xref: /freebsd/usr.sbin/mountd/netgroup.5 (revision 1e890b056ae039be18929c22b500c718bc4d0a5c)

.\" Copyright (c) 1992, 1993
.\"	The Regents of the University of California.  All rights reserved.
.\"
.\" Redistribution and use in source and binary forms, with or without
.\" modification, are permitted provided that the following conditions
.\" are met:
.\" 1. Redistributions of source code must retain the above copyright
.\"    notice, this list of conditions and the following disclaimer.
.\" 2. Redistributions in binary form must reproduce the above copyright
.\"    notice, this list of conditions and the following disclaimer in the
.\"    documentation and/or other materials provided with the distribution.
.\" 3. All advertising materials mentioning features or use of this software
.\"    must display the following acknowledgement:
.\"	This product includes software developed by the University of
.\"	California, Berkeley and its contributors.
.\" 4. Neither the name of the University nor the names of its contributors
.\"    may be used to endorse or promote products derived from this software
.\"    without specific prior written permission.
.\"
.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
.\"     @(#)netgroup.5	8.2 (Berkeley) 12/11/93
.\"
.Dd December 11, 1993
.Dt NETGROUP 5
.Os
.Sh NAME
.Nm netgroup
.Nd defines network groups
.Sh SYNOPSIS
.Nm netgroup
.Sh DESCRIPTION
The
.Nm netgroup
file
specifies ``netgroups'', which are sets of
.Sy (host, user, domain)
tuples that are to be given similar network access.
.Pp
Each line in the file
consists of a netgroup name followed by a list of the members of the
netgroup.
Each member can be either the name of another netgroup or a specification
of a tuple as follows:
.Bd -literal -offset indent
(host, user, domain)
.Ed
where the
.Sy host ,
.Sy user ,
and
.Sy domain
are character string names for the corresponding component.
Any of the comma separated fields may be empty to specify a ``wildcard'' value
or may consist of the string ``-'' to specify ``no valid value''.
The members of the list may be separated by whitespace and/or commas;
the ``\e'' character may be used at the end of a line to specify
line continuation.
The functions specified in
.Xr getnetgrent 3
should normally be used to access the
.Nm netgroup
database.
.Pp
Lines that begin with a # are treated as comments.
.Sh NIS/YP INTERACTION
On most other platforms,
.Nm netgroups
are only used in conjunction with
NIS and local
.Pa /etc/netgroup
files are ignored. With FreeBSD,
.Nm netgroups
can be used with either NIS or local files, but there are certain
caveats to consider. The existing
.Nm netgroup
system is extremely inefficient where
.Fn innetgr 3
lookups are concerned since
.Nm netgroup
memberships are computed on the fly. By contrast, the NIS
.Nm netgroup
database consists of three seperate maps (netgroup, netgroup.byuser
and netgroup.byhost) that are keyed to allow
.Fn innetgr 3
lookups to be done quickly. The FreeBSD
.Nm netgroup
system can interact with the NIS
.Nm netgroup
maps in the following ways:
.Bl -bullet -offset indent
.It
If the
.Pa /etc/netgroup
file does not exist, or it exists and is empty, or
it exists and contains only a '+', and NIS is running,
.Nm netgroup
lookups will be done exclusively through NIS, with
.Fn innetgr 3
taking advantage of the netgroup.byuser and
netgroup.byhost maps to speed up searches. (This
is more or less compatible with the behavior of SunOS and
similar platforms.)
.It
If the
.Pa /etc/netgroup
exists and contains only local
.Nm netgroup
information (with no NIS '+' token), then only the local
.Nm netgroup
information will be processed (and NIS will be ingored).
.It
If
.Pa /etc/netgroup
exists and contains both local netgroup data
.Pa and
the NIS '+' token, the local data and the NIS netgroup
map will be processed as a single combined
.Nm netgroup
database. While this configuration is the most flexible, it
is also the least efficient: in particular,
.Fn innetgr 3
lookups will be especially slow if the
database is large.
.El
.Sh FILES
.Bl -tag -width /etc/netgroup -compact
.It Pa /etc/netgroup
the netgroup database.
.El
.Sh SEE ALSO
.Xr getnetgrent 3 ,
.Xr exports 5
.Sh COMPATIBILITY
The file format is compatible with that of various vendors, however it
appears that not all vendors use an identical format.
.Sh BUGS
The interpretation of access restrictions based on the member tuples of a
netgroup is left up to the various network applications.
Also, it is not obvious how the domain specification
applies to the BSD environment.
.Pp
The
.Nm netgroup
database should be stored in the form of a
hashed
.Xr db 3
database just like the
.Xr passwd 5
database to speed up reverse lookups.