Unix‎ > ‎Solaris‎ > ‎Solaris man pages‎ > ‎1‎ > ‎


     nisgrpadm - NIS+ group administration command

     nisgrpadm -a | -r | -t [-s] group principal...

     nisgrpadm -d | -l [-M] [-s] group

     nisgrpadm -c [-D defaults] [-M] [-s] group

     The nisgrpadm utility is used to  administer   NIS+  groups.
     This command administers both groups and the groups' member-
     ship lists. nisgrpadm can create,  destroy,  or  list   NIS+
     groups.  nisgrpadm  can  be  used  to  administer  a group's
     membership list. It can add  or  delete  principals  to  the
     group, or test principals for membership in the group.

     The names of NIS+ groups are syntactically similar to  names
     of   NIS+  objects  but  they occupy a separate namespace. A
     group named a.b.c.d. is represented by a NIS+  group  object
     named  a.groups_dir.b.c.d.; the functions described here all
     expect  the  name  of  the  group,  not  the  name  of   the
     corresponding group object.

     There are three types of group members:

         o    An explicit member is just a  NIS+  principal-name.
              For example: wickedwitch.west.oz.

         o    An implicit ("domain") member, written  *.west.oz.,
              means  that  all  principals  in  the  given domain
              belong to this member. No other forms of  wildcard-
              ing  are  allowed; wickedwitch.*.oz. is invalid, as
              is wickedwitch.west.*..  Note  that  principals  in
              subdomains of the given domain are not included.

         o    A recursive ("group") member, written @cowards.oz.,
              refers  to  another  group;   all  principals  that
              belong to that group are considered to belong here.

     Any member may be made negative by prefixing it with a minus
     sign  ('-').  A  group  may thus contain explicit, implicit,
     recursive, negative explicit, negative implicit,  and  nega-
     tive recursive members.

     A principal is considered to belong to a group if it belongs
     to  at  least one non-negative group member of the group and
     belongs to no negative group members.

     Principal names  must be fully qualified, whereas groups can
     be abbreviated on all operations  except create.

     The following options are supported:

     -a             Adds the list of NIS+ principals specified to
                    group.  The  principal  name  should be fully

     -c             Creates  group in  the  NIS+  namespace.  The
                    NIS+ group name should be fully qualified.

     -d             Destroys (removes)  group from the namespace.

     -D defaults    When creating objects, this option  specifies
                    a  different set of  defaults to be used dur-
                    ing this operation. The defaults string is  a
                    series  of  tokens separated by colons. These
                    tokens represent the  default  values  to  be
                    used  for  the generic object properties. All
                    of the legal tokens are described below.

                    ttl=time           This   token   sets    the
                                       default  time  to live for
                                       objects that  are  created
                                       by this command. The value
                                       time is specified  in  the
                                       format  as  defined by the
                                       nischttl(1)  command.  The
                                       default value is 12 hours.

                    owner=ownername    This token specifies  that
                                       the  NIS+ principal owner-
                                       name   should   own    the
                                       created  object.  Normally
                                       this value is the same  as
                                       the  principal who is exe-
                                       cuting the command.

                    group=groupname    This token specifies  that
                                       the group groupname should
                                       be the group owner for the
                                       object  that  is  created.
                                       The default value is NULL.

                    access=rights      This token  specifies  the
                                       set  of access rights that
                                       are to be granted for  the
                                       given  object.  The  value
                                       rights is specified in the
                                       format  as  defined by the
                                       nischmod(1)  command.  The
                                       default      value      is

     -l             Lists the membership list  of  the  specified
                    group. (See  -M option.)

     -M             Master server only. Sends the lookup  to  the
                    master server of the named data. This guaran-
                    tees that the most up to date information  is
                    seen  at the possible expense that the master
                    server may be busy. Note that the  -M flag is
                    applicable only with the -l flag.

     -r             Removes the list of principals specified from
                    group.  The  principal  name  should be fully

     -s             Work silently. Results are returned using the
                    exit  status  of the command. This status can
                    be translated into a text  string  using  the
                    niserror(1) command.

     -t             Displays whether the principals specified are
                    members in group.

  Administering Groups
     Example 1 Creating a group

     This example shows how to create a group  in  the   foo.com.

       example% nisgrpadm -c my_buds.foo.com.

     Example 2 How to remove a group

     This example shows how to remove the group from the  current

       example% nisgrpadm -d freds_group

  Administering Members
     Example 3 Adding to the group

     This example shows how one would add  two  principals,   bob
     and  betty, to the group  my_buds.foo.com.:

       example% nisgrpadm -a my_buds.foo.com. bob.bar.com. betty.foo.com.

     Example 4 How to remove a principal from the group

     This example shows how to remove  betty from  freds_group:

       example% nisgrpadm -r freds_group betty.foo.com.

     NIS_DEFAULTS    This variable  contains  a  defaults  string
                     that   will   override   the  NIS+  standard

     NIS_PATH        If this variable is set, and the NIS+  group
                     name  is not fully qualified, each directory
                     specified will be searched until  the  group
                     is found (see nisdefaults(1)).

     See attributes(5) for descriptions of the  following  attri-
    |       ATTRIBUTE TYPE        |       ATTRIBUTE VALUE       |
    | Availability                | SUNWnisu                    |

     NIS+(1),  nischgrp(1),  nischmod(1),   nischttl(1),   nisde-
     faults(1), niserror(1), nis_groups(3NSL), attributes(5)

     NIS_SUCCESS       On success, this command returns  an  exit
                       status of 0.

     NIS_PERMISSION    When you do not  have  the  needed  access
                       right  to  change  the  group, the command
                       returns this error.

     NIS_NOTFOUND      This is returned when the group  does  not

     NIS_TRYAGAIN      This error is returned when the server for
                       the  group's  domain  is  currently check-
                       pointing  or  otherwise  in  a   read-only
                       state.  The command should be retried at a
                       later date.

     NIS_MODERROR      This error is returned when the group  was
                       modified by someone else during the execu-
                       tion of the command. Reissue  the  command
                       and optionally recheck the group's member-
                       ship list.

     NIS+ might not  be  supported  in  future  releases  of  the
     Solaris  operating  system.  Tools to aid the migration from
     NIS+ to LDAP are available in the current  Solaris  release.
     For            more            information,            visit

Man pages from Solaris 10 Update 8. See docs.sun.com and www.oracle.com for further documentation and Solaris information.