diff options
Diffstat (limited to 'usr.sbin/mountd')
-rw-r--r-- | usr.sbin/mountd/netgroup.5 | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/usr.sbin/mountd/netgroup.5 b/usr.sbin/mountd/netgroup.5 index 9ad8c48..711e04f 100644 --- a/usr.sbin/mountd/netgroup.5 +++ b/usr.sbin/mountd/netgroup.5 @@ -73,6 +73,66 @@ should normally be used to access the database. .Pp Lines that begin with a # are treated as comments. +.Sh NIS/YP INTERACTION +On most other platforms, +.Nm netgroups +are only used in conjunction with +NIS and local +.Pa /etc/netgroup +files are ignored. With FreeBSD, +.Nm netgroups +can be used with either NIS or local files, but there are certain +caveats to consider. The existing +.Nm netgroup +system is extremely inefficient where +.Fn innetgr 3 +lookups are concerned since +.Nm netgroup +memberships are computed on the fly. By contrast, the NIS +.Nm netgroup +database consists of three seperate maps (netgroup, netgroup.byuser +and netgroup.byhost) that are keyed to allow +.Fn innetgr 3 +lookups to be done quickly. The FreeBSD +.Nm netgroup +system can interact with the NIS +.Nm netgroup +maps in the following ways: +.Bl -bullet -offset indent +.It +If the +.Pa /etc/netgroup +file does not exist, or it exists and is empty, or +it exists and contains only a '+', and NIS is running, +.Nm netgroup +lookups will be done exclusively through NIS, with +.Fn innetgr 3 +taking advantage of the netgroup.byuser and +netgroup.byhost maps to speed up searches. (This +is more or less compatible with the behavior of SunOS and +similar platforms.) +.It +If the +.Pa /etc/netgroup +exists and contains only local +.Nm netgroup +information (with no NIS '+' token), then only the local +.Nm netgroup +information will be processed (and NIS will be ingored). +.It +If +.Pa /etc/netgroup +exists and contains both local netgroup data +.Pa and +the NIS '+' token, the local data and the NIS netgroup +map will be processed as a single combined +.Nm netgroup +database. While this configuration is the most flexible, it +is also the least efficient: in particular, +.Fn innetgr 3 +lookups will be especially slow if the +database is large. +.El .Sh FILES .Bl -tag -width /etc/netgroup -compact .It Pa /etc/netgroup @@ -89,3 +149,12 @@ The interpretation of access restrictions based on the member tuples of a netgroup is left up to the various network applications. Also, it is not obvious how the domain specification applies to the BSD environment. +.Pp +The +.Nm netgroup +database should be stored in the form of a +hashed +.Xr db 3 +database just like the +.Xr passwd 5 +database to speed up reverse lookups. |