System Administration Guide: Naming and Directory Services (FNS and NIS+)

NIS+ Group Member Types

NIS+ groups can have three types of members: explicit, implicit, and recursive; and three types of nonmembers, also explicit, implicit, and recursive. These member types are used when adding or removing members of a group as described in The nisgrpadm Command.

Member Types

NIS+ groups also accept nonmembers in all three categories: explicit, implicit, and recursive. Nonmembers are principals specifically excluded from a group that they otherwise would be part of.

Nonmember Types

Nonmembers are identified by a minus sign in front of their name:

Group Syntax

The order in which inclusions and exclusions are entered does not matter. Exclusions always take precedence over inclusions. Thus, if a principal is a member of an included implicit domain and also a member of an excluded recursive group, then that principal is not included.

Thus, when using the nisgrpadm command, you can specify group members and nonmembers as shown in Table 17–2:

Table 17–2 Specifying Group Members and Nonmembers

Type of member 

Syntax 

Explicit member 

username.domain

Implicit member 

*.domain

Recursive member 

@groupname.domain

Explicit nonmember 

-username.domain

Implicit nonmember 

-*.domain

Recursive nonmember 

@groupname.domain