -r -f rpc rpc
# nisaddent -r -f services services
# nisaddent -r -f netmasks netmasks
# nisaddent -r -f bootparams bootparams
# nisaddent -r -f ethers ethers
# nisaddent -r -f group group
# nisaddent -r -f timezone timezone
# nisaddent -r -f protocols protocols
# nisaddent -r -f mail_aliases mail_aliases
# nisaddent -r -f sendmailvars sendmailvars
# nisaddent -m -f shadow shadow ( -m => file or mapÀ» NIS+ table°ú merge)
# nisaddent -r -f /etc/auto_master -t automaster.org_dir key_value 'domainname'
( -t table => tableÀº NIS+ tableÀÌ µÇ¾ß ÇÔ)
9) NIS+ tableµéÀ» °ËÁõ.
# niscat hosts.org_dir
# niscat passwd.org_dir
10) NIS+ value¸¦ set.
# NIS_PATH='org_dir.$:$'
# export NIS_PATH
# niscat passwd
2. NIS+ Replica server¸¦ setup.
1) /etc/inet/hosts file¿¡ NIS+ master¸¦ Ãß°¡.
# vi /etc/inet/hosts
ip_address master_name
2) NIS+ root master·Î loginÇÏ°í replica server¸¦ ÀνĽÃÄÑÁÜ.
# rlogin master_name
# nismkdir -s replica_hostname solar.com. ( -s => hostnameÀÌ replica ÀÓÀ» ÁöĪ)
# nismkdir -s replica_hostname org_dir.solar.com.
3) NIS+ replica server»ó¿¡ root·Î login.
4) domain nameÀ» set.
# domainname solar.com.
# domainname > /etc/defaultdomain
5) NIS+¸¦ Æ÷ÇÔÇÏ´Â name service switch fileÀ» º¯°æ.
# cp /etc/nsswitch.nisplus /etc/nsswitch.conf
6) clientó·³ replica server¸¦ ÃʱâÈ.
# nisinit -c -H master_name ( -c => NIS+ client·Î ÃʱâÈ
-H hostname => hostnameÀÌ ÁøÁ¤ÇÑ NIS+ server·Î¼ contact µÇ¾ßÇÔ)
7) NIS+ daemonÀ» ½ÃÀÛ.
# rpc.nisd
8) NIS+ root master»ó¿¡¼, replica server¿¡´ëÇÑ tableµéÀ» º¹Á¦.
# nisping solar.com.
# nisping org_dir.solar.com.
3. NIS+ client¸¦ setup.
1. NIS+ client»ó¿¡ root·Î login.
2. doamin nameÀ» set.
# domainname solar.com.
# domainname > /etc/defaultdomain
3. NIS+¸¦ Æ÷ÇÔÇÏ´Â name service switch fileÀ» º¯°æ.
# cp /etc/nsswitch.nisplus /etc/nsswitch.conf
4. /etc/inet/hosts file¿¡ NIS+ master¸¦ Ãß°¡.
# vi /etc/inet/hosts
ip_address master_name
5. client¸¦ ÃʱâÈ.
# nisinit -c -H master_name
4. NIS+ client¸¦ ±¸¼º.
1. domain nameÀ» set.
2. master server¸¦ À§ÇÑ /etc/inet/hosts entry¸¦ Ãß°¡.
3. nisinit command¸¦ ¿î¿µ.
5. NIS+ client commands
1) nisls command
- NIS+ directoryÀÇ objectµéÀÇ list¸¦ º¸¿©ÁÜ.
- syntax : nisls [ -l ] [ directory_name ]
1 column : type
2 column : permissions
3 column : ownerÀÇ principal name
4 column : createµÇ´Â ÀϽÃ
5 column : object name
# nisls -l
org_dir.solar.com. :
...
T ----rmcdrmcdr--- venus.solar.com Thu Jun 9 11:37:43 1994 auto_master
T ----rmcdrmcdr--- venus.solar.com Thu Jun 9 11:37:43 1994 auto_home
....
2) niscat command
- NIS+ tableÀÇ ³»¿ëÀ» display.
- syntax : niscat [ -h ] tablename
- ex) # niscat passwd.org_dir
root::0:1:0000-Admin(0000):/:/sbin/sh:
# niscat -h passwd.org_dir
# name:passwd:uid:gid:gcos:home:shell:shadow:
root::0:1:0000-Admin(0000):/:/sbin/sh:
3) nismatch command
- shell scriptµéÀÌ NIS+ tableÀ» Á¶»çÇϴ°ÍÀ» Çã°¡ÇÔ.
- syntax : nismatch key tablename
- ex) # nismatch rimmer passwd.org_dir
rimmer::113:110:Arnold J.Rimmer:/export/home/rimmer:/bin/sh:
4) nisgrep command
- syntax : nisgrep colname=keypat tablename
- ex) # nisgrep 'uid=11[234]' passwd.org_dir
lister::112:110:Dave Lister:/export/home/lister:/home/sh:
rimmer::113:110:Arnold J.Rimmer:/export/home/rimmer:/bin/sh:
kryten::114:110:Keyten Model 3500:/export/home/kryten:/bin/sh:
5) nispasswd command
- NIS+ passwd table¾ÈÀÇ entryµéÀ» º¯°æ.
