diff --git a/libexec/bootpd/bootpd.8 b/libexec/bootpd/bootpd.8 index f0be800ae775..b3818589017a 100644 --- a/libexec/bootpd/bootpd.8 +++ b/libexec/bootpd/bootpd.8 @@ -37,7 +37,8 @@ utility implements a simple BOOTP gateway which can be used to forward requests and responses between clients on one subnet and a BOOTP server (i.e.\& .Nm ) -on another subnet. While either +on another subnet. +While either .Nm or .Nm bootpgw @@ -61,9 +62,11 @@ This mode of operation is referred to as "inetd mode" and causes .Nm (or .Nm bootpgw ) -to be started only when a boot request arrives. If it does not +to be started only when a boot request arrives. +If it does not receive another packet within fifteen minutes of the last one -it received, it will exit to conserve system resources. The +it received, it will exit to conserve system resources. +The .Fl t option controls this timeout (see OPTIONS). .Pp @@ -124,13 +127,14 @@ or 4 will set the debugging level to 4. For compatibility with older versions of .Nm , -omitting the numeric parameter (i.e. just +omitting the numeric parameter (i.e., just .Fl d ) will simply increment the debug level by one. .It Fl c Ar chdir-path Set the current directory used by .Nm -while checking the existence and size of client boot files. This is +while checking the existence and size of client boot files. +This is useful when client boot files are specified as relative pathnames, and .Nm needs to use the same current directory as the TFTP server @@ -146,11 +150,13 @@ listens on the IP address corresponding to the machine's hostname, as returned by .Xr gethostname 3 . .It Fl i -Force inetd mode. This option is obsolete, but remains for +Force inetd mode. +This option is obsolete, but remains for compatibility with older versions of .Nm . .It Fl s -Force standalone mode. This option is obsolete, but remains for +Force standalone mode. +This option is obsolete, but remains for compatibility with older versions of .Nm . .It Ar bootptab @@ -165,7 +171,8 @@ Specify the name of the file that will dump its internal database into when it receives a SIGUSR1 signal .No ( Nm -only). This option is only recognized if +only). +This option is only recognized if .Nm was compiled with the -DDEBUG flag. .It Ar server @@ -188,7 +195,8 @@ They differ in their handling of BOOTREQUEST packets. When .Nm bootpgw is started, it determines the address of a BOOTP server -whose name is provided as a command line parameter. When +whose name is provided as a command line parameter. +When .Nm bootpgw receives a BOOTREQUEST packet, it sets the "gateway address" and "hop count" fields in the packet and forwards the packet @@ -201,7 +209,8 @@ When is started it reads a configuration file, (normally .Pa /etc/bootptab ) that initializes the internal database of known clients and client -options. This internal database is reloaded +options. +This internal database is reloaded from the configuration file when .Nm receives a hangup signal (SIGHUP) or when it discovers that the diff --git a/libexec/bootpd/bootptab.5 b/libexec/bootpd/bootptab.5 index ad2ce1d45bc3..ec1223642ce3 100644 --- a/libexec/bootpd/bootptab.5 +++ b/libexec/bootpd/bootptab.5 @@ -17,7 +17,8 @@ the Internet Bootstrap Protocol server. Its format is similar to that of .Xr termcap 5 in which two-character case-sensitive tag symbols are used to -represent host parameters. These parameter declarations are separated by +represent host parameters. +These parameter declarations are separated by colons (:), with a general format of: .Pp .Dl "hostname:tg=value. . . :tg=value. . . :tg=value. . . ." @@ -26,12 +27,15 @@ where .Em hostname is the actual name of a bootp client (or a "dummy entry"), and .Em tg -is a two-character tag symbol. Dummy entries have an invalid hostname +is a two-character tag symbol. +Dummy entries have an invalid hostname (one with a "." as the first character) and are used to provide default values used by other entries via the .Em tc=.dummy-entry -mechanism. Most tags must be followed by an equals-sign -and a value as above. Some may also appear in a boolean form with no +mechanism. +Most tags must be followed by an equals-sign +and a value as above. +Some may also appear in a boolean form with no value (i.e.