Skip site navigation (1)Skip section navigation (2)

FreeBSD Manual Pages


home | help
NETGROUP(5)		    BSD	File Formats Manual		   NETGROUP(5)

     netgroup -- defines network groups


     The netgroup file specifies ``netgroups'',	which are sets of (host, user,
     domain) tuples that are to	be given similar network access.

     Each line in the file consists of a netgroup name followed	by a list of
     the members of the	netgroup.  Each	member can be either the name of an-
     other netgroup or a specification of a tuple as follows:

	   (host, user,	domain)

     where the host, user, and domain are character string names for the cor-
     responding	component.  Any	of the comma separated fields may be empty to
     specify a ``wildcard'' value or may consist of the	string ``-'' to	spec-
     ify ``no valid value''.  The members of the list may be separated by
     whitespace	and/or commas; the ``\'' character may be used at the end of a
     line to specify line continuation.	 Lines are limited to 1024 characters.
     The functions specified in	getnetgrent(3) should normally be used to ac-
     cess the netgroup database.

     Lines that	begin with a # are treated as comments.

     On	most other platforms, netgroups	are only used in conjunction with NIS
     and local /etc/netgroup files are ignored.	 With FreeBSD, netgroups can
     be	used with either NIS or	local files, but there are certain caveats to
     consider.	The existing netgroup system is	extremely inefficient where
     innetgr(3)	lookups	are concerned since netgroup memberships are computed
     on	the fly.  By contrast, the NIS netgroup	database consists of three
     separate maps (netgroup, netgroup.byuser and netgroup.byhost) that	are
     keyed to allow innetgr(3) lookups to be done quickly.  The	FreeBSD
     netgroup system can interact with the NIS netgroup	maps in	the following

	   o   If the /etc/netgroup file does not exist, or it exists and is
	       empty, or it exists and contains	only a `+', and	NIS is run-
	       ning, netgroup lookups will be done exclusively through NIS,
	       with innetgr(3) taking advantage	of the netgroup.byuser and
	       netgroup.byhost maps to speed up	searches.  (This is more or
	       less compatible with the	behavior of SunOS and similar plat-

	   o   If the /etc/netgroup exists and contains	only local netgroup
	       information (with no NIS	`+' token), then only the local
	       netgroup	information will be processed (and NIS will be ig-

	   o   If /etc/netgroup	exists and contains both local netgroup	data
	       and the NIS `+' token, the local	data and the NIS netgroup map
	       will be processed as a single combined netgroup database.
	       While this configuration	is the most flexible, it is also the
	       least efficient:	in particular, innetgr(3) lookups will be es-
	       pecially	slow if	the database is	large.

     /etc/netgroup  the	netgroup database

     The file format is	compatible with	that of	various	vendors, however it
     appears that not all vendors use an identical format.

     getnetgrent(3), exports(5)

     The interpretation	of access restrictions based on	the member tuples of a
     netgroup is left up to the	various	network	applications.  Also, it	is not
     obvious how the domain specification applies to the BSD environment.

     The netgroup database should be stored in the form	of a hashed db(3)
     database just like	the passwd(5) database to speed	up reverse lookups.

BSD			       December	11, 1993			   BSD


Want to link to this manual page? Use this URL:

home | help