revnetgroup(8) [netbsd man page]
REVNETGROUP(8) BSD System Manager's Manual REVNETGROUP(8) NAME
revnetgroup -- generate reverse netgroup data SYNOPSIS
revnetgroup [-uh] [-f netgroup_file] DESCRIPTION
revnetgroup processes the contents of a file in netgroup(5) format into what is called reverse netgroup form. That is, where the original file shows netgroup memberships in terms of which members reside in a particular group, the reverse netgroup format specifies what groups are associated with a particular member. This information is used to generate the netgroup.byuser and netgroup.byhosts NIS maps. These reverse netgroup maps are used to help speed up netgroup lookups, particularly for the innetgr() library function. For example, the standard /etc/netgroup file may list a netgroup and a list of its members. Here, the netgroup is considered the key and the member names are the data. By contrast, the reverse netgroup.byusers database lists each unique member as the key and the netgroups to which the members belong become the data. Separate databases are created to hold information pertaining to users and hosts; this allows netgroup username lookups and netgroup hostname lookups to be performed using independent keyspaces. By constructing these reverse netgroup databases (and the corresponding NIS maps) in advance, the getnetgrent(3) library functions are spared from having to work out the dependencies themselves on the fly. This is important on networks with large numbers of users and hosts, since it can take a considerable amount of time to process very large netgroup databases. The revnetgroup command prints its results on the standard output. It is usually called only by /var/yp/<domain>/Makefile when rebuilding the NIS netgroup maps. OPTIONS
The revnetgroup command supports the following options: -u Generate netgroup.byuser output; only username information in the original netgroup file is processed. -h Generate netgroup.byhost output; only hostname information in the original netgroup file is processed. (Note at least one of the -u or -h flags must be specified.) [-f netgroup_file] The revnetgroup command uses /etc/netgroup as its default input file. The -f flag allows the user to specify an alternate input file. Specifying ``-'' as the input file causes revnetgroup to read from the standard input. FILES
/var/yp/<domain>/Makefile The Makefile that calls makedbm and revnetgroup to build the NIS databases. /etc/netgroup The default netgroup database file. This file is most often found only on the NIS master server. SEE ALSO
getnetgrent(3), netgroup(5), makedbm(8), nis(8) AUTHORS
Bill Paul <wpaul@ctr.columbia.edu> BSD
February 26, 2005 BSD
Check Out this Related Man Page
NETGROUP(5) BSD File Formats Manual NETGROUP(5) NAME
netgroup -- defines network groups SYNOPSIS
netgroup DESCRIPTION
The netgroup file specifies ``netgroups'', which are sets of (host, user, domain) tuples that are to be given similar network access. Each line in the file consists of a netgroup name followed by a list of the members of the netgroup. Each member can be either the name of another netgroup or a specification of a tuple as follows: (host, user, domain) where the host, user, and domain are character string names for the corresponding component. Any of the comma separated fields may be empty to specify a ``wildcard'' value or may consist of the string ``-'' to specify ``no valid value''. The members of the list may be separated by whitespace and/or commas; the ``'' character may be used at the end of a line to specify line continuation. Lines are limited to 1024 characters. The functions specified in getnetgrent(3) should normally be used to access the netgroup database. Lines that begin with a # are treated as comments. NIS
/YP INTERACTION On most other platforms, netgroups are only used in conjunction with NIS and local /etc/netgroup files are ignored. With FreeBSD, netgroups can be used with either NIS or local files, but there are certain caveats to consider. The existing netgroup system is extremely inefficient where innetgr(3) lookups are concerned since netgroup memberships are computed on the fly. By contrast, the NIS netgroup database consists of three separate maps (netgroup, netgroup.byuser and netgroup.byhost) that are keyed to allow innetgr(3) lookups to be done quickly. The FreeBSD netgroup system can interact with the NIS netgroup maps in the following ways: o If the /etc/netgroup file does not exist, or it exists and is empty, or it exists and contains only a '+', and NIS is running, netgroup lookups will be done exclusively through NIS, with innetgr(3) taking advantage of the netgroup.byuser and netgroup.byhost maps to speed up searches. (This is more or less compatible with the behavior of SunOS and similar platforms.) o If the /etc/netgroup exists and contains only local netgroup information (with no NIS '+' token), then only the local netgroup information will be processed (and NIS will be ignored). o If /etc/netgroup exists and contains both local netgroup data and the NIS '+' token, the local data and the NIS netgroup map will be processed as a single combined netgroup database. While this configuration is the most flexible, it is also the least effi- cient: in particular, innetgr(3) lookups will be especially slow if the database is large. FILES
/etc/netgroup the netgroup database COMPATIBILITY
The file format is compatible with that of various vendors, however it appears that not all vendors use an identical format. SEE ALSO
getnetgrent(3), exports(5) BUGS
The interpretation of access restrictions based on the member tuples of a netgroup is left up to the various network applications. Also, it is not obvious how the domain specification applies to the BSD environment. The netgroup database should be stored in the form of a hashed db(3) database just like the passwd(5) database to speed up reverse lookups. BSD
December 11, 1993 BSD