Directory Services stores information about groups in its /groups directory. This is different from the /etc/ group file, which is consulted only in single- user mode. To list all of the group IDs (GIDs) and group names for the local domain, invoke nireport with the NetInfo domain ( . , the local domain), the directory ( /groups ), and the properties you want to inspect ”in this case, gid and name : $ nireport . /groups gid name -2 nobody -1 nogroup 0 wheel 1 daemon 2 kmem 3 sys 4 tty 5 operator 6 mail 7 bin 20 staff 25 smmsp 26 lp 27 postfix 28 postdrop 31 guest 45 utmp 66 uucp 68 dialer 69 network 70 www 74 mysql 75 sshd 76 qtss 78 mailman 79 appserverusr 80 admin 81 appserveradm 99 unknown
3.6.1 Creating a Group with niloadThe niload utility can be used to read the flat file format used by /etc/group ( name:password:gid: members ). To add a new group, you can create a file that adheres to that format, and load it with niload . For ad hoc work, you can use a here document (an expression that functions as a quoted string, but spans multiple lines) rather than a separate file: $ sudo niload group . <<EOF > writers:*:1001: > EOF 3.6.2 Creating a Group with dsclTo create a group with dscl , you'll need to create a directory under /groups and set the gid and passwd properties. An asterisk ( * ) specifies no password; be sure to quote it so that the shell does not attempt to expand it. The following creates a group named writers as GID 5005 with no password and no members: $ sudo dscl . create /groups/writers gid 5005 $ sudo dscl . create /groups/writers passwd '*' 3.6.3 Adding Users to a GroupYou can add users to the group by appending values to the users property with dscl 's merge command at the command line (or by using the merge command interactively; start dscl in interactive mode with sudo dscl .). If the users property does not exist, dscl creates it. If the users are already part of the group, they are not added to the list (contrast this with the -append command, which can result in the same user being added more than once if the command is invoked multiple times): $ sudo dscl . merge /groups/writers users bjepson rothman 3.6.4 Listing Groups with nidumpUse nidump to confirm that the new group was created correctly. To list groups with nidump , pass in the format (in this case, the group file) and the domain ( . , the local domain): $ nidump group . grep writers writers:*:5005:bjepson,rothman Because you can use nireport to dump any directory, you could also use it to see this information: $ nireport . /groups name passwd gid users grep writers writers * 5005 bjepson,rothman 3.6.5 Deleting a GroupTo delete a group, use dscl 's delete command. Be careful with this command, since it will delete everything in and below the specified NetInfo directory: $ sudo nicl / delete /groups/writers |