Man page or keyword search:   man All Sections 1 - General Commands 2 - System Calls 3 - Subroutines, Functions 4 - Special Files 5 - File Formats 6 - Games and Screensavers 7 - Macros and Conventions 8 - Maintenence Commands 9 - Kernel Interface New Commands Server 4.4BSD AIX Alpinelinux Archlinux Aros BSDOS BSDi Bifrost CentOS Cygwin Darwin Debian DigitalUNIX DragonFly ElementaryOS Fedora FreeBSD Gentoo GhostBSD HP-UX Haiku Hurd IRIX Inferno JazzOS Kali Knoppix LinuxMint MacOSX Mageia Mandriva Manjaro Minix MirBSD NeXTSTEP NetBSD OPENSTEP OSF1 OpenBSD OpenDarwin OpenIndiana OpenMandriva OpenServer OpenSuSE OpenVMS Oracle PC-BSD Peanut Pidora Plan9 QNX Raspbian RedHat Scientific Slackware SmartOS Solaris SuSE SunOS Syllable Tru64 UNIXv7 Ubuntu Ultrix UnixWare Xenix YellowDog aLinux   16655 pages apropos Keyword Search (all sections) Output format html ascii pdf view pdf save postscript

NETGROUP(4)							   NETGROUP(4)

NAME
       netgroup - list of network groups

SYNOPSIS
       /etc/netgroup

DESCRIPTION
       A  netgroup defines a network-wide group of hosts and users. Use a net‐
       group to restrict access to shared  NFS	filesystems  and  to  restrict
       remote login and shell access.

       Network	groups	are  stored in a network information services, such as
       LDAP, NIS, or NIS+, not in a local file.

       This manual page describes the format for a file that is used to supply
       input  to  a  program  such as ldapaddent(1M) for LDAP, makedbm(1M) for
       NIS, or nisaddent(1M) for NIS+. These programs  build  maps  or	tables
       used by their corresponding network information services.

       Each  line  of  the  file  defines the name and membership of a network
       group. The line should have the format:

	 groupname     member...

       The items on a line can be separated by a combination of	 one  or  more
       spaces or tabs.

       The  groupname is the name of the group being defined. This is followed
       by a list of members of the group. Each member is either another	 group
       name,  all  of  whose  members  are  to	be included in the group being
       defined, or a triple of the form:

	 (hostname,username,domainname)

       In each triple, any of the three fields hostname, username, and domain‐
       name,  can  be  empty. An empty field signifies a wildcard that matches
       any value in that field. Thus:

	 everything (,,this.domain)

       defines a group named "everything"  for	the  domain  "this.domain"  to
       which every host and user belongs.

       The domainname field refers to the domain in which the triple is valid,
       not the domain containing the host or user. In fact, applications using
       netgroup generally do not check the domainname. Therefore, using

	 (,,domain)

       is equivalent to

	 (,,)

       You   can   also	 use  netgroups	 to  control  NFS  mount  access  (see
       share_nfs(1M)) and to  control  remote  login  and  shell  access  (see
       hosts.equiv(4)).	 You  can  also use them to control local login access
       (see passwd(4), shadow(4), and compat in nsswitch.conf(4)).

       When used for these purposes, a host is considered a member of  a  net‐
       group  if  the netgroup contains any triple in which the hostname field
       matches the name of the host requesting access and the domainname field
       matches the domain of the host controlling access.

       Similarly,  a user is considered a member of a netgroup if the netgroup
       contains any triple in which the username field matches the name of the
       user  requesting	 access and the domainname field matches the domain of
       the host controlling access.

       Note that when netgroups are used to control NFS mount  access,	access
       is granted depending only on whether the requesting host is a member of
       the netgroup. Remote login and shell access can be controlled  both  on
       the basis of host and user membership in separate netgroups.

FILES
       /etc/netgroup
			Used  by  a  network  information service's utility to
			construct a map or table that contains netgroup infor‐
			mation. For example, ldapaddent(1M) uses /etc/netgroup
			to construct an LDAP container.

       Note that the netgroup information must always be stored in  a  network
       information service, such as LDAP, NIS, or NIS+. The local file is only
       used to construct a map or table for the network	 information  service.
       It is never consulted directly.

SEE ALSO
       NIS+(1),	 ldapaddent(1M),  makedbm(1M),	nisaddent(1M),	share_nfs(1M),
       innetgr(3C),  hosts(4),	hosts.equiv(4),	 nsswitch.conf(4),  passwd(4),
       shadow(4)

NOTES
       netgroup	 requires  a network information service such as LDAP, NIS, or
       NIS+.

       Applications may make general  membership  tests	 using	the  innetgr()
       function. See innetgr(3C).

       Because the "-" character will not match any specific username or host‐
       name, it is commonly used as a placeholder that will match  only	 wild‐
       carded membership queries. So, for example:

	 onlyhosts (host1,-,our.domain) (host2,-,our.domain)
	 onlyusers (-,john,our.domain) (-,linda,our.domain)

       effectively  define  netgroups  containing  only	 hosts and only users,
       respectively. Any other string that is guaranteed not  to  be  a	 legal
       username or hostname will also suffice for this purpose.

       Use of placeholders will improve search performance.

       When  a	machine with multiple interfaces and multiple names is defined
       as a member of a	 netgroup,  one	 must  list  all  of  the  names.  See
       hosts(4).  A manageable way to do this is to define a netgroup contain‐
       ing all of the machine names. For example, for a	 host  "gateway"  that
       has  names  "gateway-subnet1"  and "gateway-subnet2" one may define the
       netgroup:

	 gateway (gateway-subnet1,,our.domain) (gateway-subnet2,,our.domain)

       and use this netgroup "gateway" whenever the host is to be included  in
       another netgroup.

				 Jul 22, 2004			   NETGROUP(4)

Vote for polarhome