Home Man
Today's Posts

Linux & Unix Commands - Search Man Pages
Man Page or Keyword Search:
Select Section of Man Page:
Select Man Page Repository:

OpenSolaris 2009.06 - man page for netgroup (opensolaris section 4)

netgroup(4)				   File Formats 			      netgroup(4)

       netgroup - list of network groups


       A  netgroup  defines  a	network-wide group of hosts and users. Use a netgroup to restrict
       access to shared NFS filesystems and to restrict remote login and shell access.

       Network groups are stored in a network information services, such as LDAP, NIS,	or  NIS+,
       not in a local file.

       This manual page describes the format for a file that is used to supply input to a program
       such as ldapaddent(1M) for LDAP, makedbm(1M) for NIS, or  nisaddent(1M)	for  NIS+.  These
       programs build maps or tables used by their corresponding network information services.

       Each  line of the file defines the name and membership of a network group. The line should
       have the format:

	 groupname     member...

       The items on a line can be separated by a combination of one or more spaces or tabs.

       The groupname is the name of the group being defined. This is followed by a list  of  mem-
       bers  of  the group. Each member is either another group name, all of whose members are to
       be included in the group being defined, or a triple of the form:


       In each triple, any of the three fields hostname, username, and domainname, can be  empty.
       An empty field signifies a wildcard that matches any value in that field. Thus:

	 everything (,,this.domain)

       defines	a  group  named "everything" for the domain "this.domain" to which every host and
       user belongs.

       The domainname field refers to the domain in which the triple is  valid,  not  the  domain
       containing  the	host or user. In fact, applications using netgroup generally do not check
       the domainname. Therefore, using


       is equivalent to


       You can also use netgroups to control NFS mount access (see share_nfs(1M)) and to  control
       remote login and shell access (see hosts.equiv(4)). You can also use them to control local
       login access (see passwd(4), shadow(4), and compat in nsswitch.conf(4)).

       When used for these purposes, a host is considered a member of a netgroup if the  netgroup
       contains  any  triple  in which the hostname field matches the name of the host requesting
       access and the domainname field matches the domain of the host controlling access.

       Similarly, a user is considered a member of a netgroup if the netgroup contains any triple
       in which the username field matches the name of the user requesting access and the domain-
       name field matches the domain of the host controlling access.

       Note that when netgroups are used to control NFS mount access, access is granted depending
       only  on  whether  the requesting host is a member of the netgroup. Remote login and shell
       access can be controlled both on the basis of host and user membership  in  separate  net-

       /etc/netgroup	Used by a network information service's utility to construct a map or ta-
			ble that contains netgroup information. For example, ldapaddent(1M)  uses
			/etc/netgroup to construct an LDAP container.

       Note that the netgroup information must always be stored in a network information service,
       such as LDAP, NIS, or NIS+. The local file is only used to construct a map  or  table  for
       the network information service. It is never consulted directly.

       NIS+(1), ldapaddent(1M), makedbm(1M), nisaddent(1M), share_nfs(1M), innetgr(3C), hosts(4),
       hosts.equiv(4), nsswitch.conf(4), passwd(4), shadow(4)

       netgroup requires a network information service such as LDAP, NIS, or NIS+.

       Applications  may  make	general  membership  tests  using  the	innetgr()  function.  See

       Because the "-" character will not match any specific username or hostname, it is commonly
       used as a placeholder that will match only wildcarded membership queries. So, for example:

	 onlyhosts (host1,-,our.domain) (host2,-,our.domain)
	 onlyusers (-,john,our.domain) (-,linda,our.domain)

       effectively define netgroups containing only hosts and only users, respectively. Any other
       string  that  is  guaranteed  not to be a legal username or hostname will also suffice for
       this purpose.

       Use of placeholders will improve search performance.

       When a machine with multiple interfaces and multiple names is defined as  a  member  of	a
       netgroup,  one must list all of the names. See hosts(4). A manageable way to do this is to
       define a netgroup containing all of the machine names. For example, for a  host	"gateway"
       that has names "gateway-subnet1" and "gateway-subnet2" one may define the netgroup:

	 gateway (gateway-subnet1,,our.domain) (gateway-subnet2,,our.domain)

       and use this netgroup "gateway" whenever the host is to be included in another netgroup.

SunOS 5.11				   22 Jul 2004				      netgroup(4)

All times are GMT -4. The time now is 10:27 AM.

Unix & Linux Forums Content Copyrightę1993-2018. All Rights Reserved.
Show Password

Not a Forum Member?
Forgot Password?