nisgrpadm - NIS+ group administration command


     nisgrpadm -a | -r | -t [-s] group principal...

     nisgrpadm -d | -l [-M] [-s] group

     nisgrpadm -c [-D defaults] [-M] [-s] group


     The nisgrpadm utility is used to  administer   NIS+  groups.
     This command administers both groups and the groups' member-
     ship lists. nisgrpadm can create,  destroy,  or  list   NIS+
     groups.  nisgrpadm  can  be  used  to  administer  a group's
     membership list. It can add  or  delete  principals  to  the
     group, or test principals for membership in the group.

     The names of NIS+ groups are syntactically similar to  names
     of   NIS+  objects  but  they occupy a separate namespace. A
     group named a.b.c.d. is represented by a NIS+  group  object
     named  a.groups_dir.b.c.d.; the functions described here all
     expect  the  name  of  the  group,  not  the  name  of   the
     corresponding group object.

     There are three types of group members:

        o  An explicit member is just a NIS+ principal-name.  For
           example: wickedwitch.west.oz.

        o  An implicit  ("domain")  member,  written  *.west.oz.,
           means  that  all principals in the given domain belong
           to this member. No  other  forms  of  wildcarding  are
           allowed;   wickedwitch.*.oz.   is   invalid,   as   is
           wickedwitch.west.*..  Note  that  principals  in  sub-
           domains of the given domain are not included.

        o  A recursive ("group")  member,  written  @cowards.oz.,
           refers  to  another group;  all principals that belong
           to that group are considered to belong here.

     Any member may be made negative by prefixing it with a minus
     sign  ('-').  A  group  may thus contain explicit, implicit,
     recursive, negative explicit, negative implicit,  and  nega-
     tive recursive members.

     A principal is considered to belong to a group if it belongs
     to  at  least one non-negative group member of the group and
     belongs to no negative group members.

     Principal names  must be fully qualified, whereas groups can
     be abbreviated on all operations  except create.


     The following options are supported:

     -a    Adds the list of NIS+ principals specified to   group.
           The principal name should be fully qualified.

     -c    Creates  group in the NIS+ namespace. The  NIS+  group
           name should be fully qualified.

     -d    Destroys (removes)  group from the namespace.

     -D defaults
           When creating objects, this option  specifies  a  dif-
           ferent  set of  defaults to be used during this opera-
           tion. The  defaults  string  is  a  series  of  tokens
           separated   by  colons.  These  tokens  represent  the
           default values to be used for the generic object  pro-
           perties. All of the legal tokens are described below.

                 This token sets the default  time  to  live  for
                 objects  that  are  created by this command. The
                 value time is specified in the format as defined
                 by the nischttl(1) command. The default value is
                 12 hours.

                 This token specifies  that  the  NIS+  principal
                 ownername  should  own  the created object. Nor-
                 mally this value is the same  as  the  principal
                 who is executing the command.

                 This token specifies that  the  group  groupname
                 should be the group owner for the object that is
                 created.  The default value is NULL.

                 This token specifies the set  of  access  rights
                 that are to be granted for the given object. The
                 value rights  is  specified  in  the  format  as
                 defined by the  nischmod(1) command. The default
                 value is ----rmcdr---r---.

     -l    Lists the membership list  of  the  specified   group.
           (See  -M option.)

     -M    Master server only. Sends the  lookup  to  the  master
           server  of  the  named  data. This guarantees that the
           most up to date information is seen  at  the  possible
           expense  that the master server may be busy. Note that
            -M flag is applicable only with the -l flag.

     -r    Removes the list of principals specified from   group.
           The principal name should be fully qualified.

     -s    Work silently. Results are  returned  using  the  exit
           status  of  the command. This status can be translated
           into a text string using the  niserror(1) command.

     -t    Displays whether the principals specified are  members
           in group.


  Administering Groups
     Example 1: Creating a group

     This example shows how to create a group  in  the

     example% nisgrpadm -c

     Example 2: How to remove a group

     This example shows how to remove the group from the  current

     example% nisgrpadm -d freds_group

  Administering Members
     Example 3: Adding to the group

     This example shows how one would add  two  principals,   bob
     and  betty, to the group

     example% nisgrpadm -a

     Example 4: How to remove a principal from the group

     This example shows how to remove  betty from  freds_group:

     example% nisgrpadm -r freds_group


           This variable contains a  defaults  string  that  will
           override the NIS+ standard defaults.

           If this variable is set, and the NIS+  group  name  is
           not  fully qualified, each directory specified will be
           searched   until   the    group    is    found    (see


     See attributes(5) for descriptions of the  following  attri-

    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    | Availability                | SUNWnisu                    |


     nis+(1),  nischgrp(1),  nischmod(1),   nischttl(1),   nisde-
     faults(1), niserror(1), nis_groups(3NSL), attributes(5)


           On success, this command returns an exit status of 0.

           When you do not have the needed access right to change
           the group, the command returns this error.

           This is returned when the group does not exist.

           This error is returned when the server for the group's
           domain  is  currently  checkpointing or otherwise in a
           read-only state. The command should be  retried  at  a
           later date.

           This error is returned when the group was modified  by
           someone  else  during  the  execution  of the command.
           Reissue the command and optionally recheck the group's
           membership list.


     NIS+ might not  be  supported  in  future  releases  of  the
     SolarisTM  Operating Environment. Tools to aid the migration
     from NIS+ to LDAP are available in the Solaris  9  operating
     environment.      For      more      information,      visit

Man(1) output converted with man2html