1.\" Copyright (c) 1992, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)netgroup.5 8.2 (Berkeley) 12/11/93 33.\" $FreeBSD$ 34.\" 35.Dd December 11, 1993 36.Dt NETGROUP 5 37.Os 38.Sh NAME 39.Nm netgroup 40.Nd defines network groups 41.Sh SYNOPSIS 42.Nm netgroup 43.Sh DESCRIPTION 44The 45.Nm 46file 47specifies ``netgroups'', which are sets of 48.Sy (host, user, domain) 49tuples that are to be given similar network access. 50.Pp 51Each line in the file 52consists of a netgroup name followed by a list of the members of the 53netgroup. 54Each member can be either the name of another netgroup or a specification 55of a tuple as follows: 56.Bd -literal -offset indent 57(host, user, domain) 58.Ed 59.Pp 60where the 61.Sy host , 62.Sy user , 63and 64.Sy domain 65are character string names for the corresponding component. 66Any of the comma separated fields may be empty to specify a ``wildcard'' value 67or may consist of the string ``-'' to specify ``no valid value''. 68The members of the list may be separated by whitespace and/or commas; 69the ``\e'' character may be used at the end of a line to specify 70line continuation. Lines are limited to 1024 characters. 71The functions specified in 72.Xr getnetgrent 3 73should normally be used to access the 74.Nm 75database. 76.Pp 77Lines that begin with a # are treated as comments. 78.Sh NIS/YP INTERACTION 79On most other platforms, 80.Nm Ns s 81are only used in conjunction with 82.Tn NIS 83and local 84.Pa /etc/netgroup 85files are ignored. With 86.Fx , 87.Nm Ns s 88can be used with either 89.Tn NIS 90or local files, but there are certain 91caveats to consider. The existing 92.Nm 93system is extremely inefficient where 94.Fn innetgr 3 95lookups are concerned since 96.Nm 97memberships are computed on the fly. By contrast, the 98.Tn NIS 99.Nm 100database consists of three separate maps (netgroup, netgroup.byuser 101and netgroup.byhost) that are keyed to allow 102.Fn innetgr 3 103lookups to be done quickly. The 104.Fx 105.Nm 106system can interact with the 107.Tn NIS 108.Nm 109maps in the following ways: 110.Bl -bullet -offset indent 111.It 112If the 113.Pa /etc/netgroup 114file does not exist, or it exists and is empty, or 115it exists and contains only a 116.Sq + , 117and 118.Tn NIS 119is running, 120.Nm 121lookups will be done exclusively through 122.Tn NIS , 123with 124.Fn innetgr 3 125taking advantage of the netgroup.byuser and 126netgroup.byhost maps to speed up searches. (This 127is more or less compatible with the behavior of SunOS and 128similar platforms.) 129.It 130If the 131.Pa /etc/netgroup 132exists and contains only local 133.Nm 134information (with no 135.Tn NIS 136.Sq + 137token), then only the local 138.Nm 139information will be processed (and 140.Tn NIS 141will be ignored). 142.It 143If 144.Pa /etc/netgroup 145exists and contains both local netgroup data 146.Pa and 147the 148.Tn NIS 149.Sq + 150token, the local data and the 151.Tn NIS 152netgroup 153map will be processed as a single combined 154.Nm 155database. While this configuration is the most flexible, it 156is also the least efficient: in particular, 157.Fn innetgr 3 158lookups will be especially slow if the 159database is large. 160.El 161.Sh FILES 162.Bl -tag -width /etc/netgroup -compact 163.It Pa /etc/netgroup 164the netgroup database 165.El 166.Sh SEE ALSO 167.Xr getnetgrent 3 , 168.Xr exports 5 169.Sh COMPATIBILITY 170The file format is compatible with that of various vendors, however it 171appears that not all vendors use an identical format. 172.Sh BUGS 173The interpretation of access restrictions based on the member tuples of a 174netgroup is left up to the various network applications. 175Also, it is not obvious how the domain specification 176applies to the 177.Bx 178environment. 179.Pp 180The 181.Nm 182database should be stored in the form of a 183hashed 184.Xr db 3 185database just like the 186.Xr passwd 5 187database to speed up reverse lookups. 188