The first (somewhat boring) step for installing a NIS master is the creation of the source files location
and its appropriate contents at a stable location on the NIS master
virtual file system hierarchy. Furthermore, for security reasons it's
better to create 2 additional subdirectories within it in order to
segregate user account information from RBAC information from general information. Instead of a traditional directory structure, I'll use two Solaris specific technologies, ZFS and VARSHARE together with a Revision Control System. Simply use ordinary directories isn't the best approach where management and control are required.
Create sub-datasets of rpool/VARSHARE which will provide boot environments (BEs) independence and allow for ZFS snapshots and specific properties such as ZFS compression and ZFS deduplication. If on an immutable zone, be aware that a preliminary boot -w will be required in order to take snapshots, which is probably an inconvenience; NIS maps need to be frequently changed and taking a ZFS snapshot before each change would require 2 reboots. Because of this, one could consider a Version Control System such as Mercurial in order to streamline the management of the source maps by not requiring any reboots leaving ZFS snapshots would be left for more long term backup strategy. But thinking twice, that's not a good idea because no NIS client should be pointing to the NIS master but instead to a NIS slave. Rebooting the NIS master isn't an issue after all.
# zfs create -p rpool/VARSHARE/nis/acct
# zfs create -p rpool/VARSHARE/nis/rbac
# zfs list -t all -r rpool/VARSHARE
NAME USED AVAIL REFER MOUNTPOINT
rpool/VARSHARE 124K 13.9G 48K /var/share
rpool/VARSHARE/nis 95K 13.9G 33K /var/share/nis
rpool/VARSHARE/nis/acct 31K 13.9G 31K /var/share/nis/acct
rpool/VARSHARE/nis/rbac 31K 13.9G 31K /var/share/nis/rbac
# chmod -R 750 /var/share/nis
Following the Solaris best practice, a symbolic link is created.
# ln -s /var/share/nis /var/nis
# ls -lh /var | grep ^l
...
lrwxrwxrwx 1 root root ... nis -> ../var/share/nis
...
# ls -lh /var/share/nis
...
drwxr-x--- 2 root root ... acct
drwxr-x--- 2 root root ... rbac
Next the initial maps' sources are created.
# cd /var/share/nis
# cp /etc/{group,project} .
# cp /etc/{passwd,shadow} acct
# cp /etc/security/{prof_attr,exec_attr,auth_attr} rbac
# touch ethers netgroup netid
# sed -e '/^[^#]/d' < /etc/mail/aliases > ./aliases
# sed -e '/^[^#]/d' < /etc/hosts > ./hosts
# sed -e '/^[^#]/d' < /etc/auto_master > ./auto_master
# sed -e '/^[^#]/d' < /etc/auto_home > ./auto_home
# sed -e '/^[^#]/d' < /etc/networks > ./networks
# sed -e '/^[^#]/d' < /etc/netmasks > ./netmasks
# sed -e '/^[^#]/d' < /etc/protocols > ./protocols
# sed -e '/^[^#]/d' < /etc/services > ./services
# sed -e '/^[^#]/d' < /etc/rpc > ./rpc
# sed -e '/^[^#]/d' < /etc/publickey > ./publickey
# sed -e '/^[^#]/d' < /etc/user_attr > ./user_attr
# sed -e '/^[^#]/d' < /etc/sudoers > ./sudoers
# ln -s hosts ipnodes
# chmod -R o= /var/share/nis
# ls -lh /var/nis/*
total ...
-rw-r----- 1 root root ... aliases
-rw-r----- 1 root root ... auto_home
-rw-r----- 1 root root ... auto_master
-rw-r----- 1 root root ... ethers
-rw-r----- 1 root root ... group
-rw-r----- 1 root root ... hosts
lrwxrwxrwx 1 root root ... ipnodes -> hosts
-rw-r----- 1 root root ... netgroup
-rw-r----- 1 root root ... netid
-rw-r----- 1 root root ... netmasks
-rw-r----- 1 root root ... networks
-rw-r----- 1 root root ... project
-rw-r----- 1 root root ... protocols
-rw-r----- 1 root root ... publickey
-rw-r----- 1 root root ... rpc
-rw-r----- 1 root root ... services
-r--r----- 1 root root ... sudoers
-rw-r----- 1 root root ... user_attr
/var/nis/acct:
total ...
-rw-r----- 1 root root ... passwd
-r-------- 1 root root ... shadow
/var/nis/rbac:
total ...
-rw-r----- 1 root root ... auth_attr
-rw-r----- 1 root root ... exec_attr
-rw-r----- 1 root root ... prof_attr
Now the contents of the copied files must be appropriately adjusted
according to the best practices and requirements. I'm assuming all the
defaults of a fresh installation so certain source files require
cleanup:
# cd /var/nis
# cat /dev/null > acct/passwd
# cat /dev/null > acct/shadow
# cat /dev/null > ./group
# cat /dev/null > ./project
Now the source files and respective structure for the NIS maps are set.
Now proceed to install and configure the NIS master and its NIS slaves.