\& .Em :tg: ) . The currently recognized tags are: @@ -105,13 +109,16 @@ There is also a generic tag, .Pf T Em n , where .Em n -is an RFC1084 vendor field tag number. Thus it is possible to immediately +is an RFC1084 vendor field tag number. +Thus it is possible to immediately take advantage of future extensions to RFC1084 without being forced to modify .Nm bootpd -first. Generic data may be represented as either a stream of hexadecimal +first. +Generic data may be represented as either a stream of hexadecimal numbers or as a quoted string of .Tn ASCII -characters. The length of the generic +characters. +The length of the generic data is automatically determined and inserted into the proper field(s) of the RFC1084-style bootp reply. .Pp @@ -177,10 +184,12 @@ for Chaos, ARCNET, and AX.25 Amateur Radio networks, respectively. The .Em ha tag takes a hardware address which may be specified as a host name -or in numeric form. Note that the numeric form +or in numeric form. +Note that the numeric form .Em must be specified in hexadecimal; optional periods and/or a leading '0x' may be -included for readability. The +included for readability. +The .Em ha tag must be preceded by the .Em ht @@ -196,7 +205,8 @@ will try to determine the hardware address using The hostname, home directory, and bootfile are .Tn ASCII strings which may be -optionally surrounded by double quotes ("). The client's request and the +optionally surrounded by double quotes ("). +The client's request and the values of the .Em hd and @@ -258,7 +268,8 @@ use: The .Em sa tag may be used to specify the IP address of the particular TFTP server -you wish the client to use. In the absence of this tag, +you wish the client to use. +In the absence of this tag, .Nm bootpd will tell the client to perform TFTP to the same machine .Nm bootpd @@ -269,7 +280,8 @@ The time offset may be either a signed decimal integer specifying the client's time zone offset in seconds from UTC, or the keyword .Em auto -which uses the server's time zone offset. Specifying the +which uses the server's time zone offset. +Specifying the .Em to symbol as a boolean has the same effect as specifying .Em auto @@ -281,7 +293,8 @@ may be either a decimal, octal, or hexadecimal integer specifying the size of the bootfile in 512-octet blocks, or the keyword .Em auto which causes the server to automatically calculate the bootfile size at each -request. As with the time offset, specifying the +request. +As with the time offset, specifying the .Em bs symbol as a boolean has the same effect as specifying .Em auto @@ -302,7 +315,8 @@ or The .Em hn tag is strictly a boolean tag; it does not take the usual equals-sign and -value. Its presence indicates that the hostname should be sent to RFC1084 +value. +Its presence indicates that the hostname should be sent to RFC1084 clients. .Nm Bootpd attempts to send the entire hostname as it is specified in the configuration @@ -312,25 +326,30 @@ In no case is an arbitrarily-truncated hostname sent (if nothing reasonable will fit, nothing is sent). .Pp Often, many host entries share common values for certain tags (such as name -servers, etc.). Rather than repeatedly specifying these tags, a full +servers, etc.). +Rather than repeatedly specifying these tags, a full specification can be listed for one host entry and shared by others via the .Em tc (table continuation) mechanism. Often, the template entry is a dummy host which doesn't actually exist and -never sends bootp requests. This feature is similar to the +never sends bootp requests. +This feature is similar to the .Em tc feature of .Xr termcap 5 -for similar terminals. Note that +for similar terminals. +Note that .Nm bootpd allows the .Em tc tag symbol to appear anywhere in the host entry, unlike .Pa termcap -which requires it to be the last tag. Information explicitly specified for a +which requires it to be the last tag. +Information explicitly specified for a host always overrides information implied by a .Em tc -tag symbol, regardless of its location within the entry. The +tag symbol, regardless of its location within the entry. +The value of the .Em tc tag may be the hostname or IP address of any host entry @@ -347,7 +366,8 @@ as in .Xr termcap 5 . For example, to completely undo an IEN-116 name server specification, use .Em :ns@: -at an appropriate place in the configuration entry. After removal +at an appropriate place in the configuration entry. +After