Unix/Linux Go Back    

OpenSolaris 2009.06 - man page for nisgrpadm (opensolaris section 1)

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:   man
Select Man Page Set:       apropos Keyword Search (sections above)

nisgrpadm(1)				  User Commands 			     nisgrpadm(1)

       nisgrpadm - NIS+ group administration command

       nisgrpadm -a | -r | -t [-s] group principal...

       nisgrpadm -d | -l [-M] [-s] group

       nisgrpadm -c [-D defaults] [-M] [-s] group

       The  nisgrpadm  utility	is used to administer  NIS+ groups. This command administers both
       groups and the groups' membership lists. nisgrpadm can  create,	destroy,  or  list   NIS+
       groups.	nisgrpadm  can	be  used  to  administer a group's membership list. It can add or
       delete principals to the group, or test principals for membership in the group.

       The names of NIS+ groups are syntactically similar to names  of	 NIS+  objects	but  they
       occupy  a separate namespace. A group named a.b.c.d. is represented by a NIS+ group object
       named a.groups_dir.b.c.d.; the functions described here all expect the name of the  group,
       not the name of the corresponding group object.

       There are three types of group members:

	   o	  An  explicit	member	is  just  a  NIS+  principal-name.  For  example: wicked-

	   o	  An implicit ("domain") member, written *.west.oz., means that all principals in
		  the  given  domain  belong  to  this	member. No other forms of wildcarding are
		  allowed; wickedwitch.*.oz. is invalid, as  is  wickedwitch.west.*..  Note  that
		  principals in subdomains of the given domain are not included.

	   o	  A  recursive	("group")  member, written @cowards.oz., refers to another group;
		  all principals that belong to that group are considered to belong here.

       Any member may be made negative by prefixing it with a minus sign ('-'). A group may  thus
       contain	explicit, implicit, recursive, negative explicit, negative implicit, and negative
       recursive members.

       A principal is considered to belong to a group if it belongs to at least one  non-negative
       group member of the group and belongs to no negative group members.

       Principal  names  must be fully qualified, whereas groups can be abbreviated on all opera-
       tions  except create.

       The following options are supported:

       -a	      Adds the list of NIS+ principals specified to  group.  The  principal  name
		      should be fully qualified.

       -c	      Creates	group  in the NIS+ namespace. The NIS+ group name should be fully

       -d	      Destroys (removes)  group from the namespace.

       -D defaults    When creating objects, this option specifies a different set  of	 defaults
		      to be used during this operation. The defaults string is a series of tokens
		      separated by colons. These tokens represent the default values to  be  used
		      for  the	generic  object properties. All of the legal tokens are described

		      ttl=time		 This token sets the default time  to  live  for  objects
					 that  are  created  by  this  command. The value time is
					 specified in the format as defined  by  the  nischttl(1)
					 command. The default value is 12 hours.

		      owner=ownername	 This  token  specifies that the NIS+ principal ownername
					 should own the created object. Normally  this	value  is
					 the same as the principal who is executing the command.

		      group=groupname	 This  token specifies that the group groupname should be
					 the group owner for the object  that  is  created.   The
					 default value is NULL.

		      access=rights	 This  token  specifies the set of access rights that are
					 to be granted for the given object. The value rights  is
					 specified  in	the format as defined by the  nischmod(1)
					 command. The default value is ----rmcdr---r---.

       -l	      Lists the membership list of the specified  group. (See  -M option.)

       -M	      Master server only. Sends the lookup to the  master  server  of  the  named
		      data.  This  guarantees that the most up to date information is seen at the
		      possible expense that the master server may be busy. Note that the  -M flag
		      is applicable only with the -l flag.

       -r	      Removes  the  list  of principals specified from	group. The principal name
		      should be fully qualified.

       -s	      Work silently. Results are returned using the exit status of  the  command.
		      This  status  can  be  translated into a text string using the  niserror(1)

       -t	      Displays whether the principals specified are members in group.

   Administering Groups
       Example 1 Creating a group

       This example shows how to create a group in the	foo.com. domain:

	 example% nisgrpadm -c my_buds.foo.com.

       Example 2 How to remove a group

       This example shows how to remove the group from the current domain.

	 example% nisgrpadm -d freds_group

   Administering Members
       Example 3 Adding to the group

       This example shows how one would add  two  principals,	bob  and   betty,  to  the  group

	 example% nisgrpadm -a my_buds.foo.com. bob.bar.com. betty.foo.com.

       Example 4 How to remove a principal from the group

       This example shows how to remove  betty from  freds_group:

	 example% nisgrpadm -r freds_group betty.foo.com.

       NIS_DEFAULTS    This variable contains a defaults string that will override the NIS+ stan-
		       dard defaults.

       NIS_PATH        If this variable is set, and the NIS+ group name is not	fully  qualified,
		       each  directory	specified  will be searched until the group is found (see

       See attributes(5) for descriptions of the following attributes:

       |      ATTRIBUTE TYPE	     |	    ATTRIBUTE VALUE	   |
       |Availability		     |SUNWnisu			   |

       NIS+(1),   nischgrp(1),	  nischmod(1),	  nischttl(1),	  nisdefaults(1),    niserror(1),
       nis_groups(3NSL), attributes(5)

       NIS_SUCCESS	 On success, this command returns an exit status of 0.

       NIS_PERMISSION	 When  you  do	not have the needed access right to change the group, the
			 command returns this error.

       NIS_NOTFOUND	 This is returned when the group does not exist.

       NIS_TRYAGAIN	 This error is returned when the server for the group's  domain  is  cur-
			 rently  checkpointing	or  otherwise  in  a read-only state. The command
			 should be retried at a later date.

       NIS_MODERROR	 This error is returned when the group was modified by someone else  dur-
			 ing  the  execution  of  the command. Reissue the command and optionally
			 recheck the group's membership list.

       NIS+ might not be supported in future releases of the Solaris operating system.	Tools  to
       aid the migration from NIS+ to LDAP are available in the current Solaris release. For more
       information, visit http://www.sun.com/directory/nisplus/transition.html.

SunOS 5.11				    2 Dec 2005				     nisgrpadm(1)
Unix & Linux Commands & Man Pages : ©2000 - 2018 Unix and Linux Forums

All times are GMT -4. The time now is 11:14 PM.