Project #3: Implementing NIS

Similar documents
IT341 Introduction to System Administration Project II Configuring and Using a LAN

System Administration

SRT210. The Pragmetic art of Administration. NIS Server. Raymond Chan

LAN Setup Reflection

LAN Setup Reflection. Ask yourself some questions: o Does your VM have the correct IP? o Are you able to ping some locations, internal and external?

Linux Kung Fu. Stephen James UBNetDef, Spring 2017

Introduction. What is Linux? What is the difference between a client and a server?

CSE 265: System and Network Administration

Project #4: Implementing NFS

Commands are in black

Chapter 5: User Management. Chapter 5 User Management

Network Information Service

Chapter 8: Security under Linux

Linux Essentials Objectives Topics:

Everything about Linux User- and Filemanagement

Cluster Computing Spring 2004 Paul A. Farrell 4/25/2006. Dept of Computer Science Kent State University 1. Configuring & Tuning Cluster Networks

CTEC1863/2018F Bonus Lab Page 1 of 5

User Management. René Serral-Gracià Xavier Martorell-Bofill 1. May 26, Universitat Politècnica de Catalunya (UPC)

Introduction to Computer Security

Users and Groups. his chapter is devoted to the Users and Groups module, which allows you to create and manage UNIX user accounts and UNIX groups.

User Accounts. The Passwd, Group, and Shadow Files

OPERATING SYSTEMS LINUX

Linux Kung Fu. Ross Ventresca UBNetDef, Fall 2017

UNIT 10 Ubuntu Security

NETW 110 Lab 5 Creating and Assigning Users and Groups Page 1

CS/CIS 249 SP18 - Intro to Information Security

UNIT V. Dr.T.Logeswari. Unix Shell Programming - Forouzan

SSSD. Client side identity management. LinuxDays 2012 Jakub Hrozek

Pre-Assessment Answers-1

The kernel is the low-level software that manages hardware, multitasks programs, etc.

Basic Linux Security. Roman Bohuk University of Virginia

Q) Q) What is Linux and why is it so popular? Answer - Linux is an operating system that uses UNIX like Operating system...

CST8207: GNU/Linux Operating Systems I Lab Seven Linux User and Group Management. Linux User and Group Management

RH-202. RedHat. Redhat Certified Technician on Redhat Enterprise Linux 4 (Labs)

Linux Kung-Fu. James Droste UBNetDef Fall 2016

Much is done on the Server, it20:

IP Addresses. An IPv4 address looks like this

CIT 470: Advanced Network and System Administration. Topics. Namespaces. Accounts and Namespaces. 1. Namespaces 2. Policies

22-Sep CSCI 2132 Software Development Lecture 8: Shells, Processes, and Job Control. Faculty of Computer Science, Dalhousie University

Hands-on Keyboard: Cyber Experiments for Strategists and Policy Makers

02. At the command prompt, type usermod -l bozo bozo2 and press Enter to change the login name for the user bozo2 back to bozo. => steps 03.

RedHat. Rh202. Redhat Certified Technician on Redhat Enterprise Linux 4 (Labs)

CST8207: GNU/Linux Operating Systems I Lab Seven Linux User and Group Management. Linux User and Group Management

SA2 v6 Linux System Administration II Net Configuration, Software, Troubleshooting

User & Group Administration

10 userdel: deleting a user account 9. 1 Context Tune the user environment and system environment variables [3]

The Samba-3: Overview, Authentication, Integration

MANAGING THE NONUNIFORM BEHAVIOUR OF TERMINALS AND KEYBOARDS. : WHEN THINGS GO WRONG

Lab Authentication, Authorization, and Accounting

1Z Oracle Linux 5 and 6 System Administration Exam Summary Syllabus Questions

ITDUMPS QUESTION & ANSWER. Accurate study guides, High passing rate! IT dumps provides update free of charge in one year!

Advanced Network and System Administration. Accounts and Namespaces

UNIX/Linux Auditing. Baccam Consulting, LLC Training Events

Passwords CSC 193 WAKE FOREST. U N I V E R S I T Y Department of Computer Science. Spring 2014

1Z0-100 oracle.