removal with .Em @ , a tag is eligible to be set again through the @@ -355,9 +375,12 @@ a tag is eligible to be set again through the mechanism. .Pp Blank lines and lines beginning with "#" are ignored in the configuration -file. Host entries are separated from one another by newlines; a single host +file. +Host entries are separated from one another by newlines; a single host entry may be extended over multiple lines if the lines end with a backslash -(\\). It is also acceptable for lines to be longer than 80 characters. Tags +(\\). +It is also acceptable for lines to be longer than 80 characters. +Tags may appear in any order, with the following exceptions: the hostname must be the very first field in an entry, and the hardware type must precede the hardware address. diff --git a/libexec/fingerd/fingerd.8 b/libexec/fingerd/fingerd.8 index 26ac3222fa9a..79202c6c4ecb 100644 --- a/libexec/fingerd/fingerd.8 +++ b/libexec/fingerd/fingerd.8 @@ -79,7 +79,7 @@ The .Nm utility closes its connections as soon as the output is finished. .Pp -If the line is null (i.e. just a +If the line is null (i.e., just a .Aq Tn CRLF is sent) then .Xr finger 1 diff --git a/libexec/ftpd/ftpd.8 b/libexec/ftpd/ftpd.8 index 059c59d08057..025fc3660571 100644 --- a/libexec/ftpd/ftpd.8 +++ b/libexec/ftpd/ftpd.8 @@ -53,7 +53,8 @@ The .Nm utility is the Internet File Transfer Protocol -server process. The server uses the +server process. +The server uses the .Tn TCP protocol and listens at the port specified with the @@ -223,13 +224,16 @@ If the file .Pa /etc/ftpmotd exists, .Nm -prints it after a successful login. Note the motd file used is the one -relative to the login environment. This means the one in +prints it after a successful login. +Note the motd file used is the one +relative to the login environment. +This means the one in .Pa ~ftp/etc in the anonymous user's case. .Pp The ftp server currently supports the following ftp requests. -The case of the requests is ignored. Requests marked [RW] are +The case of the requests is ignored. +Requests marked [RW] are disabled if .Fl r is specified. @@ -360,7 +364,7 @@ The user must have a standard shell returned by If the user name appears in the file .Pa /etc/ftpchroot , or the user is a member of a group with a group entry in this file, -i.e. one prefixed with +i.e., one prefixed with .Ql \&@ , the session's root will be changed to the directory specified in this file or to the user's login directory by @@ -508,7 +512,8 @@ The utility has internal support for handling remote requests to list files, and will not execute .Pa /bin/ls -in either a chrooted or non-chrooted environment. The +in either a chrooted or non-chrooted environment. +The .Pa ~/bin/ls executable need not be placed into the chrooted tree, nor need the .Pa ~/bin @@ -543,9 +548,11 @@ Default place for session logs. .Xr syslogd 8 .Sh BUGS The server must run as the super-user -to create sockets with privileged port numbers. It maintains +to create sockets with privileged port numbers. +It maintains an effective user id of the logged in user, reverting to -the super-user only when binding addresses to sockets. The +the super-user only when binding addresses to sockets. +The possible security holes have been extensively scrutinized, but are possibly incomplete. .Sh HISTORY diff --git a/libexec/rbootd/rbootd.8 b/libexec/rbootd/rbootd.8 index 91f52fd729d2..c00186f48fac 100644 --- a/libexec/rbootd/rbootd.8 +++ b/libexec/rbootd/rbootd.8 @@ -119,7 +119,7 @@ utility logs status and error messages via A startup message is always logged, and in the case of fatal errors (or deadly signals) a message is logged announcing the server's termination. In general, a non-fatal error is handled by ignoring the event that caused -it (e.g. an invalid Ethernet address in the config file causes that line +it (e.g.