NAME | SYNOPSIS | DESCRIPTION | NIS/YP INTERACTION | FILES | ATTRIBUTES | SEE ALSO | COMPATIBILITY | BUGS
/etc/netgroup
The netgroup file specifies "netgroups", which are sets of (host, user, domain) combinations that are to be given similar network access.
Each line in the file consists of a netgroup name followed by a list of the members of the netgroup. Each member can be either the name of another netgroup or a specification of a combination as follows: (host, user, domain) where the host, user, and domain are character string names for the corresponding component. Any of the comma-separated fields may be empty to specify a "wildcard" value, or may consist of the string "-" to specify "no valid value". The members of the list may be separated by whitespace or commas; the "\" character may be used at the end of a line to specify line continuation. The functions specified in getnetgrent(3POSIX) should normally be used to access the netgroup database.
Lines that begin with "#" are treated as comments.
On most platforms, netgroups are only used in conjunction with NIS and local /etc/netgroup files are ignored. With ChorusOS, netgroups can be used with either NIS or local files, but there are certain caveats to consider. The existing netgroup system is extremely inefficient where innetgr(3POSIX) lookups are concerned since netgroup memberships are computed on the fly. By contrast, the NIS netgroup database consists of three separate maps (netgroup, netgroup.byuser and netgroup.byhost) that are keyed to allow innetgr(3POSIX) lookups to be done quickly. The ChorusOS netgroup system can interact with the NIS netgroup maps in the following ways:
If the /etc/netgroup file does not exist, or it exists and is empty, or it exists and contains only a "+" , and NIS is running, netgroup lookups will be done exclusively through NIS, with innetgr(3POSIX) taking advantage of the netgroup.byuser and netgroup.byhost maps to speed up searches. (This is more or less compatible with the behavior of SunOS and similar platforms.)
If the /etc/netgroup exists and contains only local netgroup information (with no NIS "+" token), then only the local netgroup information will be processed (and NIS will be ignored).
If /etc/netgroup exists and contains both local netgroup data and the NIS "+" token, the local data and the NIS netgroup map will be processed as a single combined netgroup database. While this configuration is the most flexible, it is also the least efficient: in particular, innetgr(3POSIX) lookups will be especially slow if the database is large.
/etc/netgroup the netgroup database
See attributes(5) for descriptions of the following attributes:
ATTRIBUTE TYPE | ATTRIBUTE VALUE |
---|---|
Interface Stability | Evolving |
This file format is compatible with that of a number of vendors; note, however, that not all vendors use an identical format.
The interpretation of access restrictions based on the members of a netgroup is left up to the network applications. The behavior of the domain specification with regard to the BSD environment is undefined.
NAME | SYNOPSIS | DESCRIPTION | NIS/YP INTERACTION | FILES | ATTRIBUTES | SEE ALSO | COMPATIBILITY | BUGS