unixdev.net


Switch to SpeakEasy.net DSL

The Modular Manual Browser

Home Page
Manual: (SunOS-5.10)
Page:
Section:
Apropos / Subsearch:
optional field

nisgrpadm(1)                     User Commands                    nisgrpadm(1)



NAME
       nisgrpadm - NIS+ group administration command

SYNOPSIS
       nisgrpadm -a | -r | -t [-s] group principal...

       nisgrpadm -d | -l [-M] [-s] group

       nisgrpadm -c [-D defaults] [-M] [-s] group

DESCRIPTION
       The  nisgrpadm utility is used to administer  NIS+ groups. This command
       administers both groups and the groups' membership lists. nisgrpadm can
       create,  destroy, or list  NIS+ groups. nisgrpadm can be used to admin-
       ister a group's membership list. It can add or delete principals to the
       group, or test principals for membership in the group.

       The  names  of  NIS+ groups are syntactically similar to names of  NIS+
       objects but they occupy a separate namespace. A group named a.b.c.d. is
       represented by a NIS+ group object named a.groups_dir.b.c.d.; the func-
       tions described here all expect the name of the group, not the name  of
       the corresponding group object.

       There are three types of group members:

         o  An  explicit  member  is  just a NIS+ principal-name. For example:
            wickedwitch.west.oz.

         o  An implicit ("domain") member, written *.west.oz., means that  all
            principals  in  the  given  domain belong to this member. No other
            forms of wildcarding are allowed; wickedwitch.*.oz. is invalid, as
            is  wickedwitch.west.*.. Note that principals in subdomains of the
            given domain are not included.

         o  A recursive ("group")  member,  written  @cowards.oz.,  refers  to
            another  group;  all principals that belong to that group are con-
            sidered to belong here.


       Any member may be made negative by  prefixing  it  with  a  minus  sign
       ('-'). A group may thus contain explicit, implicit, recursive, negative
       explicit, negative implicit, and negative recursive members.

       A principal is considered to belong to a group  if  it  belongs  to  at
       least one non-negative group member of the group and belongs to no neg-
       ative group members.

       Principal names  must be fully qualified, whereas groups can be  abbre-
       viated on all operations  except create.

OPTIONS
       The following options are supported:

       -a              Adds  the  list of NIS+ principals specified to  group.
                       The principal name should be fully qualified.



       -c              Creates  group in the NIS+ namespace.  The  NIS+  group
                       name should be fully qualified.



       -d              Destroys (removes)  group from the namespace.



       -D defaults     When  creating objects, this option specifies a differ-
                       ent set of  defaults to be used during this  operation.
                       The  defaults string is a series of tokens separated by
                       colons. These tokens represent the default values to be
                       used  for  the  generic  object  properties. All of the
                       legal tokens are described below.

                       ttl=time                This  token  sets  the  default
                                               time  to  live for objects that
                                               are created  by  this  command.
                                               The  value time is specified in
                                               the format as  defined  by  the
                                               nischttl(1)     command.    The
                                               default value is 12 hours.




                       owner=ownername         This token specifies  that  the
                                               NIS+ principal ownername should
                                               own the  created  object.  Nor-
                                               mally this value is the same as
                                               the principal who is  executing
                                               the command.



                       group=groupname         This  token  specifies that the
                                               group groupname should  be  the
                                               group owner for the object that
                                               is created.  The default  value
                                               is NULL.



                       access=rights           This token specifies the set of
                                               access rights that  are  to  be
                                               granted  for  the given object.
                                               The value rights  is  specified
                                               in the format as defined by the
                                               nischmod(1)    command.     The
                                               default         value        is
                                               ----rmcdr---r---.




       -l              Lists the membership list of the specified  group. (See
                       -M option.)



       -M              Master  server  only.  Sends  the  lookup to the master
                       server of the named data. This guarantees that the most
                       up  to date information is seen at the possible expense
                       that the master server may be busy. Note that  the   -M
                       flag is applicable only with the -l flag.



       -r              Removes  the  list of principals specified from  group.
                       The principal name should be fully qualified.



       -s              Work silently. Results are returned using the exit sta-
                       tus  of the command. This status can be translated into
                       a text string using the  niserror(1) command.



       -t              Displays whether the principals specified  are  members
                       in group.



EXAMPLES
   Administering Groups
       Example 1: Creating a group

       This example shows how to create a group in the  foo.com. domain:

       example% nisgrpadm -c my_buds.foo.com.

       Example 2: How to remove a group

       This example shows how to remove the group from the current domain.

       example% nisgrpadm -d freds_group

   Administering Members
       Example 3: Adding to the group

       This  example  shows how one would add two principals,  bob and  betty,
       to the group  my_buds.foo.com.:

       example% nisgrpadm -a my_buds.foo.com. bob.bar.com. betty.foo.com.

       Example 4: How to remove a principal from the group

       This example shows how to remove  betty from  freds_group:

       example% nisgrpadm -r freds_group betty.foo.com.

ENVIRONMENT VARIABLES
       NIS_DEFAULTS                    This  variable  contains   a   defaults
                                       string  that  will  override  the  NIS+
                                       standard defaults.



       NIS_PATH                        If this variable is set, and  the  NIS+
                                       group name is not fully qualified, each
                                       directory specified  will  be  searched
                                       until  the  group  is found (see nisde-
                                       faults(1)).



ATTRIBUTES
       See attributes(5) for descriptions of the following attributes:


       tab()    allbox;    cw(2.750000i)|     cw(2.750000i)     lw(2.750000i)|
       lw(2.750000i).  ATTRIBUTE TYPEATTRIBUTE VALUE AvailabilitySUNWnisu


SEE ALSO
       nis+(1),  nischgrp(1), nischmod(1), nischttl(1), nisdefaults(1), niser-
       ror(1), nis_groups(3NSL), attributes(5)

DIAGNOSTICS
       NIS_SUCCESS             On success, this command returns an exit status
                               of 0.



       NIS_PERMISSION          When you do not have the needed access right to
                               change the  group,  the  command  returns  this
                               error.



       NIS_NOTFOUND            This is returned when the group does not exist.



       NIS_TRYAGAIN            This  error is returned when the server for the
                               group's domain is  currently  checkpointing  or
                               otherwise  in  a  read-only  state. The command
                               should be retried at a later date.



       NIS_MODERROR            This error is returned when the group was modi-
                               fied  by  someone  else during the execution of
                               the command. Reissue the command and optionally
                               recheck the group's membership list.



NOTES
       NIS+ might not be supported in future releases of the SolarisTM Operat-
       ing Environment. Tools to aid the  migration  from  NIS+  to  LDAP  are
       available in the Solaris 9 operating environment. For more information,
       visit http://www.sun.com/directory/nisplus/transition.html.



SunOS 5.10                        10 Dec 2001                     nisgrpadm(1)