netgroup(4nis)


netgroup -- list of network groups

Synopsis

/etc/netgroup

Description

The netgroup file defines network wide groups, used for permission checking when doing remote mounts, remote logins, and remote shells.

Files


/var/yp/domainname/netgroup.byhost
Corresponding NIS map containing group names, user names and host names. The host name is the key in the map.

/var/yp/domainname/netgroup.byuser
Same as netgroup.byhost, except key is user name instead of host name.

/var/yp/domainname/netgroup
Same as netgroup.byhost, except key is group name instead of host name.

Usage

For remote mounts, the information in the netgroup file is used to classify machines; for remote logins and remote shells, it is used to classify users.

Each line of the netgroup file defines a group and has the form:

groupname member ...

where a member is either another group name, or a triple:

(hostname, username, domainname)

Any of these three fields can be empty, in which case it signifies a wild card. For example,

   universal (,,)
defines a group to which everyone belongs.

The following netgroup entry defines a group consisting of the users church, turing or godel on any of the machines lambda or enigma in the domain calc:

   trusted	(lambda,church,calc) (enigma,turing,calc) (,godel,calc)
The domainname field must either be the local domain name or empty for the netgroup entry to be used. Note that this field does not limit the netgroup or provide security. The domainname field refers to the domain in which the triple is valid, not to the domain containing the trusted host.

A gateway machine should be listed under all possible hostnames by which it may be recognized:

   wan (gateway,,) (gateway-ebb,,)

Field names that begin with something other than a letter, digit or underscore (such as ``-'') work in precisely the opposite fashion. For example, consider the following entries:

   machines (analysis,-,diffeng) (synthsis,-,diffeng)
   people   (-,babbage,diffeng) (-,lovelace,diffeng)

The hosts analysis and synthsis belong to the group machines in the domain diffeng, but no users belong to them. Similarly, the users babbage and lovelace belong to the group people in the domain diffeng, but no machines belong to them.

When the Network Information Service (NIS) is in use, it references the NIS maps netgroup.byhost, netgroup.byuser or netgroup on the NIS server instead of /etc/netgroup.

Warnings

The triple (,, domain) allows all users and machines trusted access, and has the same effect as the triple (,,). To correctly restrict access to a specific set of members, use the hostname and username fields of the triple.

References

getnetgrent(3N), hosts.equiv(4tcp), makedbm(1Mnis), ypserv(1Mnis)
© 2004 The SCO Group, Inc. All rights reserved.
UnixWare 7 Release 7.1.4 - 25 April 2004