1.\" Copyright (c) 1992, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)netgroup.5 8.2 (Berkeley) 12/11/93 33.\" $FreeBSD$ 34.\" 35.Dd December 11, 1993 36.Dt NETGROUP 5 37.Os 38.Sh NAME 39.Nm netgroup 40.Nd defines network groups 41.Sh SYNOPSIS 42.Nm 43.Sh DESCRIPTION 44The 45.Nm 46file 47specifies ``netgroups'', which are sets of 48.Sy (host, user, domain) 49tuples that are to be given similar network access. 50.Pp 51Each line in the file 52consists of a netgroup name followed by a list of the members of the 53netgroup. 54Each member can be either the name of another netgroup or a specification 55of a tuple as follows: 56.Bd -literal -offset indent 57(host, user, domain) 58.Ed 59.Pp 60where the 61.Sy host , 62.Sy user , 63and 64.Sy domain 65are character string names for the corresponding component. 66Any of the comma separated fields may be empty to specify a ``wildcard'' value 67or may consist of the string ``-'' to specify ``no valid value''. 68The members of the list may be separated by whitespace and/or commas; 69the ``\e'' character may be used at the end of a line to specify 70line continuation. 71Lines are limited to 1024 characters. 72The functions specified in 73.Xr getnetgrent 3 74should normally be used to access the 75.Nm 76database. 77.Pp 78Lines that begin with a # are treated as comments. 79.Sh NIS/YP INTERACTION 80On most other platforms, 81.Nm Ns s 82are only used in conjunction with 83.Tn NIS 84and local 85.Pa /etc/netgroup 86files are ignored. 87With 88.Fx , 89.Nm Ns s 90can be used with either 91.Tn NIS 92or local files, but there are certain 93caveats to consider. 94The existing 95.Nm 96system is extremely inefficient where 97.Fn innetgr 3 98lookups are concerned since 99.Nm 100memberships are computed on the fly. 101By contrast, the 102.Tn NIS 103.Nm 104database consists of three separate maps (netgroup, netgroup.byuser 105and netgroup.byhost) that are keyed to allow 106.Fn innetgr 3 107lookups to be done quickly. 108The 109.Fx 110.Nm 111system can interact with the 112.Tn NIS 113.Nm 114maps in the following ways: 115.Bl -bullet -offset indent 116.It 117If the 118.Pa /etc/netgroup 119file does not exist, or it exists and is empty, or 120it exists and contains only a 121.Sq + , 122and 123.Tn NIS 124is running, 125.Nm 126lookups will be done exclusively through 127.Tn NIS , 128with 129.Fn innetgr 3 130taking advantage of the netgroup.byuser and 131netgroup.byhost maps to speed up searches. 132(This 133is more or less compatible with the behavior of SunOS and 134similar platforms.) 135.It 136If the 137.Pa /etc/netgroup 138exists and contains only local 139.Nm 140information (with no 141.Tn NIS 142.Sq + 143token), then only the local 144.Nm 145information will be processed (and 146.Tn NIS 147will be ignored). 148.It 149If 150.Pa /etc/netgroup 151exists and contains both local netgroup data 152.Pa and 153the 154.Tn NIS 155.Sq + 156token, the local data and the 157.Tn NIS 158netgroup 159map will be processed as a single combined 160.Nm 161database. 162While this configuration is the most flexible, it 163is also the least efficient: in particular, 164.Fn innetgr 3 165lookups will be especially slow if the 166database is large. 167.El 168.Sh FILES 169.Bl -tag -width /etc/netgroup -compact 170.It Pa /etc/netgroup 171the netgroup database 172.El 173.Sh SEE ALSO 174.Xr getnetgrent 3 , 175.Xr exports 5 176.Sh COMPATIBILITY 177The file format is compatible with that of various vendors, however it 178appears that not all vendors use an identical format. 179.Sh BUGS 180The interpretation of access restrictions based on the member tuples of a 181netgroup is left up to the various network applications. 182Also, it is not obvious how the domain specification 183applies to the 184.Bx 185environment. 186.Pp 187The 188.Nm 189database should be stored in the form of a 190hashed 191.Xr db 3 192database just like the 193.Xr passwd 5 194database to speed up reverse lookups. 195