Course 144 Supplementary Materials. UNIX Fundamentals

Systems Programming and Computer Architecture ( ) Exercise Session 01 Data Lab

HANDS UP IF YOU DON T HAVE A VM OR IF YOU DON T REMEMBER YOUR PASSWORDS. Or something broke

Welcome to getting started with Ubuntu Server. This System Administrator Manual. guide to be simple to follow, with step by step instructions

User Management. lctseng

Centrify's Solution for NIS Migration

Computer Center, CS, NCTU

Provide general guidelines and procedures for Unix Account Management

IT341 Introduction to System Administration. Project 4 - Backup Strategies with rsync and crontab

Race Condition Vulnerability Lab

Introduction to Systems Security

The Samba-3 Enchilada: Overview, Authentication, Integration

CSE 390a Lecture 3. Multi-user systems; remote login; editors; users/groups; permissions

Users, Groups and Permission in Linux

LAB #7 Linux Tutorial

Basic UNIX system administration

Ubuntu Practice and Configuration Post Installation Exercises interlab at AIT Bangkok, Thailand

Symbolics Network File System (NFS) User s Guide. Introduction to Symbolics Network File System (NFS)

Preface to the First Edition Preface to the Second Edition Acknowledgments UNIX Operating System Environment p. 1 UNIX: Past and Present p.

Cobbler and Puppet. Controlling your server builds. Eric Mandel and Jason Ford BlackMesh

Cluster Computing Spring 2004 Paul A. Farrell

IT341 Introduction to System Administration Project V Implementing DNS

CompTIA Linux Course Overview. Prerequisites/Audience. Course Outline. Exam Code: XK0-002 Course Length: 5 Days

Step 1 - Install Apache and PostgreSQL

Redhat Basic. Need. Your. What. Operation G U I D E. Technical Hand Note template version

John the Ripper on a Ubuntu MPI Cluster

OptiRain Open 2 Installation Guide for LInux. This guide provides general instructions for installing OptiRain Open 2 on a Linux based server.

Check List: Linux Machines

Processes are subjects.

Advanced Linux System Administra3on

Check the FQDN of your server by executing following two commands in the terminal.

Embedded System Design

Information System Audit Engr. Abdul-Rahman Mahmood MS, PMP, MCP, QMR(ISO9001:2000)

CST Lab 2 Review #1

Quick Start Guide for Intel FPGA Development Tools on the Microsoft* Azure* Platform

A new name server architecture. John Schimmel, Larry McVoy & Andrew Chang. Silicon Graphics Engineering

User accounts and authorization

Configuration Management - Using Puppet. lctseng / Liang-Chi Tseng

RSA Identity Governance and Lifecycle Connector Data Sheet for Ubuntu Linux

Jackson State University Department of Computer Science CSC 437/539 Computer Security Fall 2013 Instructor: Dr. Natarajan Meghanathan

OPENSTACK CLOUD RUNNING IN A VIRTUAL MACHINE. In Preferences, add 3 Host-only Ethernet Adapters with the following IP Addresses:

Downloading and installing Db2 Developer Community Edition on Ubuntu Linux Roger E. Sanders Yujing Ke Published on October 24, 2018

Processes are subjects.

Linux Interview Questions and Answers

Post Ubuntu Install Exercises

Transcription:

Project #3: Implementing NIS NIS Daemons Limitations of NIS How We Will Use NIS NIS Domain Name NIS Software Setting Up NIS on it20 /etc/nsswitch.conf Creating New Accounts on Ubuntu /etc/passwd /etc/shadow /etc/group chown and chgrp

NIS One of the things you did when you installed Linux was to create the sysadmin user account othis account is only valid on your virtual machine not on any other virtual machine oso, if you want to connect to another virtual machine, you must use a different user account However, setting up the same user account on every machine that you might possibly want to use on a network would be a nightmare for system administrators

NIS Thus, we need a software service that allows us to configure many machines without going to each machine Network Information Service (NIS) is one such service. The idea behind NIS was to have: oone place, where configuration files for an entire network could be stored o which could then be copied automatically to the individual machines on the network

NIS The information that NIS provides is stored in files that NIS calls maps othese map files are not text othey are in a special binary format. Therefore, to read these files you need special NIS tools The maps exists on the NIS server, and all other machines on the network get copies of these files from the server

NIS NIS always has a master server, but there may be additional servers that have copies of the master server files and can stand in for the master server if it is not available These servers are called slave servers NIS was developed by Sun and was originally called Yellow Pages For legal reasons, the name had to be changed, but many of the commands used in NIS start with "yp"

Daemons NIS, like many network services, relies on daemons to provide its services Daemons are processes that provide services and run in the background, never interacting directly with any user (even root) Daemons are often started when the machine is booted The programs that are run in these processes often have names ending in "d". (Just in case you've ever wondered about that...)

