Print this page 
re #11201 nss: need local netgroup implementation
   1 NETGROUP(4)             File Formats and Configurations            NETGROUP(4)
   2 
   3 
   4 
   5 NAME
   6        netgroup - list of network groups
   7 
   8 SYNOPSIS
   9        /etc/netgroup
  10 
  11 
  12 DESCRIPTION
  13        A netgroup defines a network-wide group of hosts and users. Use a
  14        netgroup to restrict access to shared NFS filesystems and to restrict
  15        remote login and shell access.
  16 
  17 
  18        Network groups are stored in a network information service, such as
  19        LDAP or NIS, not in a local file.


  20 
  21 
  22        This manual page describes the format for a file that is used to supply
  23        input to a program such as ldapaddent(1M) for LDAP or makedbm(1M) for
  24        NIS. These programs build maps or tables used by their corresponding
  25        network information services.
  26 
  27 
  28        Each line of the file defines the name and membership of a network
  29        group. The line should have the format:
  30 
  31          groupname     member...
  32 
  33 
  34 
  35 
  36        The items on a line can be separated by a combination of one or more
  37        spaces or tabs.
  38 
  39 
  40        The groupname is the name of the group being defined. This is followed
  41        by a list of members of the group. Each member is either another group
  42        name, all of whose members are to be included in the group being
  43        defined, or a triple of the form:
  44 
  45          (hostname,username,domainname)


  88        field matches the domain of the host controlling access.
  89 
  90 
  91        Similarly, a user is considered a member of a netgroup if the netgroup
  92        contains any triple in which the username field matches the name of the
  93        user requesting access and the domainname field matches the domain of
  94        the host controlling access.
  95 
  96 
  97        Note that when netgroups are used to control NFS mount access, access
  98        is granted depending only on whether the requesting host is a member of
  99        the netgroup. Remote login and shell access can be controlled both on
 100        the basis of host and user membership in separate netgroups.
 101 
 102 FILES
 103        /etc/netgroup
 104                         Used by a network information service's utility to
 105                         construct a map or table that contains netgroup
 106                         information. For example, ldapaddent(1M) uses
 107                         /etc/netgroup to construct an LDAP container.



 108 
 109 
 110 
 111        Note that the netgroup information must always be stored in a network
 112        information service, such as LDAP or NIS. The local file is only used
 113        to construct a map or table for the network information service. It is
 114        never consulted directly.
 115 
 116 SEE ALSO
 117        ldapaddent(1M), makedbm(1M), share_nfs(1M), innetgr(3C), hosts(4),
 118        hosts.equiv(4), nsswitch.conf(4), passwd(4), shadow(4)
 119 
 120 NOTES
 121        netgroup requires a network information service such as LDAP or NIS.
 122 
 123 
 124        Applications may make general membership tests using the innetgr()
 125        function. See innetgr(3C).
 126 
 127 
 128        Because the "-" character will not match any specific username or
 129        hostname, it is commonly used as a placeholder that will match only
 130        wildcarded membership queries. So, for example:
 131 
 132          onlyhosts (host1,-,our.domain) (host2,-,our.domain)
 133          onlyusers (-,john,our.domain) (-,linda,our.domain)
 134 
 135 
 136 
 137 
 138        effectively define netgroups containing only hosts and only users,
 139        respectively. Any other string that is guaranteed not to be a legal
 140        username or hostname will also suffice for this purpose.
 141 
 142 
 143        Use of placeholders will improve search performance.

   1 NETGROUP(4)             File Formats and Configurations            NETGROUP(4)
   2 
   3 
   4 
   5 NAME
   6        netgroup - list of network groups
   7 
   8 SYNOPSIS
   9        /etc/netgroup
  10 
  11 
  12 DESCRIPTION
  13        A netgroup defines a network-wide group of hosts and users. Use a
  14        netgroup to restrict access to shared NFS filesystems and to restrict
  15        remote login and shell access.
  16 
  17 
  18        Network groups are usually stored in network information services, such
  19        as LDAP, or NIS, but may alternatively be stored in the local
  20        /etc/netgroup file.  The netgroup line of the nsswitch.conf(4) file
  21        determines which of those sources are used.
  22 
  23 
  24        This manual page describes the format for a file that is used to supply
  25        input to a program such as ldapaddent(1M) for LDAP, or makedbm(1M) for
  26        NIS.  The same file format is used in the local /etc/netgroup file.

  27 
  28 
  29        Each line of the file defines the name and membership of a network
  30        group. The line should have the format:
  31 
  32          groupname     member...
  33 
  34 
  35 
  36 
  37        The items on a line can be separated by a combination of one or more
  38        spaces or tabs.
  39 
  40 
  41        The groupname is the name of the group being defined. This is followed
  42        by a list of members of the group. Each member is either another group
  43        name, all of whose members are to be included in the group being
  44        defined, or a triple of the form:
  45 
  46          (hostname,username,domainname)


  89        field matches the domain of the host controlling access.
  90 
  91 
  92        Similarly, a user is considered a member of a netgroup if the netgroup
  93        contains any triple in which the username field matches the name of the
  94        user requesting access and the domainname field matches the domain of
  95        the host controlling access.
  96 
  97 
  98        Note that when netgroups are used to control NFS mount access, access
  99        is granted depending only on whether the requesting host is a member of
 100        the netgroup. Remote login and shell access can be controlled both on
 101        the basis of host and user membership in separate netgroups.
 102 
 103 FILES
 104        /etc/netgroup
 105                         Used by a network information service's utility to
 106                         construct a map or table that contains netgroup
 107                         information. For example, ldapaddent(1M) uses
 108                         /etc/netgroup to construct an LDAP container.
 109                         Alternatively, the /etc/netgroup file may be used
 110                         directly if the files source is specified in
 111                         nsswitch.conf(4) for the netgroup database.
 112 
 113 
 114 





 115 SEE ALSO
 116        ldapaddent(1M), makedbm(1M), share_nfs(1M), innetgr(3C), hosts(4),
 117        hosts.equiv(4), nsswitch.conf(4), passwd(4), shadow(4)
 118 
 119 NOTES



 120        Applications may make general membership tests using the innetgr()
 121        function. See innetgr(3C).
 122 
 123 
 124        Because the "-" character will not match any specific username or
 125        hostname, it is commonly used as a placeholder that will match only
 126        wildcarded membership queries. So, for example:
 127 
 128          onlyhosts (host1,-,our.domain) (host2,-,our.domain)
 129          onlyusers (-,john,our.domain) (-,linda,our.domain)
 130 
 131 
 132 
 133 
 134        effectively define netgroups containing only hosts and only users,
 135        respectively. Any other string that is guaranteed not to be a legal
 136        username or hostname will also suffice for this purpose.
 137 
 138 
 139        Use of placeholders will improve search performance.