The netgroup map defines a hierarchy of netgroup groups and members. The netgroup map controls access by user name, host name, or NIS domain name. The derived maps are netgnetgroup.byhostroup.byhost and netgroup.byuser. In most cases, the NIS map is created from the /etc/netgroup file. A typical line looks like this:
The keys in a netgroup map are the names of each netgroup. The values in a netgroup map are one or more space-separated elements. An element can be:
- a set of three comma-separated components.
- a netgroup name.
When specifying an element as a set of three components, you can omit any component to allow any value for that component or specify the special character dash (-) to eliminate a component as a valid value.
The netgroup.byhost map uses the host name as the key and the value is the list of all netgroups that contain the key host somewhere in the hierarchy.
The netgroup.byuser map uses the user name as the key and the value is the list of all netgroups that contain the key user somewhere in the hierarchy.
If you create a netgroup map in Active Directory, you must not include the key as part of the value. To illustrate, the following example has entries for two netgroups—onlyhosts and onlyusers—and how the groups become key and value entries in the derived NIS maps.