\& an invalid Ethernet address in the config file causes that line to be invalidated). .Pp The following signals have the specified effect when sent to the server diff --git a/libexec/revnetgroup/revnetgroup.8 b/libexec/revnetgroup/revnetgroup.8 index 18bfa2bbba4b..9a6258a59fc3 100644 --- a/libexec/revnetgroup/revnetgroup.8 +++ b/libexec/revnetgroup/revnetgroup.8 @@ -50,22 +50,26 @@ utility processes the contents of a file in .Xr netgroup 5 format into what is called .Pa reverse netgroup -form. That is, where the original file shows +form. +That is, where the original file shows netgroup memberships in terms of which members reside in a particular group, the reverse netgroup format specifies what groups are associated -with a particular member. This information is used to generate the +with a particular member. +This information is used to generate the .Pa netgroup.byuser and .Pa netgroup.byhosts .Tn NIS -maps. These reverse netgroup maps are used to help speed up +maps. +These reverse netgroup maps are used to help speed up netgroup lookups, particularly for the .Fn innetgr library function. .Pp For example, the standard .Pa /etc/netgroup -file may list a netgroup and a list of its members. Here, the +file may list a netgroup and a list of its members. +Here, the netgroup is considered the .Em key and the member names are the @@ -74,7 +78,8 @@ By contrast, the reverse .Pa netgroup.byusers database lists each unique member as the key and the netgroups to which the members belong become -the data. Separate databases are created to hold information pertaining +the data. +Separate databases are created to hold information pertaining to users and hosts; this allows netgroup username lookups and netgroup hostname lookups to be performed using independent keyspaces. .Pp @@ -83,13 +88,15 @@ By constructing these reverse netgroup databases (and the corresponding maps) in advance, the .Xr getnetgrent 3 library functions are spared from having to work out the dependencies -themselves on the fly. This is important on networks with large numbers +themselves on the fly. +This is important on networks with large numbers of users and hosts, since it can take a considerable amount of time to process very large netgroup databases. .Pp The .Nm -utility prints its results on the standard output. It is usually called +utility prints its results on the standard output. +It is usually called only by .Pa /var/yp/Makefile when rebuilding the @@ -109,7 +116,8 @@ original netgroup file is processed. Generate .Pa netgroup.byhost output; only hostname information in the -original netgroup file is processed. (Note at least one of the +original netgroup file is processed. +(Note at least one of the .Fl u or .Fl h @@ -119,9 +127,11 @@ The .Nm utility uses .Pa /etc/netgroup -as its default input file. The +as its default input file. +The .Fl f -flag allows the user to specify an alternate input file. Specifying ``-'' +flag allows the user to specify an alternate input file. +Specifying ``-'' as the input file causes .Nm to read from the standard input. @@ -137,7 +147,8 @@ to build the .Tn NIS databases .It Pa /etc/netgroup -the default netgroup database file. This file is most often found +the default netgroup database file. +This file is most often found only on the .Tn NIS master server diff --git a/libexec/rexecd/rexecd.8 b/libexec/rexecd/rexecd.8 index 2dbb14b68ba6..3c5bcda90ee3 100644 --- a/libexec/rexecd/rexecd.8 +++ b/libexec/rexecd/rexecd.8 @@ -46,7 +46,8 @@ The .Nm utility is the server for the .Xr rexec 3 -routine. The server provides remote execution facilities +routine. +The server provides remote execution facilities with authentication based on user names and passwords. .Pp @@ -62,7 +63,8 @@ is initiated: The server reads characters from the socket up to a NUL .Pq Ql \e0 -byte. The resultant string is +byte. +The resultant string is interpreted as an .Tn ASCII number, base 10. @@ -81,7 +83,8 @@ A NUL terminated, unencrypted password of at most 16 characters is retrieved on the initial socket. .It A NUL terminated command to be passed to a -shell is retrieved on the initial socket. The length of +shell is retrieved on the initial socket. +The length of the command is limited by the upper bound on the size of the system's argument list. .It @@ -96,7 +99,8 @@ aborted with a diagnostic message returned. .It A NUL byte is returned on the initial socket and the command line is passed to the normal login -shell of the user. The +shell of the user. +The shell inherits the network connections established by .Nm . diff --git a/libexec/rlogind/rlogind.8 b/libexec/rlogind/rlogind.8 index 8a240e9fc6c9..cd8d6fd41aac 100644 --- a/libexec/rlogind/rlogind.8 +++ b/libexec/rlogind/rlogind.8 @@ -46,14 +46,16 @@ The .Nm utility is the server for the .Xr rlogin 1 -program. The server provides a remote