|
|
|
netgroup defines network wide groups, used for permission checking when doing remote mounts, remote logins, and remote shells. For remote mounts, the information in netgroup is used to classify machines; for remote logins and remote shells, it is used to classify users. Each line of the netgroup file defines a group and has the format
groupname list-of-members
where members is either another group name, or a triple:
(hostname, username, domainname)
Any of these three fields can be empty, in which case it signifies a wild card. Thus
universal (,,)
defines a group to which everyone belongs.
The domainname field must either be the local domain name or empty for the netgroup entry to be used. This field does not limit the netgroup or provide security. The domainname field refers to the domain in which the triple is valid, not the domain containing the trusted host.
A gateway machine should be listed under all possible hostnames by which it may be recognized:
wan (gateway,,) (gateway-ebb,,)
Field names that begin with something other than a letter, digit or underscore (such as `-') work in precisely the opposite fashion. For example, consider the following entries:
justmachines (analytica,-,sun) justpeople (-,babbage,sun)
The machine analytica belongs to the group justmachines in the domain sun, but no users belong to it. Similarly, the user babbage belongs to the group justpeople in the domain sun, but no machines belong to it.
The triple, (,,domain), allows all users and machines trusted access, and has the same effect as the triple, (,,).
To correctly restrict access to a specific set of members, use the hostname and username fields of the triple.
|
|
|
Created by unroff & hp-tools. © somebody (See intro for details). All Rights Reserved. Last modified 11/5/97