xref: /freebsd/usr.sbin/mountd/netgroup.5 (revision 74853402238d0eafe83b7979b97772987211b6e8)
18fae3551SRodney W. Grimes.\" Copyright (c) 1992, 1993
28fae3551SRodney W. Grimes.\"	The Regents of the University of California.  All rights reserved.
38fae3551SRodney W. Grimes.\"
48fae3551SRodney W. Grimes.\" Redistribution and use in source and binary forms, with or without
58fae3551SRodney W. Grimes.\" modification, are permitted provided that the following conditions
68fae3551SRodney W. Grimes.\" are met:
78fae3551SRodney W. Grimes.\" 1. Redistributions of source code must retain the above copyright
88fae3551SRodney W. Grimes.\"    notice, this list of conditions and the following disclaimer.
98fae3551SRodney W. Grimes.\" 2. Redistributions in binary form must reproduce the above copyright
108fae3551SRodney W. Grimes.\"    notice, this list of conditions and the following disclaimer in the
118fae3551SRodney W. Grimes.\"    documentation and/or other materials provided with the distribution.
128fae3551SRodney W. Grimes.\" 3. All advertising materials mentioning features or use of this software
138fae3551SRodney W. Grimes.\"    must display the following acknowledgement:
148fae3551SRodney W. Grimes.\"	This product includes software developed by the University of
158fae3551SRodney W. Grimes.\"	California, Berkeley and its contributors.
168fae3551SRodney W. Grimes.\" 4. Neither the name of the University nor the names of its contributors
178fae3551SRodney W. Grimes.\"    may be used to endorse or promote products derived from this software
188fae3551SRodney W. Grimes.\"    without specific prior written permission.
198fae3551SRodney W. Grimes.\"
208fae3551SRodney W. Grimes.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
218fae3551SRodney W. Grimes.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
228fae3551SRodney W. Grimes.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
238fae3551SRodney W. Grimes.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
248fae3551SRodney W. Grimes.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
258fae3551SRodney W. Grimes.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
268fae3551SRodney W. Grimes.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
278fae3551SRodney W. Grimes.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
288fae3551SRodney W. Grimes.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
298fae3551SRodney W. Grimes.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
308fae3551SRodney W. Grimes.\" SUCH DAMAGE.
318fae3551SRodney W. Grimes.\"
328fae3551SRodney W. Grimes.\"     @(#)netgroup.5	8.2 (Berkeley) 12/11/93
338fae3551SRodney W. Grimes.\"
348fae3551SRodney W. Grimes.Dd December 11, 1993
358fae3551SRodney W. Grimes.Dt NETGROUP 5
368fae3551SRodney W. Grimes.Os
378fae3551SRodney W. Grimes.Sh NAME
388fae3551SRodney W. Grimes.Nm netgroup
398fae3551SRodney W. Grimes.Nd defines network groups
408fae3551SRodney W. Grimes.Sh SYNOPSIS
418fae3551SRodney W. Grimes.Nm netgroup
428fae3551SRodney W. Grimes.Sh DESCRIPTION
438fae3551SRodney W. GrimesThe
4474853402SPhilippe Charnier.Nm
458fae3551SRodney W. Grimesfile
468fae3551SRodney W. Grimesspecifies ``netgroups'', which are sets of
478fae3551SRodney W. Grimes.Sy (host, user, domain)
488fae3551SRodney W. Grimestuples that are to be given similar network access.
498fae3551SRodney W. Grimes.Pp
508fae3551SRodney W. GrimesEach line in the file
518fae3551SRodney W. Grimesconsists of a netgroup name followed by a list of the members of the
528fae3551SRodney W. Grimesnetgroup.
