Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

nisgrpadm(1) [opensolaris man page]

nisgrpadm(1)							   User Commands						      nisgrpadm(1)

NAME
nisgrpadm - NIS+ group administration command SYNOPSIS
nisgrpadm -a | -r | -t [-s] group principal... nisgrpadm -d | -l [-M] [-s] group nisgrpadm -c [-D defaults] [-M] [-s] group DESCRIPTION
The nisgrpadm utility is used to administer NIS+ groups. This command administers both groups and the groups' membership lists. nisgrpadm can create, destroy, or list NIS+ groups. nisgrpadm can be used to administer a group's membership list. It can add or delete principals to the group, or test principals for membership in the group. The names of NIS+ groups are syntactically similar to names of NIS+ objects but they occupy a separate namespace. A group named a.b.c.d. is represented by a NIS+ group object named a.groups_dir.b.c.d.; the functions described here all expect the name of the group, not the name of the corresponding group object. There are three types of group members: o An explicit member is just a NIS+ principal-name. For example: wickedwitch.west.oz. o An implicit ("domain") member, written *.west.oz., means that all principals in the given domain belong to this member. No other forms of wildcarding are allowed; wickedwitch.*.oz. is invalid, as is wickedwitch.west.*.. Note that principals in subdomains of the given domain are not included. o A recursive ("group") member, written @cowards.oz., refers to another group; all principals that belong to that group are con- sidered to belong here. Any member may be made negative by prefixing it with a minus sign ('-'). A group may thus contain explicit, implicit, recursive, negative explicit, negative implicit, and negative recursive members. A principal is considered to belong to a group if it belongs to at least one non-negative group member of the group and belongs to no nega- tive group members. Principal names must be fully qualified, whereas groups can be abbreviated on all operations except create. OPTIONS
The following options are supported: -a Adds the list of NIS+ principals specified to group. The principal name should be fully qualified. -c Creates group in the NIS+ namespace. The NIS+ group name should be fully qualified. -d Destroys (removes) group from the namespace. -D defaults When creating objects, this option specifies a different set of defaults to be used during this operation. The defaults string is a series of tokens separated by colons. These tokens represent the default values to be used for the generic object properties. All of the legal tokens are described below. ttl=time This token sets the default time to live for objects that are created by this command. The value time is specified in the format as defined by the nischttl(1) command. The default value is 12 hours. owner=ownername This token specifies that the NIS+ principal ownername should own the created object. Normally this value is the same as the principal who is executing the command. group=groupname This token specifies that the group groupname should be the group owner for the object that is created. The default value is NULL. access=rights This token specifies the set of access rights that are to be granted for the given object. The value rights is specified in the format as defined by the nischmod(1) command. The default value is ----rmcdr---r---. -l Lists the membership list of the specified group. (See -M option.) -M Master server only. Sends the lookup to the master server of the named data. This guarantees that the most up to date infor- mation is seen at the possible expense that the master server may be busy. Note that the -M flag is applicable only with the -l flag. -r Removes the list of principals specified from group. The principal name should be fully qualified. -s Work silently. Results are returned using the exit status of the command. This status can be translated into a text string using the niserror(1) command. -t Displays whether the principals specified are members in group. EXAMPLES
Administering Groups Example 1 Creating a group This example shows how to create a group in the foo.com. domain: example% nisgrpadm -c my_buds.foo.com. Example 2 How to remove a group This example shows how to remove the group from the current domain. example% nisgrpadm -d freds_group Administering Members Example 3 Adding to the group This example shows how one would add two principals, bob and betty, to the group my_buds.foo.com.: example% nisgrpadm -a my_buds.foo.com. bob.bar.com. betty.foo.com. Example 4 How to remove a principal from the group This example shows how to remove betty from freds_group: example% nisgrpadm -r freds_group betty.foo.com. ENVIRONMENT VARIABLES
NIS_DEFAULTS This variable contains a defaults string that will override the NIS+ standard defaults. NIS_PATH If this variable is set, and the NIS+ group name is not fully qualified, each directory specified will be searched until the group is found (see nisdefaults(1)). ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWnisu | +-----------------------------+-----------------------------+ SEE ALSO
NIS+(1), nischgrp(1), nischmod(1), nischttl(1), nisdefaults(1), niserror(1), nis_groups(3NSL), attributes(5) DIAGNOSTICS
NIS_SUCCESS On success, this command returns an exit status of 0. NIS_PERMISSION When you do not have the needed access right to change the group, the command returns this error. NIS_NOTFOUND This is returned when the group does not exist. NIS_TRYAGAIN This error is returned when the server for the group's domain is currently checkpointing or otherwise in a read-only state. The command should be retried at a later date. NIS_MODERROR This error is returned when the group was modified by someone else during the execution of the command. Reissue the com- mand and optionally recheck the group's membership list. NOTES
NIS+ might not be supported in future releases of the Solaris operating system. Tools to aid the migration from NIS+ to LDAP are available in the current Solaris release. For more information, visit http://www.sun.com/directory/nisplus/transition.html. SunOS 5.11 2 Dec 2005 nisgrpadm(1)
Man Page