login facility +program. +The server provides a remote login facility with authentication based on privileged port numbers from trusted hosts. .Pp Options supported by .Nm : .Bl -tag -width indent .It Fl D -Set TCP_NODELAY socket option. This improves responsiveness at the expense of +Set TCP_NODELAY socket option. +This improves responsiveness at the expense of some additional network traffic. .It Fl a Ask hostname for verification. @@ -75,7 +77,8 @@ Enable vacuous mode. Enable .Tn DES encryption for all data passed via the rlogin -session. This may impact response time +session. +This may impact response time and .Tn CPU utilization, but provides increased security. @@ -139,13 +142,15 @@ The parent of the login process manipulates the master side of the pseudo terminal, operating as an intermediary between the login process and the client instance of the .Xr rlogin 1 -program. In normal operation, the packet protocol described +program. +In normal operation, the packet protocol described in .Xr pty 4 is invoked to provide .Ql ^S/^Q type facilities and propagate -interrupt signals to the remote programs. The login process +interrupt signals to the remote programs. +The login process propagates the client terminal's baud rate and terminal type, as found in the environment variable, .Ev TERM ; @@ -190,7 +195,8 @@ by the server failed. .El .Sh BUGS The authentication procedure used here assumes the integrity -of each client machine and the connecting medium. This is +of each client machine and the connecting medium. +This is insecure, but is useful in an .Dq open environment. diff --git a/libexec/rpc.rwalld/rpc.rwalld.8 b/libexec/rpc.rwalld/rpc.rwalld.8 index 79a02b11b89c..d5e1472732a6 100644 --- a/libexec/rpc.rwalld/rpc.rwalld.8 +++ b/libexec/rpc.rwalld/rpc.rwalld.8 @@ -46,7 +46,8 @@ The .Nm utility is a server which will send a message to users -currently logged in to the system. This server +currently logged in to the system. +This server invokes the .Xr wall 1 command to actually write the messages to the @@ -55,7 +56,8 @@ system. The following option is available: .Bl -tag -width indent .It Fl n -Do not become a daemon. This option is only available when +Do not become a daemon. +This option is only available when .Nm is not invoked by .Xr inetd 8 . diff --git a/libexec/rshd/rshd.8 b/libexec/rshd/rshd.8 index 392f941154ab..8b589b0dca83 100644 --- a/libexec/rshd/rshd.8 +++ b/libexec/rshd/rshd.8 @@ -49,7 +49,8 @@ is the server for the .Xr rcmd 3 routine and, consequently, for the .Xr rsh 1 -utility. The server provides remote execution facilities +utility. +The server provides remote execution facilities with authentication based on privileged port numbers from trusted hosts. .Pp The @@ -70,7 +71,8 @@ aborts the connection. The server reads characters from the socket up to a .Tn NUL -(`\e0') byte. The resultant string is +(`\e0') byte. +The resultant string is interpreted as an .Tn ASCII number, base 10. @@ -80,7 +82,8 @@ it is interpreted as the port number of a secondary stream to be used for the .Em stderr . A second connection is then created to the specified -port on the client's machine. The source port of this +port on the client's machine. +The source port of this second connection is also in the range 512-1023. .It The server checks the client's source address @@ -94,19 +97,22 @@ not match after verification, the dot-notation representation of the host address is used. .It A null terminated user name of at most 16 characters -is retrieved on the initial socket. This user name +is retrieved on the initial socket. +This user name is interpreted as the user identity on the .Em client Ns 's machine. .It A null terminated user name of at most 16 characters -is retrieved on the initial socket. This user name +is retrieved on the initial socket. +This user name is interpreted as a user identity to use on the .Em server Ns 's machine. .It A null terminated command to be passed to a -shell is retrieved on the initial socket. The length of +shell is retrieved on the initial socket. +The length of the command is limited by the upper bound on the size of the system's argument list. .It @@ -118,7 +124,8 @@ which uses the file .Pa /etc/hosts.equiv and the .Pa .rhosts -file found in the user's home directory. The +file found in the user's home directory. +The .Fl l option