

                                 NetGroups

Netgroups is designed to use NIS to manage a large group of user logins and user
groups and a large group of machines to allow or disallow logging in and NFS
mounting.

Netgroups allows the system administrator of a large group of machines to
define his Users once in the NIS Master Server /etc/passwd file and define
groups of users in the /etc/netgroupd.d/Users directory and define
his Machines once in the DNS Name Server or other name service and groups of
machines in the /etc/netgroup.d/Machines directory.

Then on each NIS client machine in his network he will edit the /etc/passwd and
/etc/group (and /etc/shadow and /etc/gshadow) files to include individual users
or groups of users with the NetGroup style entries as follows:

File /etc/passwd:
+user1::::::
+@group1name::::::
-user2::::::
-@group2name::::::

File /etc/group
+:::

File /etc/shadow
+user1::::::::
+@group1name::::::::
-user2::::::::
-@group2name::::::::

File /etc/gshadow
+:::


Lastly, on each client he will change the /etc/nsswitch.conf passwd, shadow,
and group entries to contain the word "compat".

After NIS is set up and NetGroups is set up the administrator can enter his
user and machine group names in the Users/*.i files and Machines/*.i files
to define the groups.  To update the changes just type "make" in the
/etc/netgroup.d directory.  Then type "make yp" to update the NIS or go into
the /var/yp directory and type "make".

For NFS mounting Sun suggests putting all exported file systems (for instance,
User Home directories) in each server's /exports directory and exporting them
from there.  Then each client (and the server also) can mount home directories
via the AUTOMOUNT or AMD maps that have been set up to map a user's logical
home directory to the physical place it is mounted across the network.

This system has been succesfully used to manage a 3000 user 150+ machine 
network for the last 10 years.

