logo
Manual Pages
Table of Contents

NAME

na_netgroup - network groups data base

SYNOPSIS

/etc/netgroup

DESCRIPTION

netgroup defines network wide groups used for access permission checking during remote mount request processing. Each line defines a group and has the format: groupname member-list Each element in member-list is either another group name or a triple of the form: (hostname, username, domainname) The hostname entry must be fully qualified if the specified host is not in the local domain. The filer can also use the netgroup NIS map. Since the filer uses netgroups only in /etc/exports (see na_exports(5)), the username entry is ignored. The domainname field refers to the domain in which the netgroup entry is valid. It must either be empty or be the local domain; otherwise the netgroup entry is ignored. An empty entry allows a single /etc/netgroup file to be used for filers in multiple domains. A group definition can be at most 4096 bytes even when `\'s are used to extend the definition over several lines. The maximum nesting level when group names are used in the member-lists of other groups is 1000. Modifications to the /etc/netgroup file may take upto 60 seconds to take effect.

EXAMPLE

This is a typical netgroup file: trusted_hosts (adminhost,,) (zeus,,) (thor,,) (minerva,,)
untrusted_hosts
(sleepy,,) (dopey,,) (grumpy,,) (sneezy,,)
all_hosts
trusted_hosts untrusted_hosts
With this netgroup file it might make sense to modify /etc/exports to export / on the filer only to trusted_hosts, but to export /home to all_hosts.

FILES

/etc/netgroup
/etc/exports
directories and files exported to NFS clients
/etc/hosts
host name data base

SEE ALSO

na_exportfs(1), na_hosts(5), na_exports(5), na_nis(8)

BUGS

The only place that netgroups can be used are in the options of the exportfs command (see exportfs(1)) and /etc/exports. The /etc/netgroup configuration does not failover. Thus, the /etc/netgroup files on the active and backup filer must be kept consistent manually.
Table of Contents