Daemons For example: o The daemon that a web server runs is called httpd o To be able to log into your VM, you will need to have the sshd daemon running NIS uses several daemons, but the two most important daemons are o ypserv : runs on the master server o ypbind : runs on the other machines that use NIS services These other machines are called clients

Limitations of NIS Since all the information that NIS provides is in the form of files, there is a practical limit to the size of the networks it can support Other databases architectures, like SQL, have a hierarchical structure, which makes searching for an individual entry much faster NIS uses a flat file architecture, in which each record is stored one right after another o To search for a given entry, you have to start at the beginning of the file and continue until you reach the record you need o In the worst case situation, you might have to scan the entire file to get the record you want, so flat file databases are not efficient for storing large amounts of data

Limitations of NIS Another important limitation is security Without going into the details, NIS is not very secure o We will deal with this limitation by confining the NIS server to our little network o The firewall will not allow outside users to access the NIS ports o Using NIS with the dynamic addresses in DHCP is a major security threat o This is why, when using DHCP in this lab, we use static IP addresses instead of addresses from the pool NIS also creates a lot of network traffic which also makes it unsuitable for large networks

How We Will Use NIS With all that NIS has going against it, why are we using it? For small networks, where o NIS is running behind a firewall which blocks access to the NIS ports from the outside, and o IP addresses are static NIS is an efficient way of distributing four configuration files /etc/passwd /etc/shadow /etc/group /etc/hosts

/etc/passwd is where user account data is stored $ head -3 /etc/passwd root:x:0:0:root:/root:/bin/bash daemon:x:1:1:daemon:/usr/sbin:/bin/sh bin:x:2:2:bin:/bin:/bin/sh /etc/shadow is where encrypted passwords are stored $ sudo head -3 /etc/shadow root:$6$ck5namaj$u7jjxprwnrdompvb4to0ejgphrwplsya6lizdeatrutoohbl HPLiuugzSiajJ.Rnnk/HdUsbxEqkDJbIwABgA1:15770:0:99999:7::: daemon:*:15722:0:99999:7::: bin:*:15722:0:99999:7::: Why is sudo needed to view shadow but not passwd?

/etc/group is where data about groups is stored $ head -3 /etc/group root:x:0: daemon:x:1: bin:x:2: Check out /etc/group on it20 and on your own VM. Does it contain anything of note?

/etc/hosts is used to associate hostnames with IP addresses $ head -20 /etc/hosts # /config/it/root/etc/hosts installed as # it20:/etc/hosts. # If you modify this file, please notify sysprog # so your mods can be fetched back to repository. # Associate ip addresses with names. # Myself (loop back) 127.0.0.1 localhost #127.0.1.1 it20.it.cs.umb.edu it20 10.0.0.1 it20.it.cs.umb.edu it20 # Inside vm's for s13, per abird. 10.0.0.128 itvm21-1.it.cs.umb.edu itvm21-1 10.0.0.129 itvm22-1.it.cs.umb.edu itvm22-1 10.0.0.130 itvm23-1.it.cs.umb.edu itvm23-1 10.0.0.131 itvm24-1.it.cs.umb.edu itvm24-1 10.0.0.132 itvm25-1.it.cs.umb.edu itvm25-1 10.0.0.133 itvm26-1.it.cs.umb.edu itvm26-1

NIS Domain Name When you configure NIS, you will be asked for a domain name This is not the same as an Internet domain name The NIS domain name is used by NIS only It can be any value, but all machines on the network need to use the same NIS domain name For simplicity, we will use our network domain ( it.cs.umb.edu ) for our NIS domain name

NIS Software There are two components of the NIS package Server software runs on a server and provides copies of the configuration file Client software runs on all machines that use the software provided by the NIS Server

Setting Up NIS on it20 The same packages are used for both the server and the client versions of NIS On either machine you run sudo apt-get update sudo apt-get install nis sudo apt-get install sysv-rc-conf On the server, it20, the NIS configuration file /etc/default/nis must be changed from its default values o We set the value of NISSERVER to "master" o This tells it20 that it will be the master NIS server

Setting Up NIS on it20 NIS allows you to set up slave servers which get their data from the master We will not be using slave servers After the NIS software was installed on it20, the configuration file /etc/yp.conf had to be customized othe value of the ypserver parameter was set to 10.0.0.1, which is the IP address of it20 othis allows it20 to use the NIS service it provides other machines for itself

Setting Up NIS on it20 To set up the directory structure that NIS would use, an initialization script had to be run /usr/lib/yp/ypinit m The service was started using sudo service ypserv start Some daemons have to be assigned a runlevel A runlevel is one of seven states in the booting up and shutting down of a Linux machine

