NFS Services Administrator Guide (5900-3045, March 2013)

ManualsBrandsHP ManualsSoftwareHP-UX 11i v3 ONC and NFS Software

used in a configuration file, it represents either a group of hosts or a group of users, but never

both.

If you are using BIND (DNS) for hostname resolution, hosts must be specified as fully qualified

domain names, for example: turtle.bio.nmt.edu.

If host, user, or NIS_domain is left blank in a netgroup, that field can take any value. If a dash

(-) is specified in any field of a netgroup, that field can take no value.

The NIS_domain field specifies the NIS domain in which the triple (host, user, NIS_domain)

is valid. For example, if the netgroup database contains the following netgroup:

myfriends (sage,-,bldg1) (cauliflower,-,bldg2) (pear,-,bldg3)

and an NFS server running NIS in the domain bldg1 shares a directory only to the netgroup

myfriends, only the host sage can mount that directory. The other two triples are ignored,

because they are not valid in the bldg1 domain.

If an HP-UX host not running NIS exports or shares a directory to the netgroup myfriends, the

NIS_domain field is ignored, and all three hosts (sage, cauliflower, and pear) can mount

the directory.

If the netgroup database contains the following netgroup,

mydomain (,,bldg1)

and a host in the NIS domain bldg1 shares a directory to the netgroup mydomain, any host in

the bldg1 domain may mount the directory, because the host field is blank.

If an HP-UX host not running NIS shares a directory to the netgroup mydomain, in this case, the

NIS_domain field is ignored but the host field is used. As a result, any host in any domain can

mount the directory.

If a host in the NIS domain bldg2 shares a directory to the netgroup mydomain, no host in any

domain can mount the directory, because the triple is not valid in the bldg2 domain. As a result,

it is ignored.

Netgroup Examples

The following netgroup specifies a group of hosts:

trusted_hosts (sage, , ) (basil, , ) (thyme, , )

The trusted_hosts netgroup can be used in the access_list argument of an entry in the

/etc/dfs/dfstab file, as follows:

/usr [access_list]=trusted_hosts

The following netgroup specifies a group of users:

administrators ( ,jane, ) ( ,art, ) ( ,mel, )

If this netgroup is accidentally included in a list of hosts rather than users, the blank space is

interpreted as a wildcard, meaning any host. For example, if someone used this netgroup in an

[access_list] argument in the /etc/dfs/dfstab file, any host can access the shared

directory. If a netgroup is used strictly as a list of users, it is better to put a dash in the host field,

as follows:

administrators (-,jane, ) (-,art, ) (-,mel, )

The dash indicates that no hosts are included in the netgroup.

The trusted_hosts and administrators netgroups can be used together in the

/etc/hosts.equiv file, as follows:

+@trusted_hosts +@administrators

The first netgroup is read for host names, and the second is read for user names. Users in the

administrators netgroup can log in to the local host from any host in the trusted_hosts

netgroup without supplying a password.

The two netgroups can be combined into one, as follows:

42 Configuring and Administering NFS Services