Networking Services Library Functions nisgroups(3NSL)
NAME
nisgroups, nisismember, nisaddmember, nisremovemember,
niscreategroup, nisdestroygroup, nisverifygroup,
nisprintgroupentry - NIS] group manipulation functions
SYNOPSIS
cc [ flag ... ] file ... -lnsl [ library ... ]
#include
boolt nisismember(nisname principal, nisname group);
niserror nisaddmember(nisname member, nisname group);
niserror nisremovemember(nisname member, nisname group);
niserror niscreategroup(nisname group, uintt flags);
niserror nisdestroygroup(nisname group);
void nisprintgroupentry(nisname group);
niserror nisverifygroup(nisname group);
DESCRIPTION
These functions manipulate NIS] groups. They are used by
NIS] clients and servers, and are the interfaces to the
group authorization object.
The names of NIS] groups are syntactically similar to names
of NIS] objects but they occupy a separate namespace. A
group named "a.b.c.d." is represented by a NIS] group object
named "a.groupsdir.b.c.d."; the functions described here
all expect the name of the group, not the name of the
corresponding group object.
There are three types of group members:
o An explicit member is just a NIS] principal-name,
for example "wickedwitch.west.oz."
o An implicit ("domain") member, written
SunOS 5.11 Last change: 10 Nov 2005 1
Networking Services Library Functions nisgroups(3NSL)
"*.west.oz.", means that all principals in the
given domain belong to this member. No other forms
of wildcarding are allowed: "wickedwitch.*.oz." is
invalid, as is "wickedwitch.west.*.". Note that
principals in subdomains of the given domain are
not included.
o A recursive ("group") member, written
"@cowards.oz.", refers to another group. All prin-
cipals that belong to that group are considered to
belong here.
Any member may be made negative by prefixing it with a minus
sign ('-'). A group may thus contain explicit, implicit,
recursive, negative explicit, negative implicit, and nega-
tive recursive members.
A principal is considered to belong to a group if it belongs
to at least one non-negative group member of the group and
belongs to no negative group members.
The nisismember() function returns TRUE if it can establish
that principal belongs to group; otherwise it returns
FALSE.
The nisaddmember() and nisremovemember() functions add or
remove a member. They do not check whether the member is
valid. The user must have read and modify rights for the
group in question.
The niscreategroup() and nisdestroygroup() functions
create and destroy group objects. The user must have create
or destroy rights, respectively, for the groupsdir direc-
tory in the appropriate domain. The parameter flags to
niscreategroup() is currently unused and should be set to
zero.
The nisprintgroupentry() function lists a group's members
on the standard output.
The nisverifygroup() function returns NISUCES if the
given group exists, otherwise it returns an error code.
SunOS 5.11 Last change: 10 Nov 2005 2
Networking Services Library Functions nisgroups(3NSL)
These functions only accept fully-qualified NIS] names.
A group is represented by a NIS] object with a variant part
that is defined in the groupobj structure. See
nisobjects(3NSL). It contains the following fields:
uintt grflags; /* Interpretation Flags
(currently unused) */
struct {
uintt grmemberslen;
nisname *grmembersval;
} grmembers; /* Array of members */
NIS] servers and clients maintain a local cache of expanded
groups to enhance their performance when checking for group
membership. Should the membership of a group change,
servers and clients with that group cached will not see the
change until either the group cache has expired or it is
explicitly flushed. A server's cache may be flushed program-
matically by calling the nisservstate() function with tag
TAGCACHE and a value of 1.
There are currently no known methods for nisismember(),
nisprintgroupentry(), and nisverifygroup() to get their
answers from only the master server.
EXAMPLES
Example 1 Simple Memberships
Given a group sadsouls.oz. with members tinman.oz.,
lion.oz., and scarecrow.oz., the function call
boolvar = nisismember("lion.oz.", "sadsouls.oz.");
will return 1 (TRUE) and the function call
boolvar = nisismember("toto.oz.", "sadsouls.oz.");
SunOS 5.11 Last change: 10 Nov 2005 3
Networking Services Library Functions nisgroups(3NSL)
will return 0 (FALSE).
Example 2 Implicit Memberships
Given a group baddies.oz., with members
wickedwitch.west.oz. and *.monkeys.west.oz., the function
call boolvar = nisismember("hogan.monkeys.west.oz.",
"baddies.oz."); will return 1 (TRUE) because any principal
from the monkeys.west.oz. domain belongs to the implicit
group *.monkeys.west.oz., but the function call
boolvar = nisismember("hogan.big.monkeys.west.oz.", "baddies.oz.");
will return 0 (FALSE).
Example 3 Recursive Memberships
Given a group goodandbad.oz., with members toto.kansas,
@sadsouls.oz., and @baddies.oz., and the groups
sadsouls.oz. and baddies.oz. defined above, the function
call
boolvar = nisismember("wickedwitch.west.oz.", "goodandbad.oz.");
will return 1 (TRUE), because wickedwitch.west.oz. is a
member of the baddies.oz. group which is recursively
included in the goodandbad.oz. group.
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
SunOS 5.11 Last change: 10 Nov 2005 4
Networking Services Library Functions nisgroups(3NSL)
ATRIBUTE TYPE ATRIBUTE VALUE
MT-Level MT-Safe
SEE ALSO
nisgrpadm(1), nisobjects(3NSL), attributes(5)
NOTES
NIS] might not be supported in future releases of the
Solaris operating system. Tools to aid the migration from
NIS] to LDAP are available in the current Solaris release.
For more information, visit
http:/www.sun.com/directory/nisplus/transition.html.
SunOS 5.11 Last change: 10 Nov 2005 5
|