prevents .Xr ruserok 3 @@ -131,7 +138,8 @@ A .Tn NUL byte is returned on the initial socket and the command line is passed to the normal login -shell of the user. The +shell of the user. +The shell inherits the network connections established by .Nm . @@ -158,7 +166,8 @@ Do not use the user's .Pa .rhosts file for authentication, unless the user is the superuser. .It Fl n -Turn off transport level keepalive messages. This will prevent sessions +Turn off transport level keepalive messages. +This will prevent sessions from timing out if the client crashes or becomes unreachable. .El .Sh DIAGNOSTICS @@ -201,7 +210,8 @@ A .Xr fork 2 by the server failed. .It Sy : ... -The user's login shell could not be started. This message is returned +The user's login shell could not be started. +This message is returned on the connection associated with the .Em stderr , and is not preceded by a flag byte. @@ -239,7 +249,8 @@ are not supported. .El .Sh BUGS The authentication procedure used here assumes the integrity -of each client machine and the connecting medium. This is +of each client machine and the connecting medium. +This is insecure, but is useful in an .Dq open environment. diff --git a/libexec/rtld-aout/rtld.1aout b/libexec/rtld-aout/rtld.1aout index 7b8f3f0e7303..f7bca319862c 100644 --- a/libexec/rtld-aout/rtld.1aout +++ b/libexec/rtld-aout/rtld.1aout @@ -39,7 +39,8 @@ .Nm is a self-contained, position independent program image providing run-time support for loading and link-editing shared objects into a process' -address space. It uses the data structures +address space. +It uses the data structures (see .Xr link 5 ) contained within dynamically linked programs to determine which shared @@ -51,7 +52,8 @@ system call. After all shared libraries have been successfully loaded, .Nm proceeds to resolve external references from both the main program and -all objects loaded. A mechanism is provided for initialization routines +all objects loaded. +A mechanism is provided for initialization routines to be called, on a per-object basis, giving a shared object an opportunity to perform any extra set-up, before execution of the program proper begins. This is useful for C++ libraries that contain static constructors. @@ -66,7 +68,8 @@ process, .Em crt0 uses the special symbol .Va _DYNAMIC -to determine whether a program is in fact dynamically linked or not. Whenever +to determine whether a program is in fact dynamically linked or not. +Whenever the linker .Xr ld 1 has relocated this symbol to a location other than 0, @@ -82,7 +85,8 @@ passes control to .Nm Ns 's entry point before the program's .Fn main -routine is called. Thus, +routine is called. +Thus, .Nm can complete the link-editing process before the dynamic program calls upon services of any dynamic library. @@ -108,7 +112,8 @@ for shared libraries. This is ignored for set-user-ID and set-group-ID programs. .It Ev LD_PRELOAD A colon separated list of shared libraries, to be linked in before any -other shared libraries. If the directory is not specified then +other shared libraries. +If the directory is not specified then the directories specified by LD_LIBRARY_PATH will be searched first followed by the set of built-in standard directories. This is ignored for set-user-ID and set-group-ID programs. @@ -116,7 +121,8 @@ This is ignored for set-user-ID and set-group-ID programs. When set to a nonempty string, causes .Nm to relocate all external function calls before starting execution of the -program. Normally, function calls are bound lazily, at the first call +program. +Normally, function calls are bound lazily, at the first call of each function. .Ev LD_BIND_NOW increases the start-up time of a program, but it avoids run-time @@ -124,10 +130,12 @@ surprises caused by unexpectedly undefined functions. .It Ev LD_WARN_NON_PURE_CODE When set to a nonempty string, issue a warning whenever a link-editing operation requires modification of the text segment of some loaded -object. This is usually indicative of an incorrectly built library. +object. +This is usually indicative of an incorrectly built library. .It Ev LD_SUPPRESS_WARNINGS When set to a nonempty string, no warning messages of any kind are -issued. Normally, a warning is given if satisfactorily versioned +issued. +Normally, a warning is given if satisfactorily versioned