개요

• 솔라나라에 설명된 어플리케이션에 대해 맨 페이지를 찾아 출력한다.
• MAN 페이지에 대한 설명은 윈디하나의 솔라나라: MAN 페이지을 참고하자.
• svcadm(8)을 검색하려면 섹션에서 8 을 선택하고, 맨 페이지 이름에 svcadm을 입력하고 검색을 누른다.

netgroup(5)

netgroup(5)                      File Formats                      netgroup(5)



NAME
       netgroup - list of network groups

SYNOPSIS
       /etc/netgroup

DESCRIPTION
       A  netgroup defines a network-wide group of hosts and users. Use a net‐
       group to restrict access to shared  NFS  filesystems  and  to  restrict
       remote login and shell access.


       Network  groups  are  stored in a network information services, such as
       LDAP or NIS, not in a local file.


       This manual page describes the format for a file that is used to supply
       input  to  a  program  such as ldapaddent(8) for LDAP or makedbm(8) for
       NIS. These programs build maps  used  by  their  corresponding  network
       information services.


       Each  line  of  the  file  defines the name and membership of a network
       group. The line should have the format:

         groupname     member...



       The items on a line can be separated by a combination of  one  or  more
       spaces or tabs.


       The  groupname is the name of the group being defined. This is followed
       by a list of members of the group. Each member is either another  group
       name,  all  of  whose  members  are  to  be included in the group being
       defined, or a triple of the form:

         (hostname,username,domainname)



       In each triple, any of the three fields hostname, username, and domain‐
       name,  can  be  empty. An empty field signifies a wildcard that matches
       any value in that field. Thus:

         everything (,,this.domain)



       defines a group named "everything" for the domain this.domain to  which
       every host and user belongs.


       The domainname field refers to the domain in which the triple is valid,
       not the domain containing the host or user. In fact, applications using
       netgroup generally do not check the domainname. Therefore, using

         (,,domain)





       is equivalent to

         (,,)



       You   can   also  use  netgroups  to  control  NFS  mount  access  (see
       share_nfs(8)) and  to  control  remote  login  and  shell  access  (see
       hosts.equiv(5)).  If  you  want  to  control local login access see the
       pam_list(7) man page.


       When used for these purposes, a host is considered a member of  a  net‐
       group  if  the netgroup contains any triple in which the hostname field
       matches the name of the host requesting access and the domainname field
       matches the domain of the host controlling access.


       Similarly,  a user is considered a member of a netgroup if the netgroup
       contains any triple in which the username field matches the name of the
       user  requesting  access and the domainname field matches the domain of
       the host controlling access.


       Note that when netgroups are used to control NFS mount  access,  access
       is granted depending only on whether the requesting host is a member of
       the netgroup. Remote login and shell access can be controlled  both  on
       the basis of host and user membership in separate netgroups.

FILES
       /etc/netgroup    Used  by  a  network  information service's utility to
                        construct a map or table that contains netgroup infor‐
                        mation.  For example, ldapaddent(8) uses /etc/netgroup
                        to construct an LDAP container.



       Note that the netgroup information must always be stored in  a  network
       information  service,  such as LDAP or NIS. The local file is only used
       to construct a map or table for the network information service. It  is
       never consulted directly.

SEE ALSO
       innetgr(3C),  hosts(5),  hosts.equiv(5),  nsswitch.conf(5),  passwd(5),
       shadow(5), ldapaddent(8), makedbm(8), share_nfs(8)

NOTES
       netgroup requires a network information service such as LDAP or NIS.


       Applications may make general  membership  tests  using  the  innetgr()
       function. See innetgr(3C).


       Because the "-" character will not match any specific username or host‐
       name, it is commonly used as a placeholder that will match  only  wild‐
       carded membership queries. So, for example:

         onlyhosts (host1,-,our.domain) (host2,-,our.domain)
         onlyusers (-,john,our.domain) (-,linda,our.domain)



       effectively  define  netgroups  containing  only  hosts and only users,
       respectively. Any other string that is guaranteed not  to  be  a  legal
       username or hostname will also suffice for this purpose.


       Use of placeholders will improve search performance.


       When  a  machine with multiple interfaces and multiple names is defined
       as a member of a  netgroup,  one  must  list  all  of  the  names.  See
       hosts(5).  A manageable way to do this is to define a netgroup contain‐
       ing all of the machine names. For example, for a  host  "gateway"  that
       has  names  "gateway-subnet1"  and "gateway-subnet2" one may define the
       netgroup:

         gateway (gateway-subnet1,,our.domain) (gateway-subnet2,,our.domain)



       and use this netgroup "gateway" whenever the host is to be included  in
       another netgroup.



Oracle Solaris 11.4               10 Nov 2016                      netgroup(5)