NAME
nisgrpadm — NIS+ group administration command
SYNOPSIS
nisgrpadm
-a|
-r|
-t
]
[
-s
]
group
principal...
nisgrpadm
-c|
-d|
-l
[
-M
]
[
-s
]
group
DESCRIPTION
nisgrpadm
is used to administer
NIS+
groups.
This command administers both groups and the groups' membership lists.
nisgrpadm
can create, destroy, or list
NIS+
groups.
nisgrpadm
can be used to administer a group's membership list.
It can add or delete principals to the group,
or test principals for membership in the group.
The names of
NIS+
groups are syntactically similar to names of
NIS+
objects but they occupy a separate namespace. A group named
"a.b.c.d." is represented by a
NIS+
group object named "a.groups_dir.b.c.d."; the functions described
here all expect the name of the group, not the name of the
corresponding group object.
There are three types of group members:
An
explicit
member is just a NIS+ principal-name, for example
"wickedwitch.west.oz."
An
implicit
("domain") member, written "*.west.oz.",
means that all principals in the given domain belong to this member. No other
forms of wildcarding are allowed: "wickedwitch.*.oz." is invalid, as
is "wickedwitch.west.*.". Note that principals in subdomains of
the given domain are
not
included.
A
recursive
("group") member, written "@cowards.oz.",
refers to another group; all principals that belong to that
group are considered to belong here.
Any member may be made
negative
by prefixing it with a
minus sign ('-'). A group may thus contain explicit, implicit,
recursive, negative explicit, negative implicit, and negative
recursive members.
A principal is considered to belong to a group if it belongs to at
least one non-negative group member of the group and belongs to no negative
group members.
Options
- -a
Add the list of
NIS+
principals specified to
group.
The principal name should be fully qualified.
- -c
Create
group
in the
NIS+
namespace.
The
NIS+
group name should be fully qualified.
- -d
Destroy (remove)
group
from the namespace.
- -l
List the membership list of the specified
group.
(See
-M.)
- -M
Master server only.
Send the lookup to the master server of the named data.
This guarantees that the most up to date information is seen
at the possible expense that the master server may be busy.
Note that the
-M
flag is applicable only with the
-l
flag.
- -r
Remove the list of principals specified from
group.
The principal name should be fully qualified.
- -s
Work silently.
Results are returned using the exit status of the command.
This status can be translated into a text string using the
niserror(1)
command.
- -t
Display whether the principals specified are members in group.
EXAMPLES
Administering Groups
Create a group in the
foo.com.
domain:
nisgrpadm -c my_buds.foo.com.
Remove the group from the current domain:
Administering Members
Add two principals,
bob
and
betty
to the group
my_buds.foo.com:
nisgrpadm -a my_buds.foo.com. bob.bar.com. betty.foo.com.
Remove
betty
from
freds_group:
nisgrpadm -r freds_group betty.foo.com.
EXTERNAL INFLUENCES
Environment Variables
- NIS_PATH
If this variable is set and the
NIS+
group name is not fully qualified, each directory specified will be searched
until the group is found (see
nisdefaults(1)).
DIAGNOSTICS
- NIS_SUCCESS
On success, this command returns an exit status of
0.
- NIS_PERMISSION
When you do not have the needed access right to change the group, the
command returns this error.
- NIS_NOTFOUND
This is returned when the group does not exist.
- NIS_TRYAGAIN
This error is returned when the server for the group's domain is currently
checkpointing or otherwise in a read-only state.
The command should be retried at a later date.
- NIS_MODERROR
This error is returned when the group was modified by someone else during
the execution of the command.
Reissue the command and optionally recheck the group's membership list.
AUTHOR
nisgrpadm
was developed by Sun Microsystems, Inc.
NOTES
Principal names
must
be fully qualified, whereas groups can
be abbreviated on all operations
except
create.