Need DHCP client scripts for NIS

Mark Brown broonie at sirena.org.uk
Tue Jul 8 18:44:51 UTC 2008 

On Tue, Jul 08, 2008 at 12:08:57PM -0400, Paul Smith wrote:
> On Tue, 2008-07-08 at 16:23 +0100, Mark Brown wrote:

> > networks (I am aware of people doing this, usually with a slave
> > configured on the laptop for disconnected operation).

> I'm not sure I see the breakage, unless you mean you don't think such a
> user would want to connect to the master server while on-line.  If
> that's OK, then the user-configured /etc/yp.conf would specify the local
> slave, then when the system was on-line DHCP would provide a new server
> (the master or another slave) instead, then when the system went
> off-line the local slave info would be restored to /etc/yp.conf.

The breakage occurs when the user attaches to a network other than their
home network which is advertising the relevant DHCP options - their NIS
client will be reconfigured to use whatever settings apply there which
most likely isn't what's desired.

Yes, there are security considerations with this sort of setup but
people do do it.

> > The reason for being especially conservative here is that breaking the
> > NIS configuration can render the user unable to log in to the system -
> > the consequences of getting it wrong are extremely serious.

> True, but it takes a lot of customization to get there.  There's no way

Even more reason not to break people's systems!  :)

Another way to look at it is that if the user has made explicit
configuration changes (which they must have done to be using NIS) then
these shouldn't be overwritten unconditionally.

> > > I don't think any change is needed here.  The base system nsswitch.conf
> > > uses "compat" for the passwd, group, and shadow entries which is fine.

> > compat is only half the story - you also need to add the appropriate
> > +:::: entries to the relevant files for it to have any effect.

> Oh right.  I wonder why Debian/Ubuntu uses "compat" instead of "files
> nis" like most other distros?

compat is the better choice; files offers zero benefit and can do less.

> Don't get me wrong, I like "compat" as it's more powerful than "files
> nis".  But, as you point out, changes are required to base files in
> order to enable it.

There oughtn't to be any ill effect from adding the entries to systems
that don't use NIS at all.

-- 
"You grabbed my hand and we fell into it, like a daydream - or a fever."

More information about the Ubuntu-devel-discuss mailing list