OpenBSD manual page server

Manual Page Search Parameters

NETGROUP(5) File Formats Manual NETGROUP(5)

netgroupdefines network groups

The netgroup file specifies “netgroups”, which are sets of tuples that are to be given similar network access.

Each line in the file consists of a netgroup name followed by a list of the members of the netgroup. Each member can be either the name of another netgroup or a specification of a tuple as follows:

(host, user, domain)

where the host, user, and domain are character string names for the corresponding component. Any of the comma separated fields may be empty to specify a “wildcard” value or may consist of the single character “-” to specify “no valid value”. The members of the list may be separated by whitespace; the “\” character may be used at the end of a line to specify line continuation.

Lines that begin with a ‘#’ are treated as comments.

After modification of /etc/netgroup, netgroup_mkdb(8) should be run, as the getnetgrent(3) functions only operate on the Berkeley DB file /etc/netgroup.db.

If that file is not present, and the system supports NIS, then the netgroup NIS maps are used. The NIS maps are also used if the netgroup file contains a “+” entry.

/etc/netgroup
default netgroup list
/etc/netgroup.db
netgroup database

Define a group of three machines:

friends (10.0.0.2,,) (10.0.0.3,,) (10.0.0.4,,)

This group can be used in exports(5) as follows:

/home -maproot=nobody friends

dbopen(3), getnetgrent(3), exports(5), netgroup_mkdb(8)

The file format is compatible with that of various vendors, although it appears that not all vendors use an identical format.

The interpretation of access restrictions based on the member tuples of a netgroup is left up to the various network applications.

January 25, 2020 OpenBSD-current