[Go to CFHT Home Page] Man Pages
Back to Software Index  BORDER=0Manpage Top Level
    nisgrpadm(1) manual page Table of Contents

Name

nisgrpadm - NIS+ group administration command

Synopsis

nisgrpadm -a| -r| -t ] [ -s ] group principal...

nisgrpadm -c| -d| -l [ -M ] [ -s ] group

Availability

SUNWnisu

Description

nisgrpadm is used to administer NIS+ groups. This command administers both groups and the groups’ membership lists. nisgrpadm can create, destroy, or list NIS+ groups. nisgrpadm can be used to administer a group’s membership list. It can add or delete principals to the group, or test principals for membership in the group.

The names of NIS+ groups are syntactically similar to names of NIS+ objects but they occupy a separate namespace. A group named "a.b.c.d." is represented by a NIS+ group object named "a.groups_dir.b.c.d."; the functions described here all expect the name of the group, not the name of the corresponding group object.

There are three types of group members:

Any member may be made negative by prefixing it with a minus sign (’-’). A group may thus contain explicit, implicit, recursive, negative explicit, negative implicit, and negative recursive members.

A principal is considered to belong to a group if it belongs to at least one non-negative group member of the group and belongs to no negative group members.

Options

-a
Add the list of NIS+ principals specified to group. The principal name should be fully qualified.
-c
Create group in the NIS+ namespace. The NIS+ group name should be fully qualified.
-d
Destroy (remove) group from the namespace.
-l
List the membership list of the specified group. (See -M.)
-M
Master server only. Send the lookup to the master server of the named data. This guarantees that the most up to date information is seen at the possible expense that the master server may be busy. Note that the -M flag is applicable only with the -l flag.
-r
Remove the list of principals specified from group. The principal name should be fully qualified.
-s
Work silently. Results are returned using the exit status of the command. This status can be translated into a text string using the niserror(1) command.
-t
Display whether the principals specified are members in group.

Examples

Administering Groups

This example shows how to create a group in the foo.com. domain.

example% nisgrpadm -c my_buds.foo.com.

This example shows how to remove the group from the current domain.

example% nisgrpadm -d freds_group

Administering Members

This example shows how one would add two principals, bob and betty to the group my_buds.foo.com.

example% nisgrpadm -a my_buds.foo.com. bob.bar.com. betty.foo.com.

This example shows how to remove betty from freds_group.

example% nisgrpadm -r freds_group betty.foo.com.

Environment

NIS_PATH
If this variable is set, and the NIS+ group name is not fully qualified, each directory specified will be searched until the group is found (see nisdefaults(1) ).

See Also

nis+(1) , nischgrp(1) , nisdefaults(1) , niserror(1) , nis_groups(3N)

Diagnostics

NIS_SUCCESS
On success, this command returns an exit status of 0.
NIS_PERMISSION
When you do not have the needed access right to change the group, the command returns this error.
NIS_NOTFOUND
This is returned when the group does not exist.
NIS_TRYAGAIN
This error is returned when the server for the group’s domain is currently checkpointing or otherwise in a read-only state. The command should be retried at a later date.
NIS_MODERROR
This error is returned when the group was modified by someone else during the execution of the command. Reissue the command and optionally recheck the group’s membership list.

Notes

Principal names must be fully qualified, whereas groups can be abbreviated on all operations except create.

Table of Contents