538fae3551SRodney W. GrimesEach member can be either the name of another netgroup or a specification
548fae3551SRodney W. Grimesof a tuple as follows:
558fae3551SRodney W. Grimes.Bd -literal -offset indent
568fae3551SRodney W. Grimes(host, user, domain)
578fae3551SRodney W. Grimes.Ed
5874853402SPhilippe Charnier.Pp
598fae3551SRodney W. Grimeswhere the
608fae3551SRodney W. Grimes.Sy host ,
618fae3551SRodney W. Grimes.Sy user ,
628fae3551SRodney W. Grimesand
638fae3551SRodney W. Grimes.Sy domain
648fae3551SRodney W. Grimesare character string names for the corresponding component.
658fae3551SRodney W. GrimesAny of the comma separated fields may be empty to specify a ``wildcard'' value
668fae3551SRodney W. Grimesor may consist of the string ``-'' to specify ``no valid value''.
678fae3551SRodney W. GrimesThe members of the list may be separated by whitespace and/or commas;
688fae3551SRodney W. Grimesthe ``\e'' character may be used at the end of a line to specify
69ce4a641cSPeter Hawkinsline continuation. Lines are limited to 1024 characters.
708fae3551SRodney W. GrimesThe functions specified in
718fae3551SRodney W. Grimes.Xr getnetgrent 3
728fae3551SRodney W. Grimesshould normally be used to access the
7374853402SPhilippe Charnier.Nm
748fae3551SRodney W. Grimesdatabase.
758fae3551SRodney W. Grimes.Pp
768fae3551SRodney W. GrimesLines that begin with a # are treated as comments.
771e890b05SBill Paul.Sh NIS/YP INTERACTION
781e890b05SBill PaulOn most other platforms,
7974853402SPhilippe Charnier.Nm Ns s
801e890b05SBill Paulare only used in conjunction with
8174853402SPhilippe Charnier.Tn NIS
8274853402SPhilippe Charnierand local
831e890b05SBill Paul.Pa /etc/netgroup
8474853402SPhilippe Charnierfiles are ignored. With
8574853402SPhilippe Charnier.Bx Free ,
8674853402SPhilippe Charnier.Nm Ns s
8774853402SPhilippe Charniercan be used with either
8874853402SPhilippe Charnier.Tn NIS
8974853402SPhilippe Charnieror local files, but there are certain
901e890b05SBill Paulcaveats to consider. The existing
9174853402SPhilippe Charnier.Nm
921e890b05SBill Paulsystem is extremely inefficient where
931e890b05SBill Paul.Fn innetgr 3
941e890b05SBill Paullookups are concerned since
9574853402SPhilippe Charnier.Nm
9674853402SPhilippe Charniermemberships are computed on the fly. By contrast, the
9774853402SPhilippe Charnier.Tn NIS
9874853402SPhilippe Charnier.Nm
99e71057d8SMike Pritcharddatabase consists of three separate maps (netgroup, netgroup.byuser
1001e890b05SBill Pauland netgroup.byhost) that are keyed to allow
1011e890b05SBill Paul.Fn innetgr 3
10274853402SPhilippe Charnierlookups to be done quickly. The
10374853402SPhilippe Charnier.Bx Free
10474853402SPhilippe Charnier.Nm
10574853402SPhilippe Charniersystem can interact with the
10674853402SPhilippe Charnier.Tn NIS
10774853402SPhilippe Charnier.Nm
1081e890b05SBill Paulmaps in the following ways:
1091e890b05SBill Paul.Bl -bullet -offset indent
1101e890b05SBill Paul.It
1111e890b05SBill PaulIf the
1121e890b05SBill Paul.Pa /etc/netgroup
1131e890b05SBill Paulfile does not exist, or it exists and is empty, or
11474853402SPhilippe Charnierit exists and contains only a
11574853402SPhilippe Charnier.Sq + ,
11674853402SPhilippe Charnierand
11774853402SPhilippe Charnier.Tn NIS
11874853402SPhilippe Charnieris running,
11974853402SPhilippe Charnier.Nm
12074853402SPhilippe Charnierlookups will be done exclusively through
12174853402SPhilippe Charnier.Tn NIS ,
12274853402SPhilippe Charnierwith
1231e890b05SBill Paul.Fn innetgr 3
1241e890b05SBill Paultaking advantage of the netgroup.byuser and
1251e890b05SBill Paulnetgroup.byhost maps to speed up searches. (This
1261e890b05SBill Paulis more or less compatible with the behavior of SunOS and
1271e890b05SBill Paulsimilar platforms.)
