1nisgrpadm(1) User Commands nisgrpadm(1)
2
3
4
6 nisgrpadm - NIS+ group administration command
7
9 nisgrpadm -a | -r | -t [-s] group principal...
10
11
12 nisgrpadm -d | -l [-M] [-s] group
13
14
15 nisgrpadm -c [-D defaults] [-M] [-s] group
16
17
19 The nisgrpadm utility is used to administer NIS+ groups. This command
20 administers both groups and the groups' membership lists. nisgrpadm can
21 create, destroy, or list NIS+ groups. nisgrpadm can be used to admin‐
22 ister a group's membership list. It can add or delete principals to the
23 group, or test principals for membership in the group.
24
25
26 The names of NIS+ groups are syntactically similar to names of NIS+
27 objects but they occupy a separate namespace. A group named a.b.c.d. is
28 represented by a NIS+ group object named a.groups_dir.b.c.d.; the func‐
29 tions described here all expect the name of the group, not the name of
30 the corresponding group object.
31
32
33 There are three types of group members:
34
35 o An explicit member is just a NIS+ principal-name. For exam‐
36 ple: wickedwitch.west.oz.
37
38 o An implicit ("domain") member, written *.west.oz., means
39 that all principals in the given domain belong to this mem‐
40 ber. No other forms of wildcarding are allowed; wicked‐
41 witch.*.oz. is invalid, as is wickedwitch.west.*.. Note that
42 principals in subdomains of the given domain are not
43 included.
44
45 o A recursive ("group") member, written @cowards.oz., refers
46 to another group; all principals that belong to that group
47 are considered to belong here.
48
49
50 Any member may be made negative by prefixing it with a minus sign
51 ('−'). A group may thus contain explicit, implicit, recursive, negative
52 explicit, negative implicit, and negative recursive members.
53
54
55 A principal is considered to belong to a group if it belongs to at
56 least one non-negative group member of the group and belongs to no neg‐
57 ative group members.
58
59
60 Principal names must be fully qualified, whereas groups can be abbre‐
61 viated on all operations except create.
62
64 The following options are supported:
65
66 -a Adds the list of NIS+ principals specified to group.
67 The principal name should be fully qualified.
68
69
70 -c Creates group in the NIS+ namespace. The NIS+ group
71 name should be fully qualified.
72
73
74 -d Destroys (removes) group from the namespace.
75
76
77 -D defaults When creating objects, this option specifies a different
78 set of defaults to be used during this operation. The
79 defaults string is a series of tokens separated by
80 colons. These tokens represent the default values to be
81 used for the generic object properties. All of the legal
82 tokens are described below.
83
84 ttl=time This token sets the default time to
85 live for objects that are created by
86 this command. The value time is spec‐
87 ified in the format as defined by the
88 nischttl(1) command. The default
89 value is 12 hours.
90
91
92 owner=ownername This token specifies that the NIS+
93 principal ownername should own the
94 created object. Normally this value
95 is the same as the principal who is
96 executing the command.
97
98
99 group=groupname This token specifies that the group
100 groupname should be the group owner
101 for the object that is created. The
102 default value is NULL.
103
104
105 access=rights This token specifies the set of
106 access rights that are to be granted
107 for the given object. The value
108 rights is specified in the format as
109 defined by the nischmod(1) command.
110 The default value is
111 −−−−rmcdr−−−r−−−.
112
113
114
115 -l Lists the membership list of the specified group. (See
116 -M option.)
117
118
119 -M Master server only. Sends the lookup to the master
120 server of the named data. This guarantees that the most
121 up to date information is seen at the possible expense
122 that the master server may be busy. Note that the -M
123 flag is applicable only with the -l flag.
124
125
126 -r Removes the list of principals specified from group.
127 The principal name should be fully qualified.
128
129
130 -s Work silently. Results are returned using the exit sta‐
131 tus of the command. This status can be translated into a
132 text string using the niserror(1) command.
133
134
135 -t Displays whether the principals specified are members in
136 group.
137
138
140 Administering Groups
141 Example 1 Creating a group
142
143
144 This example shows how to create a group in the foo.com. domain:
145
146
147 example% nisgrpadm -c my_buds.foo.com.
148
149
150
151 Example 2 How to remove a group
152
153
154 This example shows how to remove the group from the current domain.
155
156
157 example% nisgrpadm -d freds_group
158
159
160
161 Administering Members
162 Example 3 Adding to the group
163
164
165 This example shows how one would add two principals, bob and betty,
166 to the group my_buds.foo.com.:
167
168
169 example% nisgrpadm -a my_buds.foo.com. bob.bar.com. betty.foo.com.
170
171
172
173 Example 4 How to remove a principal from the group
174
175
176 This example shows how to remove betty from freds_group:
177
178
179 example% nisgrpadm -r freds_group betty.foo.com.
180
181
182
184 NIS_DEFAULTS This variable contains a defaults string that will
185 override the NIS+ standard defaults.
186
187
188 NIS_PATH If this variable is set, and the NIS+ group name is not
189 fully qualified, each directory specified will be
190 searched until the group is found (see nisdefaults(1)).
191
192
194 See attributes(5) for descriptions of the following attributes:
195
196
197
198
199 ┌─────────────────────────────┬─────────────────────────────┐
200 │ ATTRIBUTE TYPE │ ATTRIBUTE VALUE │
201 ├─────────────────────────────┼─────────────────────────────┤
202 │Availability │SUNWnisu │
203 └─────────────────────────────┴─────────────────────────────┘
204
206 NIS+[22m(1), nischgrp(1), nischmod(1), nischttl(1), nisdefaults(1), niser‐
207 ror(1), nis_groups(3NSL), attributes(5)
208
210 NIS_SUCCESS On success, this command returns an exit status of 0.
211
212
213 NIS_PERMISSION When you do not have the needed access right to
214 change the group, the command returns this error.
215
216
217 NIS_NOTFOUND This is returned when the group does not exist.
218
219
220 NIS_TRYAGAIN This error is returned when the server for the
221 group's domain is currently checkpointing or other‐
222 wise in a read-only state. The command should be
223 retried at a later date.
224
225
226 NIS_MODERROR This error is returned when the group was modified by
227 someone else during the execution of the command.
228 Reissue the command and optionally recheck the
229 group's membership list.
230
231
233 NIS+ might not be supported in future releases of the Solaris operating
234 system. Tools to aid the migration from NIS+ to LDAP are available in
235 the current Solaris release. For more information, visit
236 http://www.sun.com/directory/nisplus/transition.html.
237
238
239
240SunOS 5.11 2 Dec 2005 nisgrpadm(1)