1.\" Copyright (c) 1992, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.Dd December 11, 1993 29.Dt NETGROUP 5 30.Os 31.Sh NAME 32.Nm netgroup 33.Nd defines network groups 34.Sh SYNOPSIS 35.Nm 36.Sh DESCRIPTION 37The 38.Nm 39file 40specifies ``netgroups'', which are sets of 41.Sy (host, user, domain) 42tuples that are to be given similar network access. 43.Pp 44Each line in the file 45consists of a netgroup name followed by a list of the members of the 46netgroup. 47Each member can be either the name of another netgroup or a specification 48of a tuple as follows: 49.Bd -literal -offset indent 50(host, user, domain) 51.Ed 52.Pp 53where the 54.Sy host , 55.Sy user , 56and 57.Sy domain 58are character string names for the corresponding component. 59Any of the comma separated fields may be empty to specify a ``wildcard'' value 60or may consist of the string ``-'' to specify ``no valid value''. 61The members of the list may be separated by whitespace and/or commas; 62the ``\e'' character may be used at the end of a line to specify 63line continuation. 64Lines are limited to 1024 characters. 65The functions specified in 66.Xr getnetgrent 3 67should normally be used to access the 68.Nm 69database. 70.Pp 71Lines that begin with a # are treated as comments. 72.Sh NIS/YP INTERACTION 73On most other platforms, 74.Nm Ns s 75are only used in conjunction with 76.Tn NIS 77and local 78.Pa /etc/netgroup 79files are ignored. 80With 81.Fx , 82.Nm Ns s 83can be used with either 84.Tn NIS 85or local files, but there are certain 86caveats to consider. 87The existing 88.Nm 89system is extremely inefficient where 90.Fn innetgr 3 91lookups are concerned since 92.Nm 93memberships are computed on the fly. 94By contrast, the 95.Tn NIS 96.Nm 97database consists of three separate maps (netgroup, netgroup.byuser 98and netgroup.byhost) that are keyed to allow 99.Fn innetgr 3 100lookups to be done quickly. 101The 102.Fx 103.Nm 104system can interact with the 105.Tn NIS 106.Nm 107maps in the following ways: 108.Bl -bullet -offset indent 109.It 110If the 111.Pa /etc/netgroup 112file does not exist, or it exists and is empty, or 113it exists and contains only a 114.Sq + , 115and 116.Tn NIS 117is running, 118.Nm 119lookups will be done exclusively through 120.Tn NIS , 121with 122.Fn innetgr 3 123taking advantage of the netgroup.byuser and 124netgroup.byhost maps to speed up searches. 125(This 126is more or less compatible with the behavior of SunOS and 127similar platforms.) 128.It 129If the 130.Pa /etc/netgroup 131exists and contains only local 132.Nm 133information (with no 134.Tn NIS 135.Sq + 136token), then only the local 137.Nm 138information will be processed (and 139.Tn NIS 140will be ignored). 141.It 142If 143.Pa /etc/netgroup 144exists and contains both local netgroup data 145.Pa and 146the 147.Tn NIS 148.Sq + 149token, the local data and the 150.Tn NIS 151netgroup 152map will be processed as a single combined 153.Nm 154database. 155While this configuration is the most flexible, it 156is also the least efficient: in particular, 157.Fn innetgr 3 158lookups will be especially slow if the 159database is large. 160.El 161.Sh FILES 162.Bl -tag -width /etc/netgroup -compact 163.It Pa /etc/netgroup 164the netgroup database 165.El 166.Sh COMPATIBILITY 167The file format is compatible with that of various vendors, however it 168appears that not all vendors use an identical format. 169.Sh SEE ALSO 170.Xr getnetgrent 3 , 171.Xr exports 5 172.Sh BUGS 173The interpretation of access restrictions based on the member tuples of a 174netgroup is left up to the various network applications. 175Also, it is not obvious how the domain specification 176applies to the 177.Bx 178environment. 179.Pp 180The 181.Nm 182database should be stored in the form of a 183hashed 184.Xr db 3 185database just like the 186.Xr passwd 5 187database to speed up reverse lookups. 188