The /etc/netgroup file defines network-wide groups used for permission checking when fielding requests for remote mounts, remote logins, and remote shells. For remote mounts, the information in netgroup is used to classify machines; for remote logins and remote shells, it is used to classify users. NIS clients can use netgroups to include the map entries for the members of a netgroup in the password file, /etc/passwd. See ``Using NIS maps in the password file'' for more details.
Each line of the netgroup
file defines a group and has the format
groupname member_1 member_2
where member is either another group name or a triple (in the
following format, parenthesis included):
Any of these three fields can be empty, in which case it signifies a wildcard. Thus the entry
universal (,,)defines a group to which everyone belongs.
The domainname field must either be the local domain name or empty for the netgroup entry to be used. This field does not limit the netgroup or provide security. The domainname field refers to the domain in which the triple is valid, not the domain containing the trusted host.
A gateway machine should be listed under all possible host names by which it may be recognized:
wan (volga,,) (volga-cities,,)Field names that begin with something other than a letter, digit, or dash (such as `-') work in precisely the opposite way:
justmachines (amazon,-,sun) justpeople(-,babbage,sun)The machine amazon belongs to the group justmachines in the domain sun, but no users belong to it. Similarly, the user babbage belongs to the group justpeople in the domain sun, but no machines belong to it. The triple
(,,domain)allows all users and machines trusted access and has the same effect as the triple
(,,)To correctly restrict access to a specific set of members, use the hostname and username fields of the triple.
Network groups are contained in the Network Information Service
and are accessed through these files:
These files can be created from /etc/netgroup using