User Commands nisgrpadm(1)
NAME
nisgrpadm - NIS] group administration command
SYNOPSIS
nisgrpadm -a -r -t [-s] group principal...
nisgrpadm -d -l [-M] [-s] group
nisgrpadm -c [-D defaults] [-M] [-s] group
DESCRIPTION
The nisgrpadm utility is used to administer NIS] groups.
This command administers both groups and the groups' member-
ship lists. nisgrpadm can create, destroy, or list NIS]
groups. nisgrpadm can be used to administer a group's
membership list. It can add or delete principals to the
group, or test principals for membership in the group.
The names of NIS] groups are syntactically similar to names
of NIS] objects but they occupy a separate namespace. A
group named a.b.c.d. is represented by a NIS] group object
named a.groupsdir.b.c.d.; the functions described here all
expect the name of the group, not the name of the
corresponding group object.
There are three types of group members:
o An explicit member is just a NIS] principal-name.
For example: wickedwitch.west.oz.
o An implicit ("domain") member, written *.west.oz.,
means that all principals in the given domain
belong to this member. No other forms of wildcard-
ing are allowed; wickedwitch.*.oz. is invalid, as
is wickedwitch.west.*.. Note that principals in
subdomains of the given domain are not included.
o A recursive ("group") member, written @cowards.oz.,
refers to another group; all principals that
belong to that group are considered to belong here.
Any member may be made negative by prefixing it with a minus
sign ('-'). A group may thus contain explicit, implicit,
recursive, negative explicit, negative implicit, and nega-
tive recursive members.
SunOS 5.11 Last change: 2 Dec 2005 1
User Commands nisgrpadm(1)
A principal is considered to belong to a group if it belongs
to at least one non-negative group member of the group and
belongs to no negative group members.
Principal names must be fully qualified, whereas groups can
be abbreviated on all operations except create.
OPTIONS
The following options are supported:
-a Adds the list of NIS] principals specified to
group. The principal name should be fully
qualified.
-c Creates group in the NIS] namespace. The
NIS] group name should be fully qualified.
-d Destroys (removes) group from the namespace.
-D defaults When creating objects, this option specifies
a different set of defaults to be used dur-
ing this operation. The defaults string is a
series of tokens separated by colons. These
tokens represent the default values to be
used for the generic object properties. All
of the legal tokens are described below.
ttl=time This token sets the
default time to live for
objects that are created
by this command. The value
time is specified in the
format as defined by the
nischttl(1) command. The
default value is 12 hours.
owner=ownername This token specifies that
the NIS] principal owner-
name should own the
created object. Normally
this value is the same as
the principal who is exe-
cuting the command.
group=groupname This token specifies that
the group groupname should
SunOS 5.11 Last change: 2 Dec 2005 2
User Commands nisgrpadm(1)
be the group owner for the
object that is created.
The default value is NUL.
access=rights This token specifies the
set of access rights that
are to be granted for the
given object. The value
rights is specified in the
format as defined by the
nischmod(1) command. The
default value is
----rmcdr---r---.
-l Lists the membership list of the specified
group. (See -M option.)
-M Master server only. Sends the lookup to the
master server of the named data. This guaran-
tees that the most up to date information is
seen at the possible expense that the master
server may be busy. Note that the -M flag is
applicable only with the -l flag.
-r Removes the list of principals specified from
group. The principal name should be fully
qualified.
-s Work silently. Results are returned using the
exit status of the command. This status can
be translated into a text string using the
niserror(1) command.
-t Displays whether the principals specified are
members in group.
EXAMPLES
Administering Groups
Example 1 Creating a group
This example shows how to create a group in the foo.com.
domain:
SunOS 5.11 Last change: 2 Dec 2005 3
User Commands nisgrpadm(1)
example% nisgrpadm -c mybuds.foo.com.
Example 2 How to remove a group
This example shows how to remove the group from the current
domain.
example% nisgrpadm -d fredsgroup
Administering Members
Example 3 Adding to the group
This example shows how one would add two principals, bob
and betty, to the group mybuds.foo.com.:
example% nisgrpadm -a mybuds.foo.com. bob.bar.com. betty.foo.com.
Example 4 How to remove a principal from the group
This example shows how to remove betty from fredsgroup:
example% nisgrpadm -r fredsgroup betty.foo.com.
ENVIRONMENT VARIABLES
NISDEFAULTS This variable contains a defaults string
that will override the NIS] standard
defaults.
NISPATH If this variable is set, and the NIS] group
name is not fully qualified, each directory
specified will be searched until the group
is found (see nisdefaults(1)).
ATRIBUTES
See attributes(5) for descriptions of the following attri-
butes:
SunOS 5.11 Last change: 2 Dec 2005 4
User Commands nisgrpadm(1)
ATRIBUTE TYPE ATRIBUTE VALUE
Availability SUNWnisu
SEE ALSO
NIS](1), nischgrp(1), nischmod(1), nischttl(1), nisde-
faults(1), niserror(1), nisgroups(3NSL), attributes(5)
DIAGNOSTICS
NISUCES On success, this command returns an exit
status of 0.
NISPERMISION When you do not have the needed access
right to change the group, the command
returns this error.
NISNOTFOUND This is returned when the group does not
exist.
NISTRYAGAIN This error is returned when the server for
the group's domain is currently check-
pointing or otherwise in a read-only
state. The command should be retried at a
later date.
NISMODEROR This error is returned when the group was
modified by someone else during the execu-
tion of the command. Reissue the command
and optionally recheck the group's member-
ship list.
NOTES
NIS] might not be supported in future releases of the
Solaris operating system. Tools to aid the migration from
NIS] to LDAP are available in the current Solaris release.
For more information, visit
http:/www.sun.com/directory/nisplus/transition.html.
SunOS 5.11 Last change: 2 Dec 2005 5
|
