diff options
Diffstat (limited to 'sbin/mountd/netgroup.5')
| -rw-r--r-- | sbin/mountd/netgroup.5 | 160 |
1 files changed, 160 insertions, 0 deletions
diff --git a/sbin/mountd/netgroup.5 b/sbin/mountd/netgroup.5 new file mode 100644 index 0000000..af7d448 --- /dev/null +++ b/sbin/mountd/netgroup.5 @@ -0,0 +1,160 @@ +.\" Copyright (c) 1992, 1993 +.\" The Regents of the University of California. All rights reserved. +.\" +.\" Redistribution and use in source and binary forms, with or without +.\" modification, are permitted provided that the following conditions +.\" are met: +.\" 1. Redistributions of source code must retain the above copyright +.\" notice, this list of conditions and the following disclaimer. +.\" 2. Redistributions in binary form must reproduce the above copyright +.\" notice, this list of conditions and the following disclaimer in the +.\" documentation and/or other materials provided with the distribution. +.\" 3. All advertising materials mentioning features or use of this software +.\" must display the following acknowledgement: +.\" This product includes software developed by the University of +.\" California, Berkeley and its contributors. +.\" 4. Neither the name of the University nor the names of its contributors +.\" may be used to endorse or promote products derived from this software +.\" without specific prior written permission. +.\" +.\" THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND +.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE +.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE +.\" ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE +.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL +.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS +.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT +.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY +.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF +.\" SUCH DAMAGE. +.\" +.\" @(#)netgroup.5 8.2 (Berkeley) 12/11/93 +.\" +.Dd December 11, 1993 +.Dt NETGROUP 5 +.Os +.Sh NAME +.Nm netgroup +.Nd defines network groups +.Sh SYNOPSIS +.Nm netgroup +.Sh DESCRIPTION +The +.Nm netgroup +file +specifies ``netgroups'', which are sets of +.Sy (host, user, domain) +tuples that are to be given similar network access. +.Pp +Each line in the file +consists of a netgroup name followed by a list of the members of the +netgroup. +Each member can be either the name of another netgroup or a specification +of a tuple as follows: +.Bd -literal -offset indent +(host, user, domain) +.Ed +where the +.Sy host , +.Sy user , +and +.Sy domain +are character string names for the corresponding component. +Any of the comma separated fields may be empty to specify a ``wildcard'' value +or may consist of the string ``-'' to specify ``no valid value''. +The members of the list may be separated by whitespace and/or commas; +the ``\e'' character may be used at the end of a line to specify +line continuation. +The functions specified in +.Xr getnetgrent 3 +should normally be used to access the +.Nm netgroup +database. +.Pp +Lines that begin with a # are treated as comments. +.Sh NIS/YP INTERACTION +On most other platforms, +.Nm netgroups +are only used in conjunction with +NIS and local +.Pa /etc/netgroup +files are ignored. With FreeBSD, +.Nm netgroups +can be used with either NIS or local files, but there are certain +caveats to consider. The existing +.Nm netgroup +system is extremely inefficient where +.Fn innetgr 3 +lookups are concerned since +.Nm netgroup +memberships are computed on the fly. By contrast, the NIS +.Nm netgroup +database consists of three separate maps (netgroup, netgroup.byuser +and netgroup.byhost) that are keyed to allow +.Fn innetgr 3 +lookups to be done quickly. The FreeBSD +.Nm netgroup +system can interact with the NIS +.Nm netgroup +maps in the following ways: +.Bl -bullet -offset indent +.It +If the +.Pa /etc/netgroup +file does not exist, or it exists and is empty, or +it exists and contains only a '+', and NIS is running, +.Nm netgroup +lookups will be done exclusively through NIS, with +.Fn innetgr 3 +taking advantage of the netgroup.byuser and +netgroup.byhost maps to speed up searches. (This +is more or less compatible with the behavior of SunOS and +similar platforms.) +.It +If the +.Pa /etc/netgroup +exists and contains only local +.Nm netgroup +information (with no NIS '+' token), then only the local +.Nm netgroup +information will be processed (and NIS will be ignored). +.It +If +.Pa /etc/netgroup +exists and contains both local netgroup data +.Pa and +the NIS '+' token, the local data and the NIS netgroup +map will be processed as a single combined +.Nm netgroup +database. While this configuration is the most flexible, it +is also the least efficient: in particular, +.Fn innetgr 3 +lookups will be especially slow if the +database is large. +.El +.Sh FILES +.Bl -tag -width /etc/netgroup -compact +.It Pa /etc/netgroup +the netgroup database. +.El +.Sh SEE ALSO +.Xr getnetgrent 3 , +.Xr exports 5 +.Sh COMPATIBILITY +The file format is compatible with that of various vendors, however it +appears that not all vendors use an identical format. +.Sh BUGS +The interpretation of access restrictions based on the member tuples of a +netgroup is left up to the various network applications. +Also, it is not obvious how the domain specification +applies to the BSD environment. +.Pp +The +.Nm netgroup +database should be stored in the form of a +hashed +.Xr db 3 +database just like the +.Xr passwd 5 +database to speed up reverse lookups. |
