1nisgrpadm(1)                     User Commands                    nisgrpadm(1)
2
3
4

NAME

6       nisgrpadm - NIS+ group administration command
7

SYNOPSIS

9       nisgrpadm -a | -r | -t [-s] group principal...
10
11
12       nisgrpadm -d | -l [-M] [-s] group
13
14
15       nisgrpadm -c [-D defaults] [-M] [-s] group
16
17

DESCRIPTION

19       The  nisgrpadm utility is used to administer  NIS+ groups. This command
20       administers both groups and the groups' membership lists. nisgrpadm can
21       create,  destroy, or list  NIS+ groups. nisgrpadm can be used to admin‐
22       ister a group's membership list. It can add or delete principals to the
23       group, or test principals for membership in the group.
24
25
26       The  names  of  NIS+ groups are syntactically similar to names of  NIS+
27       objects but they occupy a separate namespace. A group named a.b.c.d. is
28       represented by a NIS+ group object named a.groups_dir.b.c.d.; the func‐
29       tions described here all expect the name of the group, not the name  of
30       the corresponding group object.
31
32
33       There are three types of group members:
34
35           o      An  explicit member is just a NIS+ principal-name. For exam‐
36                  ple: wickedwitch.west.oz.
37
38           o      An implicit ("domain")  member,  written  *.west.oz.,  means
39                  that  all principals in the given domain belong to this mem‐
40                  ber. No other forms  of  wildcarding  are  allowed;  wicked‐
41                  witch.*.oz. is invalid, as is wickedwitch.west.*.. Note that
42                  principals  in  subdomains  of  the  given  domain  are  not
43                  included.
44
45           o      A  recursive  ("group") member, written @cowards.oz., refers
46                  to another group;  all principals that belong to that  group
47                  are considered to belong here.
48
49
50       Any  member  may  be  made  negative  by prefixing it with a minus sign
51       ('−'). A group may thus contain explicit, implicit, recursive, negative
52       explicit, negative implicit, and negative recursive members.
53
54
55       A  principal  is  considered  to  belong to a group if it belongs to at
56       least one non-negative group member of the group and belongs to no neg‐
57       ative group members.
58
59
60       Principal  names  must be fully qualified, whereas groups can be abbre‐
61       viated on all operations  except create.
62

OPTIONS

64       The following options are supported:
65
66       -a             Adds the list of NIS+ principals  specified  to   group.
67                      The principal name should be fully qualified.
68
69
70       -c             Creates   group  in  the  NIS+ namespace. The NIS+ group
71                      name should be fully qualified.
72
73
74       -d             Destroys (removes)  group from the namespace.
75
76
77       -D defaults    When creating objects, this option specifies a different
78                      set  of   defaults to be used during this operation. The
79                      defaults string is  a  series  of  tokens  separated  by
80                      colons.  These tokens represent the default values to be
81                      used for the generic object properties. All of the legal
82                      tokens are described below.
83
84                      ttl=time           This  token  sets the default time to
85                                         live for objects that are created  by
86                                         this command. The value time is spec‐
87                                         ified in the format as defined by the
88                                         nischttl(1)   command.   The  default
89                                         value is 12 hours.
90
91
92                      owner=ownername    This token specifies  that  the  NIS+
93                                         principal  ownername  should  own the
94                                         created object. Normally  this  value
95                                         is  the  same as the principal who is
96                                         executing the command.
97
98
99                      group=groupname    This token specifies that  the  group
100                                         groupname  should  be the group owner
101                                         for the object that is created.   The
102                                         default value is NULL.
103
104
105                      access=rights      This   token  specifies  the  set  of
106                                         access rights that are to be  granted
107                                         for   the  given  object.  The  value
108                                         rights is specified in the format  as
109                                         defined  by the  nischmod(1) command.
110                                         The      default       value       is
111                                         −−−−rmcdr−−−r−−−.
112
113
114
115       -l             Lists  the membership list of the specified  group. (See
116                      -M option.)
117
118
119       -M             Master server only.  Sends  the  lookup  to  the  master
120                      server  of the named data. This guarantees that the most
121                      up to date information is seen at the  possible  expense
122                      that  the  master  server may be busy. Note that the  -M
123                      flag is applicable only with the -l flag.
124
125
126       -r             Removes the list of principals  specified  from   group.
127                      The principal name should be fully qualified.
128
129
130       -s             Work  silently. Results are returned using the exit sta‐
131                      tus of the command. This status can be translated into a
132                      text string using the  niserror(1) command.
133
134
135       -t             Displays whether the principals specified are members in
136                      group.
137
138

EXAMPLES

140   Administering Groups
141       Example 1 Creating a group
142
143
144       This example shows how to create a group in the  foo.com. domain:
145
146
147         example% nisgrpadm -c my_buds.foo.com.
148
149
150
151       Example 2 How to remove a group
152
153
154       This example shows how to remove the group from the current domain.
155
156
157         example% nisgrpadm -d freds_group
158
159
160
161   Administering Members
162       Example 3 Adding to the group
163
164
165       This example shows how one would add two principals,  bob  and   betty,
166       to the group  my_buds.foo.com.:
167
168
169         example% nisgrpadm -a my_buds.foo.com. bob.bar.com. betty.foo.com.
170
171
172
173       Example 4 How to remove a principal from the group
174
175
176       This example shows how to remove  betty from  freds_group:
177
178
179         example% nisgrpadm -r freds_group betty.foo.com.
180
181
182

ENVIRONMENT VARIABLES

184       NIS_DEFAULTS    This  variable  contains  a  defaults  string that will
185                       override the NIS+ standard defaults.
186
187
188       NIS_PATH        If this variable is set, and the NIS+ group name is not
189                       fully  qualified,  each  directory  specified  will  be
190                       searched until the group is found (see nisdefaults(1)).
191
192

ATTRIBUTES

194       See attributes(5) for descriptions of the following attributes:
195
196
197
198
199       ┌─────────────────────────────┬─────────────────────────────┐
200       │      ATTRIBUTE TYPE         │      ATTRIBUTE VALUE        │
201       ├─────────────────────────────┼─────────────────────────────┤
202       │Availability                 │SUNWnisu                     │
203       └─────────────────────────────┴─────────────────────────────┘
204

SEE ALSO

206       NIS+(1), nischgrp(1), nischmod(1), nischttl(1), nisdefaults(1),  niser‐
207       ror(1), nis_groups(3NSL), attributes(5)
208

DIAGNOSTICS

210       NIS_SUCCESS       On success, this command returns an exit status of 0.
211
212
213       NIS_PERMISSION    When  you  do  not  have  the  needed access right to
214                         change the group, the command returns this error.
215
216
217       NIS_NOTFOUND      This is returned when the group does not exist.
218
219
220       NIS_TRYAGAIN      This error  is  returned  when  the  server  for  the
221                         group's  domain  is currently checkpointing or other‐
222                         wise in a read-only  state.  The  command  should  be
223                         retried at a later date.
224
225
226       NIS_MODERROR      This error is returned when the group was modified by
227                         someone else during the  execution  of  the  command.
228                         Reissue   the  command  and  optionally  recheck  the
229                         group's membership list.
230
231

NOTES

233       NIS+ might not be supported in future releases of the Solaris operating
234       system.  Tools  to aid the migration from NIS+ to LDAP are available in
235       the   current   Solaris   release.   For   more   information,    visit
236       http://www.sun.com/directory/nisplus/transition.html.
237
238
239
240SunOS 5.11                        2 Dec 2005                      nisgrpadm(1)