big-one Sdiff usr/src/man/man4/netgroup.4

Print this page

re #11201 nss: need local netgroup implementation

   1 '\" te

   2 .\" Copyright (C) 2003, Sun Microsystems, Inc. All Rights Reserved
   3 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
   4 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
   5 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
   6 .TH NETGROUP 4 "Feb 25, 2017"
   7 .SH NAME
   8 netgroup \- list of network groups
   9 .SH SYNOPSIS
  10 .LP
  11 .nf
  12 \fB/etc/netgroup\fR
  13 .fi
  14 
  15 .SH DESCRIPTION
  16 .LP
  17 A \fBnetgroup\fR defines a network-wide group of hosts and users. Use a
  18 \fBnetgroup\fR to restrict access to shared \fBNFS\fR filesystems and to
  19 restrict remote login and shell access.
  20 .sp
  21 .LP
  22 Network groups are stored in a network information service, such as
  23 \fBLDAP\fR or \fBNIS\fR, not in a local file.


  24 .sp
  25 .LP
  26 This manual page describes the format for a file that is used to supply input
  27 to a program such as \fBldapaddent\fR(1M) for LDAP or \fBmakedbm\fR(1M) for
  28 NIS. These programs build maps or tables used by
  29 their corresponding network information services.
  30 .sp
  31 .LP
  32 Each line of the file defines the name and membership of a network group. The
  33 line should have the format:
  34 .sp
  35 .in +2
  36 .nf
  37 \fIgroupname     member\fR...
  38 .fi
  39 .in -2
  40 .sp
  41 
  42 .sp
  43 .LP
  44 The items on a line can be separated by a combination of one or more spaces or
  45 tabs.
  46 .sp
  47 .LP
  48 The \fIgroupname\fR is the name of the group being defined. This is followed by
  49 a list of members of the group. Each \fImember\fR is either another group name,

 113 .sp
 114 .LP
 115 Similarly, a user is considered a member of a \fBnetgroup\fR if the
 116 \fBnetgroup\fR contains any triple in which the \fIusername\fR field matches
 117 the name of the \fBuser\fR requesting access and the \fIdomainname\fR field
 118 matches the domain of the host controlling access.
 119 .sp
 120 .LP
 121 Note that when netgroups are used to control NFS mount access, access is
 122 granted depending only on whether the requesting host is a member of the
 123 \fBnetgroup\fR. Remote login and shell access can be controlled both on the
 124 basis of host and user membership in separate netgroups.
 125 .SH FILES
 126 .ne 2
 127 .na
 128 \fB\fB/etc/netgroup\fR\fR
 129 .ad
 130 .RS 17n
 131 Used by a network information service's utility to construct a map or table
 132 that contains \fBnetgroup\fR information. For example, \fBldapaddent\fR(1M)
 133 uses \fB/etc/netgroup\fR to construct an LDAP container.




 134 .RE
 135 
 136 .sp
 137 .LP
 138 Note that the netgroup information must always be stored in a network
 139 information service, such as \fBLDAP\fR or \fBNIS\fR. The local file is
 140 only used to construct a map or table for the network information service. It
 141 is never consulted directly.
 142 .SH SEE ALSO
 143 .LP
 144 \fBldapaddent\fR(1M), \fBmakedbm\fR(1M),
 145 \fBshare_nfs\fR(1M), \fBinnetgr\fR(3C), \fBhosts\fR(4), \fBhosts.equiv\fR(4),
 146 \fBnsswitch.conf\fR(4), \fBpasswd\fR(4), \fBshadow\fR(4)
 147 .SH NOTES
 148 .LP
 149 \fBnetgroup\fR requires a network information service such as \fBLDAP\fR
 150 or \fBNIS\fR.
 151 .sp
 152 .LP
 153 Applications may make general membership tests using the \fBinnetgr()\fR
 154 function. See \fBinnetgr\fR(3C).
 155 .sp
 156 .LP
 157 Because the "-" character will not match any specific username or hostname, it
 158 is commonly used as a placeholder that will match only wildcarded membership
 159 queries. So, for example:
 160 .sp
 161 .in +2
 162 .nf
 163 onlyhosts       (host1,-,our.domain) (host2,-,our.domain)
 164 onlyusers       (-,john,our.domain) (-,linda,our.domain)
 165 .fi
 166 .in -2
 167 .sp
 168 
 169 .sp
 170 .LP
 171 effectively define netgroups containing only hosts and only users,
 172 respectively. Any other string that is guaranteed not to be a legal username or

