1.\" Copyright (c) 1992, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)netgroup.5 8.2 (Berkeley) 12/11/93 29.\" 30.Dd December 11, 1993 31.Dt NETGROUP 5 32.Os 33.Sh NAME 34.Nm netgroup 35.Nd defines network groups 36.Sh SYNOPSIS 37.Nm 38.Sh DESCRIPTION 39The 40.Nm 41file 42specifies ``netgroups'', which are sets of 43.Sy (host, user, domain) 44tuples that are to be given similar network access. 45.Pp 46Each line in the file 47consists of a netgroup name followed by a list of the members of the 48netgroup. 49Each member can be either the name of another netgroup or a specification 50of a tuple as follows: 51.Bd -literal -offset indent 52(host, user, domain) 53.Ed 54.Pp 55where the 56.Sy host , 57.Sy user , 58and 59.Sy domain 60are character string names for the corresponding component. 61Any of the comma separated fields may be empty to specify a ``wildcard'' value 62or may consist of the string ``-'' to specify ``no valid value''. 63The members of the list may be separated by whitespace and/or commas; 64the ``\e'' character may be used at the end of a line to specify 65line continuation. 66Lines are limited to 1024 characters. 67The functions specified in 68.Xr getnetgrent 3 69should normally be used to access the 70.Nm 71database. 72.Pp 73Lines that begin with a # are treated as comments. 74.Sh NIS/YP INTERACTION 75On most other platforms, 76.Nm Ns s 77are only used in conjunction with 78.Tn NIS 79and local 80.Pa /etc/netgroup 81files are ignored. 82With 83.Fx , 84.Nm Ns s 85can be used with either 86.Tn NIS 87or local files, but there are certain 88caveats to consider. 89The existing 90.Nm 91system is extremely inefficient where 92.Fn innetgr 3 93lookups are concerned since 94.Nm 95memberships are computed on the fly. 96By contrast, the 97.Tn NIS 98.Nm 99database consists of three separate maps (netgroup, netgroup.byuser 100and netgroup.byhost) that are keyed to allow 101.Fn innetgr 3 102lookups to be done quickly. 103The 104.Fx 105.Nm 106system can interact with the 107.Tn NIS 108.Nm 109maps in the following ways: 110.Bl -bullet -offset indent 111.It 112If the 113.Pa /etc/netgroup 114file does not exist, or it exists and is empty, or 115it exists and contains only a 116.Sq + , 117and 118.Tn NIS 119is running, 120.Nm 121lookups will be done exclusively through 122.Tn NIS , 123with 124.Fn innetgr 3 125taking advantage of the netgroup.byuser and 126netgroup.byhost maps to speed up searches. 127(This 128is more or less compatible with the behavior of SunOS and 129similar platforms.) 130.It 131If the 132.Pa /etc/netgroup 133exists and contains only local 134.Nm 135information (with no 136.Tn NIS 137.Sq + 138token), then only the local 139.Nm 140information will be processed (and 141.Tn NIS 142will be ignored). 143.It 144If 145.Pa /etc/netgroup 146exists and contains both local netgroup data 147.Pa and 148the 149.Tn NIS 150.Sq + 151token, the local data and the 152.Tn NIS 153netgroup 154map will be processed as a single combined 155.Nm 156database. 157While this configuration is the most flexible, it 158is also the least efficient: in particular, 159.Fn innetgr 3 160lookups will be especially slow if the 161database is large. 162.El 163.Sh FILES 164.Bl -tag -width /etc/netgroup -compact 165.It Pa /etc/netgroup 166the netgroup database 167.El 168.Sh COMPATIBILITY 169The file format is compatible with that of various vendors, however it 170appears that not all vendors use an identical format. 171.Sh SEE ALSO 172.Xr getnetgrent 3 , 173.Xr exports 5 174.Sh BUGS 175The interpretation of access restrictions based on the member tuples of a 176netgroup is left up to the various network applications. 177Also, it is not obvious how the domain specification 178applies to the 179.Bx 180environment. 181.Pp 182The 183.Nm 184database should be stored in the form of a 185hashed 186.Xr db 3 187database just like the 188.Xr passwd 5 189database to speed up reverse lookups. 190