netgroup

by Chris Kranz on Jul.07, 2009, under Manual Pages

DESCRIPTION

netgroup defines network wide groups used for access permission checking during remote mount request processing. Each line defines a group and has the format:

groupname member-list

Each element in member-list is either another group name or a triple of the form:

(hostname, username, domainname)

The hostname entry must be fully qualified if the specified host is not in the local domain.

The filer can also use the netgroup NIS map.

Since the filer uses netgroups only in /etc/exports (see exports ), the username entry is ignored. The domainname field refers to the domain in which the netgroup entry is valid. It must either be empty or be the local domain; otherwise the netgroup entry is ignored. An empty entry allows a single /etc/netgroup file to be used for filers in multiple domains.

A group definition can be at most 4096 bytes even when `' s are used to extend the definition over several lines. The maximum nesting level when group names are used in the member-lists of other groups is 1000.

Modifications to the /etc/netgroup file may take upto 60 seconds to take effect.

EXAMPLE

This is a typical netgroup file:

trusted_hosts (adminhost, , ) (zeus, , ) (thor, , ) (minerva, , )

untrusted_hosts: (sleepy, , ) (dopey, , ) (grumpy, , ) (sneezy, , )

all_hosts: trusted_hosts untrusted_hosts

With this netgroup file it might make sense to modify /etc/exports to export / on the filer only to trusted_hosts, but to export /home to all_hosts.

FILES

/etc/netgroup

/etc/exports: directories and files exported to NFS clients

/etc/hosts: host name data base

BUGS

The only place that netgroups can be used are in the options of the exportfs command (see exportfs) and /etc/exports.

The /etc/netgroup configuration does not failover. Thus, the /etc/netgroup files on the active and backup filer must be kept consistent manually.

Table of Contents