Solved: question about Netgroups file...

MSANDONASSGA · ‎2014-11-06

stupid question...can a netgroup contain hostnames AND IP addresses?

Checked everywhere and can't find the answer...

thank you.

Matt

hariprak · ‎2014-11-11

You cannot define ipaddress in netgroup.

For example, the following would be a typical /etc/netgroup file, on a NIS master:

# cat /etc/netgroup

root-users (-,user1), (-,user2), (-,user3)
trusted-machines (machine1,-), (machine2,-), (machine3,-)

Netgroups are limited to 1024 characters in size.

If you need to put together a longer netgroup, you can do so by making a meta-group:

meta-group netgroup1 netgroup2 netgroup1

Thanks

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

View solution in original post

hariprak · ‎2014-11-07

Hi,

netgroup defines network wide groups used for access permission checking during remote mount request processing. Each line defines a group and has the format:

EXAMPLE
This is a typical netgroup file:

trusted_hosts (adminhost,,) (zeus,,) (thor,,) (minerva,,)

untrusted_hosts
(sleepy,,) (dopey,,) (grumpy,,) (sneezy,,)

all_hosts
trusted_hosts untrusted_hosts

With this netgroup file it might make sense to modify /etc/exports to export / on the node only to trusted_hosts, but to export /home to all_hosts.

For further more details refer, https://library.netapp.com/ecmdocs/ECMP1196979/html/man5/na_netgroup.5.html

Thanks

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

MSANDONASSGA · ‎2014-11-07

Thank you for the response. I appreciate it.

I know this but my question is can I define a host name AND IP Addresses in the netgroup? For example:

#netgroup file example
linuxhosts (rhel1.corp.com,,) (rhel1-nfs.corp.com,,) (10.10.97.113,,) (10.10.97.114,,)

We have a requirement to create exports and grant access to 1) the server hostname on VLAN1, i.e. rhel1.corp.com 2) the NFS interface hostname on VLAN2, i.e., rhel1-nfs.corp.com 3) the IP address for each of these two hostnames, i.e., 10.10.97.113, 10.10.97.114

I'd prefer not to have to list the IP addresses in the export file if I can just put them in to the netgroup.

Matt

hariprak · ‎2014-11-11

You cannot define ipaddress in netgroup.

For example, the following would be a typical /etc/netgroup file, on a NIS master:

# cat /etc/netgroup

root-users (-,user1), (-,user2), (-,user3)
trusted-machines (machine1,-), (machine2,-), (machine3,-)

Netgroups are limited to 1024 characters in size.

If you need to put together a longer netgroup, you can do so by making a meta-group:

meta-group netgroup1 netgroup2 netgroup1

Thanks

If this post resolved your issue, help others by selecting ACCEPT AS SOLUTION or adding a KUDO.

randys · ‎2015-11-05

This thread is kind of old and marked as resolved, but this may help someone.

Something to try... (tested on 8.2.3p3 7-mode)

Add the ip addresses to your /etc/hosts file

...

# My Group 1

XX.XX.XX.101 HostGroup1

XX.XX.XX.105 HostGroup1

XX.XX.XX.45 HostGroup1

...

Use "HostGroup1" as the host in your NFS permissions, or your netgroup definition.

When a nfs host attaches, a reverse lookup via the order defined in nsswitch.conf is done. it will find the ip in the hosts file, and respond with the "HostGroup1" host name that matches your permissions directly or by netgroup it is listed in.