Feature #3163
closed
nss: need local netgroup implementation
100%
Description
/etc/netgroup now is only for NIS-server, but it also could be used for non-NIS purposes.
nss_files.so doesn't have parser for that, so it should be implemented.
Related issues
Updated by Vitaliy Gusev almost 11 years ago
instead of set:
zfs sharenfs="ro=host1,host2,...,host1024" datasetcan be used next:
/etc/netgroup:netgroup_rohosts (host1,,) (host2,,) ... (host1024,,)zfs sharenfs="ro=netgroup_rohosts" dataset
Updated by Gordon Ross about 6 years ago
There's an implementation of this in NexentaStor, in case anyone wants to upstream it.
https://github.com/Nexenta/illumos-nexenta/commit/bbd227bda98152331a777d5738104051002253b7
Updated by Lee Damon almost 2 years ago
This would be very helpful.
Right now I have several NFS exports that go to every host in my site (home directories, etc). The list is too long to be used in a zfs -o sharenfs command. (Plus, having to reset sharenfs every time a host is added means errors are likely to be made). it would be quite useful to have netgroups deal with this. Right now the only way to do that is to run NIS which is a non-starter. Instead I have a shell script that re-exports every directory every time something changes. The resulting mix of /etc/dfs/dfstab and zfs sharenfs is fragile and non-optimal.
Ideally, I'd just export those filesystems to a netgroup (via zfs sharenfs) then just update /etc/netgroups when new hosts are added.
Updated by Andy Fiddaman almost 2 years ago
- Tracker changed from Bug to Feature
- Category set to lib - userland libraries
- Status changed from New to In Progress
- Assignee changed from Vitaliy Gusev to Andy Fiddaman
- Start date changed from 2012-09-06 to 2021-06-17
- Tags deleted (
needs-triage)
Updated by Marco van Wieringen almost 2 years ago
Imported the mentioned code into Omnios bloody and with the help of Andy Fiddaman did some cleanups.
Also did some initial testing given I have LDAP netgroups already tested the combination of local /etc/netgroup and
LDAP netgroups.
> getent netgroup test staff
test \
(,test,)
staff \
(,mvw,) \
(,ed,) \
(,luc,) \
(,smvw,)
Also tested the nsstest programs.
Updated by Marco van Wieringen almost 2 years ago
Testing with the newest version again with local /etc/netgroup and LDAP.
22:23 [mvw:europa][4] /build/illumos-gate > getent netgroup test test (,test,) 22:23 [mvw:europa][5] /build/illumos-gate > getent netgroup staff staff (,mvw,) (,ed,) (,luc,) (,smvw,) 22:23 [mvw:europa][6] /build/illumos-gate > getent netgroup staff \* mvw \* staff (*,mvw,*) = 1
Things now mimic Solaris 11.4 which borrowed the ideas from Linux regarding the 4 key
getent netgroup syntax. Linux even has a typo in the man page as it lets you believe you
can use getent netgroup and then 3 keys but things only work with 4 e.g. netgroupname, host, user and domainname.
The output from getent netgroup is now analog to Linux and Solaris 11.4 the previous output was the way FreeBSD gives output.
Updated by Electric Monk almost 2 years ago
- Status changed from In Progress to Closed
- % Done changed from 0 to 100
git commit 74e12c43fe52f2c30f36e65a4d0fb0e8dfd7068a
commit 74e12c43fe52f2c30f36e65a4d0fb0e8dfd7068a
Author: Gordon Ross <gwr@nexenta.com>
Date: 2021-07-06T18:42:09.000Z
3163 nss: need local netgroup implementation
Portions contributed by: Marco van Wieringen <marco.van.wieringen@planets.elm.net>
Reviewed by: Andy Fiddaman <andy@omnios.org>
Reviewed by: Peter Tribble <peter.tribble@gmail.com>
Reviewed by: Toomas Soome <tsoome@me.com>
Approved by: Robert Mustacchi <rm@fingolfin.org>
Updated by Toomas Soome almost 2 years ago
- Related to Bug #13944: nsswitch getnetgrent.c build has reset CERRWARN and SMATCH added