NFS Services Administrator's Guide
Configuring and Administering NFS
Configuring and Using NFS Netgroups
Chapter 2 127
the /etc/exports file, any host would have access to the exported
directory. For this reason, if a netgroup is used strictly as a list of users,
it is better to put a dash in the host field, as follows:
administrators (-,jane, ), (-,art, ), (-,mel, )
The dash indicates that no hosts are included in the netgroup.
The trusted_hosts and administrators netgroups could be used
together in the /etc/hosts.equiv file, as follows:
+@trusted_hosts +@administrators
The first netgroup would be read for host names, and the second would
be read for user names. Users in the administrators netgroup could log
into the local host from any host in the trusted_hosts netgroup without
supplying a password.
The two netgroups could be combined into one, as follows:
goodguys (sage,jane, ), (basil,art, ), (thyme,mel, )
If the two netgroups were combined this way, the same netgroup could be
used as both the host name and the user name in the /etc/hosts.equiv
file:
+@goodguys +@goodguys
The first occurrence of it would be read for the host name, and the second
occurrence would be read for the user name. No relationship exists
between the host and user in any of the triples. For example, user jane
might not even have an account on host sage.
A netgroup can contain other netgroups, as in the following example:
root-users (dill,-, ), (sage,-, ), (thyme,- , ), (basil,-, )
mail-users (rosemary, , ), (oregano, , ), root-users
The root-users netgroup is a group of four systems. The mail-users
netgroup uses the root-users netgroup as part of a larger group of
systems. The blank space in the third field of each triple indicates that
these netgroups are valid in any NIS domain.
To Create Netgroups in the NIS+ netgroup Table
If you are using NIS+ to manage your netgroups, issue commands with
the following syntax to add entries to the NIS+ netgroup table:
nistbladm -a group= host=host user=user domain=domain \
comment= netgroup.org_dir