netgroup (5) - Linux Manuals

netgroup: specify network groups


netgroup - specify network groups


The netgroup file defines "netgroups", which are sets of (host, user, domain) tuples, used for permission checking when doing remote mounts,remote logins and remote shells.

Each line in the file consists of a netgroup name followed by a by a list of members, where a member is either another netgroup name, or a triple:

   (host, user, domain) 

where the host, user, and domain are character strings for the corresponding components. Any of the three fields can be empty, in which case it specifies a "wildcard", or may consist of the string "-" to specify "no valid value". The domain field must either be the local domain name or empty for the netgroup entry to be used. This field does not limit the netgroup or provide security. The domain field refers to the domain in which the triple is valid, not the domain containing the the trusted host.

A gateway machine should be listed under all possible hostnames by which it may be recognized:

   gateway (server, , ) (server-sn, , ) (server-bb, , )

The getnetgrent(3), function should normally be used to access the netgroup database.




The triple (,,domain) allows all users and machines trusted access, and has the same effect as the triple (,,). Use the host and user fields of the triple to restrict the access correctly to a specific set of members.


Thorsten Kukuk <kukuk [at]>


getnetgrent(3), exports(5), makedbm(8), ypserv(8)