NIS binding probs w/Firewall and SELinux

[Matthew Gillen]

Scott Ehrlich wrote:
> Is there a file I can edit to ensure SELinux is disabled?   The system
> was initially installed with SELinux Enabled, then disabled later by me.

Well, there's a command you run to see what the current state is:
$ sestatus
SELinux status:                 disabled

or

$ sestatus
SELinux status:                 enabled
SELinuxfs mount:                /selinux
Current mode:                   enforcing
Mode from config file:          enforcing
Policy version:                 21
Policy from config file:        targeted

You can force it off at boot time by adding selinux=0 to your kernel parameters.

> In the meantime, I did find
> http://www.redhat.com/docs/manuals/linux/RHL-9-Manual/security-guide/s1-server-nis.html
> and will see if that may help.

That's talking about securing NIS, I think you're trying to un-secure it ;-)

The Redhat 9 manuals are /ancient/.  I'd stick with either the RHEL5 manuals
or the howto archive:
 https://www.redhat.com/docs/manuals/enterprise/
 http://tldp.org/HOWTO/NIS-HOWTO/index.html

> I think once I get past beyond the security issues, yp will work/bind fine.

You shouldn't need to disable SELinux to make ypserv/ypbind work.  I know it
works for Fedora, so I can't believe that RHEL would work any less well.
However, depending on your configuration, you may need to enable some of the
YP/NIS "booleans" in the targeted policy (ie I had to enable one to use NFS
home directories).  Running the system-config-selinux gui should guide you
through it.

The 'rpcinfo' command is your friend:
 /usr/sbin/rpcinfo -p serverhostname

from both the server and clients will tell you what's currently registered
with the portmapper.

Good luck,
Matt

-- 
This message has been scanned for viruses and
dangerous content by MailScanner, and is
believed to be clean.