DOC HOME SITE MAP MAN PAGES GNU INFO SEARCH PRINT BOOK
 
Configuring the Network Information Service (NIS)

About netgroups

The /etc/netgroup file defines network-wide groups used for permission checking when fielding requests for remote mounts, remote logins, and remote shells. For remote mounts, the information in netgroup is used to classify machines; for remote logins and remote shells, it is used to classify users. NIS clients can use netgroups to include the map entries for the members of a netgroup in the password file, /etc/passwd. See ``Using NIS maps in the password file'' for more details.

Each line of the netgroup file defines a group and has the format

groupname member_1 member_2

where member is either another group name or a triple (in the following format, parenthesis included):

(hostname,username,domainname)

Any of these three fields can be empty, in which case it signifies a wildcard. Thus the entry

   universal (,,)
defines a group to which everyone belongs.

The domainname field must either be the local domain name or empty for the netgroup entry to be used. This field does not limit the netgroup or provide security. The domainname field refers to the domain in which the triple is valid, not the domain containing the trusted host.

A gateway machine should be listed under all possible host names by which it may be recognized:

   wan (volga,,) (volga-cities,,)
Field names that begin with something other than a letter, digit, or dash (such as `-') work in precisely the opposite way:
   justmachines   (amazon,-,sun)
   justpeople(-,babbage,sun)
The machine amazon belongs to the group justmachines in the domain sun, but no users belong to it. Similarly, the user babbage belongs to the group justpeople in the domain sun, but no machines belong to it. The triple
   (,,domain)
allows all users and machines trusted access and has the same effect as the triple
   (,,)
To correctly restrict access to a specific set of members, use the hostname and username fields of the triple.

Network groups are contained in the Network Information Service and are accessed through these files:

/etc/yp/domainname/netgroup.dir
/etc/yp/domainname/netgroup.pag
/etc/yp/domainname/netgrp.usr.dir
/etc/yp/domainname/netgrp.usr.pag
/etc/yp/domainname/netgrp.hst.dir
/etc/yp/domainname/netgrp.hst.pag

These files can be created from /etc/netgroup using makedbm(NADM).

See also:


Next topic: Using NIS maps in the password file
Previous topic: About managing users

© 2005 The SCO Group, Inc. All rights reserved.
SCO OpenServer Release 6.0.0 -- 02 June 2005