1281e890b05SBill Paul.It
1291e890b05SBill PaulIf the
1301e890b05SBill Paul.Pa /etc/netgroup
1311e890b05SBill Paulexists and contains only local
13274853402SPhilippe Charnier.Nm
13374853402SPhilippe Charnierinformation (with no
13474853402SPhilippe Charnier.Tn NIS
13574853402SPhilippe Charnier.Sq +
13674853402SPhilippe Charniertoken), then only the local
13774853402SPhilippe Charnier.Nm
13874853402SPhilippe Charnierinformation will be processed (and
13974853402SPhilippe Charnier.Tn NIS
14074853402SPhilippe Charnierwill be ignored).
1411e890b05SBill Paul.It
1421e890b05SBill PaulIf
1431e890b05SBill Paul.Pa /etc/netgroup
1441e890b05SBill Paulexists and contains both local netgroup data
1451e890b05SBill Paul.Pa and
14674853402SPhilippe Charnierthe
14774853402SPhilippe Charnier.Tn NIS
14874853402SPhilippe Charnier.Sq +
14974853402SPhilippe Charniertoken, the local data and the
15074853402SPhilippe Charnier.Tn NIS
15174853402SPhilippe Charniernetgroup
1521e890b05SBill Paulmap will be processed as a single combined
15374853402SPhilippe Charnier.Nm
1541e890b05SBill Pauldatabase. While this configuration is the most flexible, it
1551e890b05SBill Paulis also the least efficient: in particular,
1561e890b05SBill Paul.Fn innetgr 3
1571e890b05SBill Paullookups will be especially slow if the
1581e890b05SBill Pauldatabase is large.
1591e890b05SBill Paul.El
1608fae3551SRodney W. Grimes.Sh FILES
1618fae3551SRodney W. Grimes.Bl -tag -width /etc/netgroup -compact
1628fae3551SRodney W. Grimes.It Pa /etc/netgroup
16374853402SPhilippe Charnierthe netgroup database
1648fae3551SRodney W. Grimes.El
1658fae3551SRodney W. Grimes.Sh SEE ALSO
1668fae3551SRodney W. Grimes.Xr getnetgrent 3 ,
1678fae3551SRodney W. Grimes.Xr exports 5
1688fae3551SRodney W. Grimes.Sh COMPATIBILITY
1698fae3551SRodney W. GrimesThe file format is compatible with that of various vendors, however it
1708fae3551SRodney W. Grimesappears that not all vendors use an identical format.
1718fae3551SRodney W. Grimes.Sh BUGS
1728fae3551SRodney W. GrimesThe interpretation of access restrictions based on the member tuples of a
1738fae3551SRodney W. Grimesnetgroup is left up to the various network applications.
1748fae3551SRodney W. GrimesAlso, it is not obvious how the domain specification
17574853402SPhilippe Charnierapplies to the
17674853402SPhilippe Charnier.Bx
17774853402SPhilippe Charnierenvironment.
1781e890b05SBill Paul.Pp
1791e890b05SBill PaulThe
18074853402SPhilippe Charnier.Nm
1811e890b05SBill Pauldatabase should be stored in the form of a
1821e890b05SBill Paulhashed
1831e890b05SBill Paul.Xr db 3
1841e890b05SBill Pauldatabase just like the
1851e890b05SBill Paul.Xr passwd 5
1861e890b05SBill Pauldatabase to speed up reverse lookups.
187