NFS Services Administrator Guide for 11i v3 (5900-2572, September 2012)

goodguys (sage,jane, ) (basil,art, ) (thyme,mel, )
If the two netgroups are combined this way, the same netgroup can be used as both the host name
and the user name in the /etc/hosts.equiv file, as follows:
+@goodguys +@goodguys
The first occurrence of it is read for the host name, and the second occurrence is read for the user
name. No relationship exists between the host and user in any of the triples. For example, user
jane may not even have an account on host sage.
A netgroup can contain other netgroups, as in the following example:
root-users (dill,-, ) (sage,-, ) (thyme,- , ) (basil,-, )
mail-users (rosemary, , ) (oregano, , ) root-users
The root-users netgroup is a group of four systems. The mail-users netgroup uses the
root-users netgroup as part of a larger group of systems. The blank space in the third field of
each triple indicates that the netgroup is valid in any NIS domain.
Using Netgroups in Configuration Files
Netgroups may be used in the following files:
/etc/dfs/dfstab, in the [access_list], -rw, -ro, and root list
/etc/hosts.equiv or $HOME/.rhosts, in place of a host name or user name
/etc/passwd, to instruct processes whether to look in the NIS password database, for
information about the users in the netgroup
/etc/group, to instruct processes whether to look in the NIS group database, for information
about the users in the netgroup
The following sections explain how to use netgroups in configuration files.
Using Netgroups in the /etc/dfs/dfstab File
In the /etc/dfs/dfstab file, netgroups can be used in the list of NFS clients following the
[access_list], -rw, -ro, or root option, as in the following example:
[access_list]=mail_clients
The mail_clients netgroup is defined, as follows:
mail_clients (cauliflower, , ) (broccoli, , ) (cabbage, , )
Only the host names from the netgroup are used. If the netgroup also contains user names, these
are ignored. This netgroup is valid in any NIS domain, because the third field in each triple is left
blank.
Using Netgroups in the /etc/hosts.equiv or $HOME/.rhosts File
In the /etc/hosts.equiv file, or in a .rhosts file in a user’s home directory, netgroups can
be used in either the host name field or the user name field, as in the following example:
+@our_friends +@our_friends
The netgroup our_friends can be used both as host name and user name, because it includes
both host names and user names. This can be illustrated in the following example:
our_friends (sage,sara, ) (sage,eric, ) (dill,-, )
( ,monica, )
The blank host name field in the fourth triple serves as a wildcard, allowing users from any host
on the network to log in without supplying a password. However, only the users listed in the
netgroup are given this privileged access, because each user name field contains either a user
name or a dash.
Netgroups can also be used to deny privileged access to certain hosts or users in the
/etc/hosts.equiv or $HOME/.rhosts file, as in the following example:
Configuring and Using NFS Netgroups 43