nisgrpadm(1) User Commands nisgrpadm(1)
nisgrpadm - NIS+ group administration command
nisgrpadm -a | -r | -t [-s] group principal...
nisgrpadm -d | -l [-M] [-s] group
nisgrpadm -c [-D defaults] [-M] [-s] group
The nisgrpadm utility is used to administer NIS+ groups. This command
administers both groups and the groups' membership lists. nisgrpadm can
create, destroy, or list NIS+ groups. nisgrpadm can be used to admin-
ister a group's membership list. It can add or delete principals to the
group, or test principals for membership in the group.
The names of NIS+ groups are syntactically similar to names of NIS+
objects but they occupy a separate namespace. A group named a.b.c.d. is
represented by a NIS+ group object named a.groups_dir.b.c.d.; the func-
tions described here all expect the name of the group, not the name of
the corresponding group object.
There are three types of group members:
o An explicit member is just a NIS+ principal-name. For example:
o An implicit ("domain") member, written *.west.oz., means that all
principals in the given domain belong to this member. No other
forms of wildcarding are allowed; wickedwitch.*.oz. is invalid, as
is wickedwitch.west.*.. Note that principals in subdomains of the
given domain are not included.
o A recursive ("group") member, written @cowards.oz., refers to
another group; all principals that belong to that group are con-
sidered to belong here.
Any member may be made negative by prefixing it with a minus sign
('-'). A group may thus contain explicit, implicit, recursive, negative
explicit, negative implicit, and negative recursive members.
A principal is considered to belong to a group if it belongs to at
least one non-negative group member of the group and belongs to no neg-
ative group members.
Principal names must be fully qualified, whereas groups can be abbre-
viated on all operations except create.
The following options are supported:
-a Adds the list of NIS+ principals specified to group.
The principal name should be fully qualified.
-c Creates group in the NIS+ namespace. The NIS+ group
name should be fully qualified.
-d Destroys (removes) group from the namespace.
-D defaults When creating objects, this option specifies a differ-
ent set of defaults to be used during this operation.
The defaults string is a series of tokens separated by
colons. These tokens represent the default values to be
used for the generic object properties. All of the
legal tokens are described below.
ttl=time This token sets the default
time to live for objects that
are created by this command.
The value time is specified in
the format as defined by the
nischttl(1) command. The
default value is 12 hours.
owner=ownername This token specifies that the
NIS+ principal ownername should
own the created object. Nor-
mally this value is the same as
the principal who is executing
group=groupname This token specifies that the
group groupname should be the
group owner for the object that
is created. The default value
access=rights This token specifies the set of
access rights that are to be
granted for the given object.
The value rights is specified
in the format as defined by the
nischmod(1) command. The
default value is
-l Lists the membership list of the specified group. (See
-M Master server only. Sends the lookup to the master
server of the named data. This guarantees that the most
up to date information is seen at the possible expense
that the master server may be busy. Note that the -M
flag is applicable only with the -l flag.
-r Removes the list of principals specified from group.
The principal name should be fully qualified.
-s Work silently. Results are returned using the exit sta-
tus of the command. This status can be translated into
a text string using the niserror(1) command.
-t Displays whether the principals specified are members
Example 1: Creating a group
This example shows how to create a group in the foo.com. domain:
example% nisgrpadm -c my_buds.foo.com.
Example 2: How to remove a group
This example shows how to remove the group from the current domain.
example% nisgrpadm -d freds_group
Example 3: Adding to the group
This example shows how one would add two principals, bob and betty,
to the group my_buds.foo.com.:
example% nisgrpadm -a my_buds.foo.com. bob.bar.com. betty.foo.com.
Example 4: How to remove a principal from the group
This example shows how to remove betty from freds_group:
example% nisgrpadm -r freds_group betty.foo.com.
NIS_DEFAULTS This variable contains a defaults
string that will override the NIS+
NIS_PATH If this variable is set, and the NIS+
group name is not fully qualified, each
directory specified will be searched
until the group is found (see nisde-
See attributes(5) for descriptions of the following attributes:
tab() allbox; cw(2.750000i)| cw(2.750000i) lw(2.750000i)|
lw(2.750000i). ATTRIBUTE TYPEATTRIBUTE VALUE AvailabilitySUNWnisu
nis+(1), nischgrp(1), nischmod(1), nischttl(1), nisdefaults(1), niser-
ror(1), nis_groups(3NSL), attributes(5)
NIS_SUCCESS On success, this command returns an exit status
NIS_PERMISSION When you do not have the needed access right to
change the group, the command returns this
NIS_NOTFOUND This is returned when the group does not exist.
NIS_TRYAGAIN This error is returned when the server for the
group's domain is currently checkpointing or
otherwise in a read-only state. The command
should be retried at a later date.
NIS_MODERROR This error is returned when the group was modi-
fied by someone else during the execution of
the command. Reissue the command and optionally
recheck the group's membership list.
NIS+ might not be supported in future releases of the SolarisTM Operat-
ing Environment. Tools to aid the migration from NIS+ to LDAP are
available in the Solaris 9 operating environment. For more information,
SunOS 5.10 10 Dec 2001 nisgrpadm(1)