3.6 Managing Groups

Directory Services stores information about groups in its /groups directory. This is different from the /etc/ group file, which is consulted only in single- user mode.

To list all of the group IDs (GIDs) and group names for the local domain, invoke nireport with the NetInfo domain ( . , the local domain), the directory ( /groups ), and the properties you want to inspect ”in this case, gid and name :

 $  nireport . /groups gid name  -2      nobody -1      nogroup 0       wheel 1       daemon 2       kmem 3       sys 4       tty 5       operator 6       mail 7       bin 20      staff 25      smmsp 26      lp 27      postfix 28      postdrop 31      guest 45      utmp 66      uucp 68      dialer 69      network 70      www 74      mysql 75      sshd 76      qtss 78      mailman 79      appserverusr 80      admin 81      appserveradm 99      unknown 

Although the flat file format is called group (after the /etc/group file), the group directory is /groups . If you forget that last s , nireport will look for the wrong directory. However, if you want to dump the groups directory in the /etc/group file format, use the command nidump group . without that last s .

3.6.1 Creating a Group with niload

The niload utility can be used to read the flat file format used by /etc/group ( name:password:gid: members ). To add a new group, you can create a file that adheres to that format, and load it with niload . For ad hoc work, you can use a here document (an expression that functions as a quoted string, but spans multiple lines) rather than a separate file:

 $  sudo niload group . <<EOF  >  writers:*:1001:  >  EOF  

3.6.2 Creating a Group with dscl

To create a group with dscl , you'll need to create a directory under /groups and set the gid and passwd properties. An asterisk ( * ) specifies no password; be sure to quote it so that the shell does not attempt to expand it. The following creates a group named writers as GID 5005 with no password and no members:

 $  sudo dscl . create /groups/writers gid 5005  $  sudo dscl . create /groups/writers passwd '*'  

3.6.3 Adding Users to a Group

You can add users to the group by appending values to the users property with dscl 's merge command at the command line (or by using the merge command interactively; start dscl in interactive mode with sudo dscl .). If the users property does not exist, dscl creates it. If the users are already part of the group, they are not added to the list (contrast this with the -append command, which can result in the same user being added more than once if the command is invoked multiple times):

 $  sudo dscl . merge /groups/writers users bjepson rothman  

3.6.4 Listing Groups with nidump

Use nidump to confirm that the new group was created correctly. To list groups with nidump , pass in the format (in this case, the group file) and the domain ( . , the local domain):

 $  nidump group .  grep writers  writers:*:5005:bjepson,rothman 

Because you can use nireport to dump any directory, you could also use it to see this information:

 $  nireport . /groups name passwd gid users  grep writers  writers *       5005    bjepson,rothman 

3.6.5 Deleting a Group

To delete a group, use dscl 's delete command. Be careful with this command, since it will delete everything in and below the specified NetInfo directory:

 $  sudo nicl / delete /groups/writers