About netgroups

The /etc/netgroup file defines network-wide groups used for permission checking when fielding requests for remote mounts, remote logins, and remote shells. For remote mounts, the information in netgroup is used to classify machines; for remote logins and remote shells, it is used to classify users. NIS clients can use netgroups to include the map entries for the members of a netgroup in the password file, /etc/passwd. See ``Using NIS maps in the password file'' for more details.

Each line of the netgroup file defines a group and has the format

groupname member_1 member_2

where member is either another group name or a triple (in the following format, parenthesis included):

(hostname,username,domainname)

Any of these three fields can be empty, in which case it signifies a wildcard. Thus the entry

   universal (,,)

The domainname field must either be the local domain name or empty for the netgroup entry to be used. This field does not limit the netgroup or provide security. The domainname field refers to the domain in which the triple is valid, not the domain containing the trusted host.

A gateway machine should be listed under all possible host names by which it may be recognized:

   wan (volga,,) (volga-cities,,)

   justmachines   (amazon,-,sun)
   justpeople(-,babbage,sun)

   (,,domain)

   (,,)

Network groups are contained in the Network Information Service and are accessed through these files:

/etc/yp/domainname/netgroup.dir
/etc/yp/domainname/netgroup.pag
/etc/yp/domainname/netgrp.usr.dir
/etc/yp/domainname/netgrp.usr.pag
/etc/yp/domainname/netgrp.hst.dir
/etc/yp/domainname/netgrp.hst.pag

These files can be created from /etc/netgroup using makedbm(NADM).

See also:

• ``Creating netgroups''

• ``Setting export access permissions''

• netgroup(NF)