1.\" Copyright (c) 1992, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. All advertising materials mentioning features or use of this software 13.\" must display the following acknowledgement: 14.\" This product includes software developed by the University of 15.\" California, Berkeley and its contributors. 16.\" 4. Neither the name of the University nor the names of its contributors 17.\" may be used to endorse or promote products derived from this software 18.\" without specific prior written permission. 19.\" 20.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 21.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 22.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 23.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 24.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 25.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 26.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 27.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 28.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 29.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 30.\" SUCH DAMAGE. 31.\" 32.\" @(#)netgroup.5 8.2 (Berkeley) 12/11/93 33.\" $FreeBSD: src/sbin/mountd/netgroup.5,v 1.10.2.2 2001/07/22 11:32:30 dd Exp $ 34.\" $DragonFly: src/sbin/mountd/netgroup.5,v 1.3 2004/03/11 12:28:54 hmp Exp $ 35.\" 36.Dd December 11, 1993 37.Dt NETGROUP 5 38.Os 39.Sh NAME 40.Nm netgroup 41.Nd defines network groups 42.Sh SYNOPSIS 43.Nm 44.Sh DESCRIPTION 45The 46.Nm 47file 48specifies ``netgroups'', which are sets of 49.Sy (host, user, domain) 50tuples that are to be given similar network access. 51.Pp 52Each line in the file 53consists of a netgroup name followed by a list of the members of the 54netgroup. 55Each member can be either the name of another netgroup or a specification 56of a tuple as follows: 57.Bd -literal -offset indent 58(host, user, domain) 59.Ed 60.Pp 61where the 62.Sy host , 63.Sy user , 64and 65.Sy domain 66are character string names for the corresponding component. 67Any of the comma separated fields may be empty to specify a ``wildcard'' value 68or may consist of the string ``-'' to specify ``no valid value''. 69The members of the list may be separated by whitespace and/or commas; 70the ``\e'' character may be used at the end of a line to specify 71line continuation. 72Lines are limited to 1024 characters. 73The functions specified in 74.Xr getnetgrent 3 75should normally be used to access the 76.Nm 77database. 78.Pp 79Lines that begin with a # are treated as comments. 80.Sh NIS/YP INTERACTION 81On most other platforms, 82.Nm Ns s 83are only used in conjunction with 84.Tn NIS 85and local 86.Pa /etc/netgroup 87files are ignored. 88With 89.Dx , 90.Nm Ns s 91can be used with either 92.Tn NIS 93or local files, but there are certain 94caveats to consider. 95The existing 96.Nm 97system is extremely inefficient where 98.Fn innetgr 3 99lookups are concerned since 100.Nm 101memberships are computed on the fly. 102By contrast, the 103.Tn NIS 104.Nm 105database consists of three separate maps (netgroup, netgroup.byuser 106and netgroup.byhost) that are keyed to allow 107.Fn innetgr 3 108lookups to be done quickly. 109The 110.Dx 111.Nm 112system can interact with the 113.Tn NIS 114.Nm 115maps in the following ways: 116.Bl -bullet -offset indent 117.It 118If the 119.Pa /etc/netgroup 120file does not exist, or it exists and is empty, or 121it exists and contains only a 122.Sq + , 123and 124.Tn NIS 125is running, 126.Nm 127lookups will be done exclusively through 128.Tn NIS , 129with 130.Fn innetgr 3 131taking advantage of the netgroup.byuser and 132netgroup.byhost maps to speed up searches. 133(This 134is more or less compatible with the behavior of SunOS and 135similar platforms.) 136.It 137If the 138.Pa /etc/netgroup 139exists and contains only local 140.Nm 141information (with no 142.Tn NIS 143.Sq + 144token), then only the local 145.Nm 146information will be processed (and 147.Tn NIS 148will be ignored). 149.It 150If 151.Pa /etc/netgroup 152exists and contains both local netgroup data 153.Pa and 154the 155.Tn NIS 156.Sq + 157token, the local data and the 158.Tn NIS 159netgroup 160map will be processed as a single combined 161.Nm 162database. 163While this configuration is the most flexible, it 164is also the least efficient: in particular, 165.Fn innetgr 3 166lookups will be especially slow if the 167database is large. 168.El 169.Sh FILES 170.Bl -tag -width /etc/netgroup -compact 171.It Pa /etc/netgroup 172the netgroup database 173.El 174.Sh SEE ALSO 175.Xr getnetgrent 3 , 176.Xr exports 5 177.Sh COMPATIBILITY 178The file format is compatible with that of various vendors, however it 179appears that not all vendors use an identical format. 180.Sh BUGS 181The interpretation of access restrictions based on the member tuples of a 182netgroup is left up to the various network applications. 183Also, it is not obvious how the domain specification 184applies to the 185.Bx 186environment. 187.Pp 188The 189.Nm 190database should be stored in the form of a 191hashed 192.Xr db 3 193database just like the 194.Xr passwd 5 195database to speed up reverse lookups. 196