1.\" Copyright (c) 1992, 1993 2.\" The Regents of the University of California. All rights reserved. 3.\" 4.\" Redistribution and use in source and binary forms, with or without 5.\" modification, are permitted provided that the following conditions 6.\" are met: 7.\" 1. Redistributions of source code must retain the above copyright 8.\" notice, this list of conditions and the following disclaimer. 9.\" 2. Redistributions in binary form must reproduce the above copyright 10.\" notice, this list of conditions and the following disclaimer in the 11.\" documentation and/or other materials provided with the distribution. 12.\" 3. Neither the name of the University nor the names of its contributors 13.\" may be used to endorse or promote products derived from this software 14.\" without specific prior written permission. 15.\" 16.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 17.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 18.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 19.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 20.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 21.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 22.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 23.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 24.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 25.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 26.\" SUCH DAMAGE. 27.\" 28.\" @(#)netgroup.5 8.2 (Berkeley) 12/11/93 29.\" $FreeBSD: src/sbin/mountd/netgroup.5,v 1.10.2.2 2001/07/22 11:32:30 dd Exp $ 30.\" $DragonFly: src/sbin/mountd/netgroup.5,v 1.4 2006/02/17 19:33:33 swildner Exp $ 31.\" 32.Dd December 11, 1993 33.Dt NETGROUP 5 34.Os 35.Sh NAME 36.Nm netgroup 37.Nd defines network groups 38.Sh SYNOPSIS 39.Nm 40.Sh DESCRIPTION 41The 42.Nm 43file 44specifies ``netgroups'', which are sets of 45.Sy (host, user, domain) 46tuples that are to be given similar network access. 47.Pp 48Each line in the file 49consists of a netgroup name followed by a list of the members of the 50netgroup. 51Each member can be either the name of another netgroup or a specification 52of a tuple as follows: 53.Bd -literal -offset indent 54(host, user, domain) 55.Ed 56.Pp 57where the 58.Sy host , 59.Sy user , 60and 61.Sy domain 62are character string names for the corresponding component. 63Any of the comma separated fields may be empty to specify a ``wildcard'' value 64or may consist of the string ``-'' to specify ``no valid value''. 65The members of the list may be separated by whitespace and/or commas; 66the ``\e'' character may be used at the end of a line to specify 67line continuation. 68Lines are limited to 1024 characters. 69The functions specified in 70.Xr getnetgrent 3 71should normally be used to access the 72.Nm 73database. 74.Pp 75Lines that begin with a # are treated as comments. 76.Sh NIS/YP INTERACTION 77On most other platforms, 78.Nm Ns s 79are only used in conjunction with 80.Tn NIS 81and local 82.Pa /etc/netgroup 83files are ignored. 84With 85.Dx , 86.Nm Ns s 87can be used with either 88.Tn NIS 89or local files, but there are certain 90caveats to consider. 91The existing 92.Nm 93system is extremely inefficient where 94.Fn innetgr 3 95lookups are concerned since 96.Nm 97memberships are computed on the fly. 98By contrast, the 99.Tn NIS 100.Nm 101database consists of three separate maps (netgroup, netgroup.byuser 102and netgroup.byhost) that are keyed to allow 103.Fn innetgr 3 104lookups to be done quickly. 105The 106.Dx 107.Nm 108system can interact with the 109.Tn NIS 110.Nm 111maps in the following ways: 112.Bl -bullet -offset indent 113.It 114If the 115.Pa /etc/netgroup 116file does not exist, or it exists and is empty, or 117it exists and contains only a 118.Sq + , 119and 120.Tn NIS 121is running, 122.Nm 123lookups will be done exclusively through 124.Tn NIS , 125with 126.Fn innetgr 3 127taking advantage of the netgroup.byuser and 128netgroup.byhost maps to speed up searches. 129(This 130is more or less compatible with the behavior of SunOS and 131similar platforms.) 132.It 133If the 134.Pa /etc/netgroup 135exists and contains only local 136.Nm 137information (with no 138.Tn NIS 139.Sq + 140token), then only the local 141.Nm 142information will be processed (and 143.Tn NIS 144will be ignored). 145.It 146If 147.Pa /etc/netgroup 148exists and contains both local netgroup data 149.Pa and 150the 151.Tn NIS 152.Sq + 153token, the local data and the 154.Tn NIS 155netgroup 156map will be processed as a single combined 157.Nm 158database. 159While this configuration is the most flexible, it 160is also the least efficient: in particular, 161.Fn innetgr 3 162lookups will be especially slow if the 163database is large. 164.El 165.Sh FILES 166.Bl -tag -width /etc/netgroup -compact 167.It Pa /etc/netgroup 168the netgroup database 169.El 170.Sh COMPATIBILITY 171The file format is compatible with that of various vendors, however it 172appears that not all vendors use an identical format. 173.Sh SEE ALSO 174.Xr getnetgrent 3 , 175.Xr exports 5 176.Sh BUGS 177The interpretation of access restrictions based on the member tuples of a 178netgroup is left up to the various network applications. 179Also, it is not obvious how the domain specification 180applies to the 181.Bx 182environment. 183.Pp 184The 185.Nm 186database should be stored in the form of a 187hashed 188.Xr db 3 189database just like the 190.Xr passwd 5 191database to speed up reverse lookups. 192