Setting Up NIS on it20 Each runlevel has access to different system processes The following command was used to set the proper runlevel for NIS sudo sysv-rc-conf ypserv on The next task in setting up NIS was to build the database Doing this required going to the /var/yp directory cd /var/vp and running sudo make

Setting Up NIS on it20 make is a utility that runs a compiler with the proper options to create a working software installation The instructions that make uses are contained in a file named Makefile You can look at the contents of this file by running less /var/vp/makefile after you connect to it20

/etc/nsswitch.conf /etc/nsswitch.conf tells a machine the order to get information from NIS or other information sources Each entry in this file represents a source of information that the machine uses to obtain configuration data For example the entry hosts: files dns tells the machine to first look in /etc/hosts when resolving a domain name into an IP address and then to use DNS

/etc/nsswitch.conf The most common values for information sources are Value Information Source file Local configuration file nis NIS server ldap LDAP server compat Local configuration file with some special options For more information run man nsswitch.conf

Creating New Accounts on Ubuntu One of the most basic tasks of a system administrators is creating an account for a new user On Ubuntu there are two commands that will do this adduser useradd useradd is an executable file, while adduser is a Perl script that uses useradd, but is more userfriendly

Creating New Accounts on Ubuntu These programs make entries in the following configuration files /etc/passwd /etc/shadow /etc/group I will use adduser to create accounts for each of you on it20 Your account on it20 will have the same Unix ID as your account on the CS LAN

Creating New Accounts on Ubuntu Using NIS, this account information will be put on every machine so that you can log in using this account I am using adduser to do this because it has the --no-create-home option, which tells adduser not to create a home directory for this account o The reason I am using this option is that your home directory will be on your virtual machine o In the next project, we will use NFS to make this directory available on every virtual machine

/etc/passwd /etc/passwd contains basic information about each account on the machine At one time, this file did contain passwords but no longer Passwords have been moved to /etc/shadow, where they are encrypted /etc/passwd can be read by anyone, but only root can change it Each line is a entry for a specific account

/etc/passwd Each record consists of 7 fields, separated by colons : 1 - Username 2 - Password 3 - User ID (UID) 4 - Group ID (GID) 5 - Comment 6 - Home directory 7 - Command/Shell An x in the Password field means the password is in /etc/shadow

/etc/passwd The User ID (UID) is the internal representation of a Linux/Unix account The Username is just a convenience for human beings o o o UID 0 is assigned to root UIDs 1-99 are reserved for other predefined accounts UIDs 100-999 are reserved for other administrative purposes

/etc/passwd Group ID (GID) identifies the default group for this user The Comment field is optional, but it is sometimes used to add additional information about the user such as the user's full name, phone number, etc. The Command/Shell field ousually contains the absolute address of the default shell for the user obut, it can be any Linux/Unix command

/etc/shadow /etc/shadow stores passwords in an encrypted form Again, each line represents an account, and individual fields are separated by colons, : 1 - Username 2 - Password 3 - Last password change 4 - Minimum days 5 - Maximum days 6 - Warning days 7 - Inactive days 8 - Expire

/etc/shadow The Password field is encrypted Last password change is the number of days since January 1, 1970 that the password was last changed Minimum days is the number of days that must pass before the user can change the password Maximum days is the number of days, since the last password change, before a new password must be chosen

/etc/shadow Warning days is the number of days since the last password was changed that must occur before the user is warned that the password must be changed Inactive days is the number of days after the password expires that the account will remain active Expire is the number of days since January 1, 1970 after which the account can no longer be used

/etc/group A group is a collection of user accounts Groups can only be created by root /etc/group contains group data. There is a line in this file for each group on the machine, and individual fields are separated by a colon, : o o Group name Password o o Group ID Group List

/etc/group The Group name is for the benefit of human users. o The machine uses the Group ID (GID). o GID is the number the system uses to refer to a group The Password field may contain an encrypted password for the group. Most system admins do not assign passwords to groups The Group List field contains a list of usernames, which are included in the group A unique group is usually created automatically for each new user. The group name, is the same as the username

chown and chgrp Every file or directory has an owner and an assigned group By default the owner is the account that created the file or directory, and the group is the one created for that user To change the owner use chown chown UNIX_USERNAME FILE_OR_DIRECTORY To change the group use chgrp chgrp GROUPNAME FILE_OR_DIRECTORY Only root can run chown or chgrp

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback