nisgrpadm(1)
NAME
nisgrpadm - NIS+ group administration command
SYNOPSIS
nisgrpadm -a | -r | -t [-s] group principal...
nisgrpadm -d | -l [-M] [-s] group
nisgrpadm -c [-D defaults] [-M] [-s] group
DESCRIPTION
The nisgrpadm utility is used to administer NIS+ groups.
This command administers both groups and the groups' member-
ship lists. nisgrpadm can create, destroy, or list NIS+
groups. nisgrpadm can be used to administer a group's
membership list. It can add or delete principals to the
group, or test principals for membership in the group.
The names of NIS+ groups are syntactically similar to names
of NIS+ objects but they occupy a separate namespace. A
group named a.b.c.d. is represented by a NIS+ group object
named a.groups_dir.b.c.d.; the functions described here all
expect the name of the group, not the name of the
corresponding group object.
There are three types of group members:
o An explicit member is just a NIS+ principal-name. For
example: wickedwitch.west.oz.
o An implicit ("domain") member, written *.west.oz.,
means that all principals in the given domain belong
to this member. No other forms of wildcarding are
allowed; wickedwitch.*.oz. is invalid, as is
wickedwitch.west.*.. Note that principals in sub-
domains of the given domain are not included.
o A recursive ("group") member, written @cowards.oz.,
refers to another group; all principals that belong
to that group are considered to belong here.
Any member may be made negative by prefixing it with a minus
sign ('-'). A group may thus contain explicit, implicit,
recursive, negative explicit, negative implicit, and nega-
tive recursive members.
A principal is considered to belong to a group if it belongs
to at least one non-negative group member of the group and
belongs to no negative group members.
Principal names must be fully qualified, whereas groups can
be abbreviated on all operations except create.
OPTIONS
The following options are supported:
-a Adds the list of NIS+ principals specified to group.
The principal name should be fully qualified.
-c Creates group in the NIS+ namespace. The NIS+ group
name should be fully qualified.
-d Destroys (removes) group from the namespace.
-D defaults
When creating objects, this option specifies a dif-
ferent set of defaults to be used during this opera-
tion. The defaults string is a series of tokens
separated by colons. These tokens represent the
default values to be used for the generic object pro-
perties. All of the legal tokens are described below.
ttl=time
This token sets the default time to live for
objects that are created by this command. The
value time is specified in the format as defined
by the nischttl(1) command. The default value is
12 hours.
owner=ownername
This token specifies that the NIS+ principal
ownername should own the created object. Nor-
mally this value is the same as the principal
who is executing the command.
group=groupname
This token specifies that the group groupname
should be the group owner for the object that is
created. The default value is NULL.
access=rights
This token specifies the set of access rights
that are to be granted for the given object. The
value rights is specified in the format as
defined by the nischmod(1) command. The default
value is ----rmcdr---r---.
-l Lists the membership list of the specified group.
(See -M option.)
-M Master server only. Sends the lookup to the master
server of the named data. This guarantees that the
most up to date information is seen at the possible
expense that the master server may be busy. Note that
the
-M flag is applicable only with the -l flag.
-r Removes the list of principals specified from group.
The principal name should be fully qualified.
-s Work silently. Results are returned using the exit
status of the command. This status can be translated
into a text string using the niserror(1) command.
-t Displays whether the principals specified are members
in group.
EXAMPLES
Administering Groups
Example 1: Creating a group
This example shows how to create a group in the foo.com.
domain:
example% nisgrpadm -c my_buds.foo.com.
Example 2: How to remove a group
This example shows how to remove the group from the current
domain.
example% nisgrpadm -d freds_group
Administering Members
Example 3: Adding to the group
This example shows how one would add two principals, bob
and betty, to the group my_buds.foo.com.:
example% nisgrpadm -a my_buds.foo.com. bob.bar.com. betty.foo.com.
Example 4: How to remove a principal from the group
This example shows how to remove betty from freds_group:
example% nisgrpadm -r freds_group betty.foo.com.
ENVIRONMENT VARIABLES
NIS_DEFAULTS
This variable contains a defaults string that will
override the NIS+ standard defaults.
NIS_PATH
If this variable is set, and the NIS+ group name is
not fully qualified, each directory specified will be
searched until the group is found (see
nisdefaults(1)).
ATTRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
____________________________________________________________
| ATTRIBUTE TYPE | ATTRIBUTE VALUE |
|_____________________________|_____________________________|
| Availability | SUNWnisu |
|_____________________________|_____________________________|
SEE ALSO
nis+(1), nischgrp(1), nischmod(1), nischttl(1), nisde-
faults(1), niserror(1), nis_groups(3NSL), attributes(5)
DIAGNOSTICS
NIS_SUCCESS
On success, this command returns an exit status of 0.
NIS_PERMISSION
When you do not have the needed access right to change
the group, the command returns this error.
NIS_NOTFOUND
This is returned when the group does not exist.
NIS_TRYAGAIN
This error is returned when the server for the group's
domain is currently checkpointing or otherwise in a
read-only state. The command should be retried at a
later date.
NIS_MODERROR
This error is returned when the group was modified by
someone else during the execution of the command.
Reissue the command and optionally recheck the group's
membership list.
NOTES
NIS+ might not be supported in future releases of the
SolarisTM Operating Environment. Tools to aid the migration
from NIS+ to LDAP are available in the Solaris 9 operating
environment. For more information, visit
http://www.sun.com/directory/nisplus/transition.html.
Man(1) output converted with
man2html