- nispasswd´Â local /etc/hosts¿Í /etc/shadow¸¦ ¼öÁ¤Çϰųª ÀÐÁö´Â ¾Ê´Â´Ù.
nispasswd´Â NIS+ server¿Í Åë½ÅÇϱâ À§ÇØ secure RPC¸¦ »ç¿ëÇÏ°í, network»óÀ¸·Î unencryptµÈ
password¸¦ Àý´ë·Î º¸³»Áö ¾Ê´Â´Ù.
- ex) nispasswd
6) nisdefaults command
- default NIS+ value¸¦ º¸¿©ÁÜ.
- ex) # nisdefaults
Principal Name : venus.solar.com.
Domain Name : solar.com.
Host Name : venus.solar.com.
Group Name :
Access Rights : ----rmcdr---r---
Time to live : 12:00:00
Search Path : solar.com.
6. NIS+ table»ó¿¡ data¸¦ Ãß°¡.
- dataµéÀº ¸î°¡Áö ´Ù¸¥ ¹æ¹ýÀ¸·Î NIS+ table¿¡ Ãß°¡µÊ.
. admintool
. nisaddent command
. nistbladm command
7. Administration Tool
- user account manager : NIS+ set
- database manager : auto_homeÀ» nis+·Î set
8. NIS+ server & client¸¦ ÃʱâÈ
1. /usr/sbin/nisinit command´Â NIS+ client ȤÀº server¸¦ ÃʱâÈ.
syntax : nisinit -r
nisinit -c -H host | -B -C coldstart_file
ex) # nisinit -r
This machine is in the solar.com. NIS+ domain.
Setting up root server ...
All done.
# nisinit -c -H venus
This machine is in the solar.com. NIS+ domain.
Setting up NIS+ client ...
All done.
2. nissetup command
NIS+ directory¿¡ Àִ ǥÁØÀÇ tableÀÇ empty versionÀ» ¸¸µå´Â shell script.
ex) # /usr/lib/nis/nissetup solar.com.
org_dir.solar.com. created
groups_dir.solar.com. created
auto_master.org_dir.solar.com. created
auto_home.org_dir.solar.com. created
3. nisaddent command
/usr/lib/nis/nisaddent command´Â source file ȤÀº standard inputÀ¸·ÎºÎÅÍ Àоî NIS+
table¿¡ data¸¦ Ãß°¡ÇÏ´Â ¸í·É.
syntax : nisaddent [ -r ] -f file type [ domainname ]
ex) # cat /etc/passwd | nisaddent passwd --> /etc/passwd ³»¿ëÀ» passwd.org_dir table¿¡ ÷°¡
ex) # nisaddent -rv -f /etc/inet/hosts hosts --> hosts.org.dir tableÀ» /etc/hosts³»¿ëÀ¸·Î
´ëüÇÔ
# nisaddent -mv -y myypdomain passwd nisdomain --> myypdomain ÀÇ passwd mapÀ»
passwd.org_dir.nisdomain table°ú ÇÕħ
/var/yp/myypdomain directory°¡ yppasswd.mapÀ» Æ÷ÇÔÇÑ´Ù°í °¡Á¤ÇÔ
# nisaddent -m -y myypdomain -Y auto.master -t auto_master.org_dir key_value
--> myypdomainÀÇ auto.master map°ú auto_master.org_dir table°ú ÇÕħ
# nisaddent -d hosts --> hosts.org_dir tableÀ» dumpÇÔ
4. nismkdir command
/usr/lib/nis/nismkdir command´Â Á¸ÀçÇÏ´Â NIS+ domain¾È¿¡ »õ·Î¿î NIS+ sub-directory
(sub-domain)¸¦ ¸¸µé¶§ »ç¿ëÇÑ´Ù.
ÀÌ ¸í·É¾î´Â replica server¸¦ À§ÇØ directory structure¸¦ ¸¸µå´Âµ¥ ÇÊ¿äÇÔ.
syntax : nismkdir [ -s hostname ] directoryname
ex) nismkdir -s saturn solar.com. --> solar.com. domain¾ÈÀÇ root master»ó¿¡¼
replica server saturnÀ» À§ÇØ ÇÊ¿äÇÑ directory¸¦ ¸¸µë
ex) nismkdir -s saturn org_dir.solar.com.
5. nisping command
/usr/lib/nis/nisping command´Â ¸ðµç replica server¿¡ pingÀ» º¸³»´Âµ¥ »ç¿ë.
syntax : nisping -f solar.com.
ex) # nisping -f solar.com.
Pinging replicas serving directory solar.com. :
Master server is venus.solar.com.
Last update occurred at Thu Jun 9 11:43:58 1993
Replica server is saturn.solar.com.
Pinging ... saturn.solar.com.
ex) # nisping org_dir.solar.com
Pinging replicas serving directory org_dir.solar.com. :
Master server is venus.solar.com.
Last update occurred at Thu Jun 9 11:42:59 1993
Replica server is saturn.solar.com.
pinging ... saturn.solar.com.
Revison History
ÀÛ¼ºÀÏÀÚ : 96.11.19
ÀÛ¼ºÀÚ : ÀÌÁø¼ö