Next: , Up: Netgroup Database


29.16.1 Netgroup Data

Sometimes it is useful to group users according to other criteria (see Group Database). E.g., it is useful to associate a certain group of users with a certain machine. On the other hand grouping of host names is not supported so far.

In Sun Microsystems SunOS appeared a new kind of database, the netgroup database. It allows grouping hosts, users, and domains freely, giving them individual names. To be more concrete, a netgroup is a list of triples consisting of a host name, a user name, and a domain name where any of the entries can be a wildcard entry matching all inputs. A last possibility is that names of other netgroups can also be given in the list specifying a netgroup. So one can construct arbitrary hierarchies without loops.

Sun's implementation allows netgroups only for the nis or nisplus service, see Services in the NSS configuration. The implementation in the GNU C library has no such restriction. An entry in either of the input services must have the following form:

     groupname ( groupname | (hostname,username,domainname) )+

Any of the fields in the triple can be empty which means anything matches. While describing the functions we will see that the opposite case is useful as well. I.e., there may be entries which will not match any input. For entries like this, a name consisting of the single character - shall be used.