NFS Services Administrator's Guide
Configuring and Administering NFS Services
Configuring and Using NFS Netgroups
Chapter 292
Netgroups can also be used to deny privileged access to certain hosts or
users in the /etc/hosts.equiv or $HOME/.rhosts file, as in the
following example:
+ -@vandals
The plus (+) sign is a wildcard in the /etc/hosts.equiv or
$HOME/.rhosts file syntax, allowing privileged access from any host in
the network. The netgroup vandals is defined as follows:
vandals ( ,pat, ) ( ,harriet, ) ( ,reed, )
All users except those listed in the vandals netgroup can log in to the
local system without supplying a password from any system in the
network.
CAUTION Users who are denied privileged access in the /etc/hosts.equiv file can
be granted privileged access in a user’s $HOME/.rhosts file. The
$HOME/.rhosts file is read after the /etc/hosts.equiv file and
overrides it.
For more information, see hosts.equiv (4).
Using Netgroups in the /etc/passwd File
In the /etc/passwd file, netgroups can be used to indicate whether user
information must be looked up in the NIS passwd database.
The following sample entry from the /etc/passwd file indicates that
users in the netgroup animals must be looked up in the NIS passwd
database:
+@animals
The animals netgroup is defined in the /etc/netgroup file, as follows:
animals (-,mickey, ) (-,daffy, ) (-,porky, ) (-,bugs, )
The /etc/passwd file is searched sequentially. As a result, user mickey,
daffy,porky, or bugs appear before the animals netgroup in the /etc/passwd
file. The NIS database is not consulted for information on that user.