NIS acceess trouble

I have NIS running on an FC4 network. Ordinary users are unable to read
the passwd maps by ypcat but can read hosts maps. root can read both.
How is NIS dependent upon user permissions?

"S Smethurst" <(E-Mail Removed)> wrote in message
news:45229f13$(E-Mail Removed)

> I have NIS running on an FC4 network. Ordinary users are unable to
> read the passwd maps by ypcat but can read hosts maps. root can read
> both. How is NIS dependent upon user permissions?

Why do you think ordinary users need to read the passwd map(s)?

Patrick wrote:
> "S Smethurst" <(E-Mail Removed)> wrote in message
> news:45229f13$(E-Mail Removed)
>
>
>>I have NIS running on an FC4 network. Ordinary users are unable to
>>read the passwd maps by ypcat but can read hosts maps. root can read
>>both. How is NIS dependent upon user permissions?
>
>
> Why do you think ordinary users need to read the passwd map(s)?
Hi Patrick,

processes like login and x sessions are not run as root, so it is these
that I am concerned about. e.g. shell looks like

[I have no name!@client ~]$ whoami
whoami: cannot find username for UID 501

"S Smethurst" <(E-Mail Removed)> wrote in message
news:(E-Mail Removed)

>>> I have NIS running on an FC4 network. Ordinary users are unable to
>>> read the passwd maps by ypcat but can read hosts maps. root can read
>>> both. How is NIS dependent upon user permissions?
>>
>> Why do you think ordinary users need to read the passwd map(s)?
>
> processes like login and x sessions are not run as root, so it is
> these that I am concerned about. e.g. shell looks like
>
> [I have no name!@client ~]$ whoami
> whoami: cannot find username for UID 501

Do you "passwd deny" in the ypserv.conf file on the NIS master?

Patrick wrote:
> "S Smethurst" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)
>
>
>>>>I have NIS running on an FC4 network. Ordinary users are unable to
>>>>read the passwd maps by ypcat but can read hosts maps. root can read
>>>>both. How is NIS dependent upon user permissions?
>>>
>>>Why do you think ordinary users need to read the passwd map(s)?
>>
>>processes like login and x sessions are not run as root, so it is
>>these that I am concerned about. e.g. shell looks like
>>
>>[I have no name!@client ~]$ whoami
>>whoami: cannot find username for UID 501
>
>
> Do you "passwd deny" in the ypserv.conf file on the NIS master?

No, I pretty much left ypserv.conf as default
Host : Domain : Map : Security
* : * : passwd.byname : port
* : * : passwd.byuid : port
* : * : shadow.byname : port
* : * : passwd.adjunct.byname : port
Its a good point though, that I ought to tie down the host and domain
values.

Patrick wrote:
> "S Smethurst" <(E-Mail Removed)> wrote in message
> news:(E-Mail Removed)
>
>
>>>>I have NIS running on an FC4 network. Ordinary users are unable to
>>>>read the passwd maps by ypcat but can read hosts maps. root can read
>>>>both. How is NIS dependent upon user permissions?
>>>
>>>Why do you think ordinary users need to read the passwd map(s)?
>>
>>processes like login and x sessions are not run as root, so it is
>>these that I am concerned about. e.g. shell looks like
>>
>>[I have no name!@client ~]$ whoami
>>whoami: cannot find username for UID 501
>
>
> Do you "passwd deny" in the ypserv.conf file on the NIS master?

Patrick,
I have just edited ypserv.conf to read
192.168.1.0/24:domainname:*:*
and hey-presto, login has its access rights back. But is too slack?
xfr_check_port:yes & securityort
looks like a good security idea, but gave me problems. Is our solution
risky?