1.\" Copyright (c) 1992, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)netgroup.5 8.2 (Berkeley) 12/11/93 33.\" 34.Dd December 11, 1993 35.Dt NETGROUP 5 36.Os 37.Sh NAME 38.Nm netgroup 39.Nd defines network groups 40.Sh SYNOPSIS 41.Nm netgroup 42.Sh DESCRIPTION 43The 44.Nm netgroup 45file 46specifies ``netgroups'', which are sets of 47.Sy (host, user, domain) 48tuples that are to be given similar network access. 49.Pp 50Each line in the file 51consists of a netgroup name followed by a list of the members of the 52netgroup. 53Each member can be either the name of another netgroup or a specification 54of a tuple as follows: 55.Bd -literal -offset indent 56(host, user, domain) 57.Ed 58where the 59.Sy host , 60.Sy user , 61and 62.Sy domain 63are character string names for the corresponding component. 64Any of the comma separated fields may be empty to specify a ``wildcard'' value 65or may consist of the string ``-'' to specify ``no valid value''. 66The members of the list may be separated by whitespace and/or commas; 67the ``\e'' character may be used at the end of a line to specify 68line continuation. 69The functions specified in 70.Xr getnetgrent 3 71should normally be used to access the 72.Nm netgroup 73database. 74.Pp 75Lines that begin with a # are treated as comments. 76.Sh NIS/YP INTERACTION 77On most other platforms, 78.Nm netgroups 79are only used in conjunction with 80NIS and local 81.Pa /etc/netgroup 82files are ignored. With FreeBSD, 83.Nm netgroups 84can be used with either NIS or local files, but there are certain 85caveats to consider. The existing 86.Nm netgroup 87system is extremely inefficient where 88.Fn innetgr 3 89lookups are concerned since 90.Nm netgroup 91memberships are computed on the fly. By contrast, the NIS 92.Nm netgroup 93database consists of three separate maps (netgroup, netgroup.byuser 94and netgroup.byhost) that are keyed to allow 95.Fn innetgr 3 96lookups to be done quickly. The FreeBSD 97.Nm netgroup 98system can interact with the NIS 99.Nm netgroup 100maps in the following ways: 101.Bl -bullet -offset indent 102.It 103If the 104.Pa /etc/netgroup 105file does not exist, or it exists and is empty, or 106it exists and contains only a '+', and NIS is running, 107.Nm netgroup 108lookups will be done exclusively through NIS, with 109.Fn innetgr 3 110taking advantage of the netgroup.byuser and 111netgroup.byhost maps to speed up searches. (This 112is more or less compatible with the behavior of SunOS and 113similar platforms.) 114.It 115If the 116.Pa /etc/netgroup 117exists and contains only local 118.Nm netgroup 119information (with no NIS '+' token), then only the local 120.Nm netgroup 121information will be processed (and NIS will be ignored). 122.It 123If 124.Pa /etc/netgroup 125exists and contains both local netgroup data 126.Pa and 127the NIS '+' token, the local data and the NIS netgroup 128map will be processed as a single combined 129.Nm netgroup 130database. While this configuration is the most flexible, it 131is also the least efficient: in particular, 132.Fn innetgr 3 133lookups will be especially slow if the 134database is large. 135.El 136.Sh FILES 137.Bl -tag -width /etc/netgroup -compact 138.It Pa /etc/netgroup 139the netgroup database. 140.El 141.Sh SEE ALSO 142.Xr getnetgrent 3 , 143.Xr exports 5 144.Sh COMPATIBILITY 145The file format is compatible with that of various vendors, however it 146appears that not all vendors use an identical format. 147.Sh BUGS 148The interpretation of access restrictions based on the member tuples of a 149netgroup is left up to the various network applications. 150Also, it is not obvious how the domain specification 151applies to the BSD environment. 152.Pp 153The 154.Nm netgroup 155database should be stored in the form of a 156hashed 157.Xr db 3 158database just like the 159.Xr passwd 5 160database to speed up reverse lookups. 161