   1 '\" te
   2 .\" Copyright 2012 Nexenta Systems, Inc.  All rights reserved.
   3 .\" Copyright (C) 2003, Sun Microsystems, Inc. All Rights Reserved
   4 .\" The contents of this file are subject to the terms of the Common Development and Distribution License (the "License").  You may not use this file except in compliance with the License.
   5 .\" You can obtain a copy of the license at usr/src/OPENSOLARIS.LICENSE or http://www.opensolaris.org/os/licensing.  See the License for the specific language governing permissions and limitations under the License.
   6 .\" When distributing Covered Code, include this CDDL HEADER in each file and include the License file at usr/src/OPENSOLARIS.LICENSE.  If applicable, add the following below this CDDL HEADER, with the fields enclosed by brackets "[]" replaced with your own identifying information: Portions Copyright [yyyy] [name of copyright owner]
   7 .TH NETGROUP 4 "Feb 25, 2017"
   8 .SH NAME
   9 netgroup \- list of network groups
  10 .SH SYNOPSIS
  11 .LP
  12 .nf
  13 \fB/etc/netgroup\fR
  14 .fi
  15 
  16 .SH DESCRIPTION
  17 .LP
  18 A \fBnetgroup\fR defines a network-wide group of hosts and users. Use a
  19 \fBnetgroup\fR to restrict access to shared \fBNFS\fR filesystems and to
  20 restrict remote login and shell access.
  21 .sp
  22 .LP
  23 Network groups are usually stored in network information services,
  24 such as \fBLDAP\fR, or \fBNIS\fR, but may alternatively be stored in
  25 the local \fB/etc/netgroup\fR file.  The \fBnetgroup\fR line of the
  26 \fBnsswitch.conf\fR(4) file determines which of those sources are used.
  27 .sp
  28 .LP
  29 This manual page describes the format for a file that is used to supply input
  30 to a program such as \fBldapaddent\fR(1M) for LDAP, or \fBmakedbm\fR(1M) for
  31 NIS.  The same file format is used in the local \fB/etc/netgroup\fR file.

  32 .sp
  33 .LP
  34 Each line of the file defines the name and membership of a network group. The
  35 line should have the format:
  36 .sp
  37 .in +2
  38 .nf
  39 \fIgroupname     member\fR...
  40 .fi
  41 .in -2
  42 .sp
  43 
  44 .sp
  45 .LP
  46 The items on a line can be separated by a combination of one or more spaces or
  47 tabs.
  48 .sp
  49 .LP
  50 The \fIgroupname\fR is the name of the group being defined. This is followed by
  51 a list of members of the group. Each \fImember\fR is either another group name,

 115 .sp
 116 .LP
 117 Similarly, a user is considered a member of a \fBnetgroup\fR if the
 118 \fBnetgroup\fR contains any triple in which the \fIusername\fR field matches
 119 the name of the \fBuser\fR requesting access and the \fIdomainname\fR field
 120 matches the domain of the host controlling access.
 121 .sp
 122 .LP
 123 Note that when netgroups are used to control NFS mount access, access is
 124 granted depending only on whether the requesting host is a member of the
 125 \fBnetgroup\fR. Remote login and shell access can be controlled both on the
 126 basis of host and user membership in separate netgroups.
 127 .SH FILES
 128 .ne 2
 129 .na
 130 \fB\fB/etc/netgroup\fR\fR
 131 .ad
 132 .RS 17n
 133 Used by a network information service's utility to construct a map or table
 134 that contains \fBnetgroup\fR information. For example, \fBldapaddent\fR(1M)
 135 uses \fB/etc/netgroup\fR to construct an LDAP container.  Alternatively,
 136 the \fB/etc/netgroup\fR file may be used directly if the \fBfiles\fR
 137 source is specified in \fBnsswitch.conf\fR(4) for the \fBnetgroup\fR
 138 database.
 139 
 140 .RE
 141 






 142 .SH SEE ALSO
 143 .LP
 144 \fBldapaddent\fR(1M), \fBmakedbm\fR(1M),
 145 \fBshare_nfs\fR(1M), \fBinnetgr\fR(3C), \fBhosts\fR(4), \fBhosts.equiv\fR(4),
 146 \fBnsswitch.conf\fR(4), \fBpasswd\fR(4), \fBshadow\fR(4)
 147 .SH NOTES
 148 .LP




 149 Applications may make general membership tests using the \fBinnetgr()\fR
 150 function. See \fBinnetgr\fR(3C).
 151 .sp
 152 .LP
 153 Because the "-" character will not match any specific username or hostname, it
 154 is commonly used as a placeholder that will match only wildcarded membership
 155 queries. So, for example:
 156 .sp
 157 .in +2
 158 .nf
 159 onlyhosts       (host1,-,our.domain) (host2,-,our.domain)
 160 onlyusers       (-,john,our.domain) (-,linda,our.domain)
 161 .fi
 162 .in -2
 163 .sp
 164 
 165 .sp
 166 .LP
 167 effectively define netgroups containing only hosts and only users,
 168 respectively. Any other string that is guaranteed not to be a legal username or