NFS Services Administrator's Guide
Configuring and Administering NFS Services
Configuring and Using NFS Netgroups
Chapter 288
Configuring and Using NFS Netgroups
This section describes how to create and use NFS netgroups to restrict
NFS access to the client system. It describes the following tasks:
• Creating Netgroups in the /etc/netgroup File
• Using Netgroups in Configuration Files
Creating Netgroups in the /etc/netgroup File
To create netgroups in the /etc/netgroup file, follow these steps:
1. If you are using the local /etc/netgroup file or the NIS netgroup
map for netgroups, add entries with the following syntax to the
/etc/netgroup file.
netgroup_name
(
host
,
user,
NIS_domain
) (
host
,
user
,
NIS_domain
) ...
If you are using NIS, edit the /etc/netgroup file only on the NIS
master server.
2. If you are using NIS to manage your netgroups database, enter the
following command on the NIS master server to generate the
netgroup, netgroup.byhost, and netgroup.byuser maps from the
/etc/netgroup file, and push the generated maps to the NIS slave
servers:
cd /var/yp
/usr/ccs/bin/make netgroup
A netgroup can be used in most NFS and NIS configuration files, instead
of a host name or a user name. A netgroup does not create a relationship
between users and hosts. When a netgroup is used in a configuration file,
it represents either a group of hosts or a group of users, but never both.
If you are using BIND (DNS) for hostname resolution, hosts must be
specified as fully qualified domain names, for example:
turtle.bio.nmt.edu.
If
host
,
user
, or
NIS_domain
is left blank in a netgroup, that field can
take any value. If a dash (-) is specified in any field of a netgroup, that
field can take no value.