Manual Pages
Table of Contents
na_netgroup - network groups data base
/etc/netgroup
netgroup defines network wide groups used for access permission
checking during remote mount request processing.
Each line defines a group and has the format:
groupname member-list
Each element in member-list is either another group name
or a triple of the form:
(hostname, username, domainname)
The hostname entry must be fully qualified if the specified
host is not in the local domain.
The filer can also use the netgroup NIS map.
Since the filer uses netgroups only in /etc/exports (see
na_exports(5)), the username entry is ignored. The
domainname field refers to the domain in which the netgroup
entry is valid. It must either be empty or be the
local domain; otherwise the netgroup entry is ignored. An
empty entry allows a single /etc/netgroup file to be used
for filers in multiple domains.
A group definition can be at most 4096 bytes even when
`\'s are used to extend the definition over several lines.
The maximum nesting level when group names are used in the
member-lists of other groups is 1000.
Modifications to the /etc/netgroup file may take upto 60
seconds to take effect.
This is a typical netgroup file:
trusted_hosts (adminhost,,) (zeus,,) (thor,,)
(minerva,,)
-
untrusted_hosts
- (sleepy,,) (dopey,,) (grumpy,,)
(sneezy,,)
-
all_hosts
- trusted_hosts untrusted_hosts
With this netgroup file it might make sense to modify
/etc/exports to export / on the filer only to
trusted_hosts, but to export /home to all_hosts.
/etc/netgroup
-
/etc/exports
- directories and files exported to NFS
clients
-
/etc/hosts
- host name data base
na_exportfs(1), na_hosts(5), na_exports(5), na_nis(8)
The only place that netgroups can be used are in the
options of the exportfs command (see exportfs(1)) and
/etc/exports.
The /etc/netgroup configuration does not failover. Thus,
the /etc/netgroup files on the active and backup filer
must be kept consistent manually.
Table of Contents