library could not be found. .It Ev LD_IGNORE_MISSING_OBJECTS When set to a nonempty string, makes it a nonfatal condition if diff --git a/libexec/ypxfr/ypxfr.8 b/libexec/ypxfr/ypxfr.8 index 54c2f3f63c74..4e7b4d600256 100644 --- a/libexec/ypxfr/ypxfr.8 +++ b/libexec/ypxfr/ypxfr.8 @@ -57,7 +57,8 @@ from one .Tn NIS server to another using .Tn NIS -services. In +services. +In .Fx , .Nm is generally invoked by @@ -68,7 +69,8 @@ The .Nm utility is used primarily in environments where several .Tn NIS -servers are in use in a single domain. One server, the +servers are in use in a single domain. +One server, the .Tn NIS master, maintains the canonical copies of all @@ -77,7 +79,7 @@ maps, and all the other servers, the .Tn NIS slaves, copy new versions of the maps from the master whenever -any updates are made (i.e. when a user updates their password via +any updates are made (i.e., when a user updates their password via .Xr yppasswd 1 ) . .Pp When run, @@ -92,7 +94,8 @@ When the entire map has been transfered, .Nm deletes the original copy of .Ar mapname -and moves the temporary copy into its place. When the transfer is +and moves the temporary copy into its place. +When the transfer is complete, .Nm will attempt to send a 'clear current map' request to the local @@ -102,7 +105,8 @@ stale map. .Pp Note that all files created by .Nm -are owner readable and writable only for security reasons. Since the +are owner readable and writable only for security reasons. +Since the .Tn NIS maps and the directory in which they reside are normally owned by root, this prevents non-privileged users from making unauthorized @@ -114,14 +118,16 @@ servers, .Nm can be run periodically in a .Xr cron 8 -job. Maps which change infrequently +job. +Maps which change infrequently need only be updated once a day (preferably late at night when system usage is lowest), whereas those that are subject to frequent changes (such a .Pa passwd.byname and .Pa passwd.byuid ) -should be updated perhaps once every hour. Using +should be updated perhaps once every hour. +Using .Xr cron 8 to automatically update the @@ -140,7 +146,7 @@ servers to fall out of sync with each other. .Pp When .Nm -is invoked without a controlling terminal, e.g. from inside +is invoked without a controlling terminal, e.g.\& from inside .Xr ypserv 8 , it logs all its output using the .Xr syslog 3 @@ -154,20 +160,23 @@ has support for a special map transfer protocol which works in conjunction with the .Fx .Xr rpc.ypxfrd 8 -server. This protocol allows it to transfer raw map database files from +server. +This protocol allows it to transfer raw map database files from the .Tn NIS master server and can be many times faster than the standard transfer method, particularly for very large .Tn NIS -maps. The +maps. +The .Nm utility will check to see if the .Xr rpc.ypxfrd 8 server is registered on the .Tn NIS master server and attempt to use -it if it is present. If it isn't it will fall back to the standard +it if it is present. +If it isn't it will fall back to the standard transfer method, copying the map contents from .Xr ypserv 8 and creating new maps instead. @@ -193,7 +202,8 @@ The following options and flags are supported by .Nm : .Bl -tag -width indent .It Fl f -Force a map transfer. Normally, +Force a map transfer. +Normally, .Nm will not transfer a map if it determines that the .Tn NIS @@ -204,7 +214,8 @@ flag forces a transfer regardless of which server's version is more recent. .It Fl c Do not send a 'clear current map' request to the .Xr ypserv 8 -process running on the local host. This flag is normally used when +process running on the local host. +This flag is normally used when invoking .Nm manually on a machine that is not yet running @@ -221,7 +232,8 @@ domain. .It Fl h Ar source host Specify the name of the host from which to copy the .Tn NIS -maps. This option +maps. +This option is used to insure that .Nm only copies maps from the @@ -235,7 +247,8 @@ domains. .It Fl p Ar path Specify the top level directory containing the .Tn NIS -maps. By +maps. +By default, this path is .Pa /var/yp . The @@ -243,7 +256,8 @@ The flag allows you to specify an alternate path should you wish to store your .Tn NIS -maps in a different part of the file system. The +maps in a different part of the file system. +The .Tn NIS server, .Xr ypserv 8 ,