|< Day Day Up >|
The Directory Services equivalent of the passwd file resides under the /users portion of the directory. Although Mac OS X includes /etc/passwd and /etc/master.passwd files, they are consulted only while the system is in single-user mode, or if the system has been reconfigured to use BSD Flat Files (see "Configuring Directory Services," earlier in this chapter).
To add a normal user to your system, you should use System Preferences Accounts. However, if you want to bulk-load NetInfo with many users or create a user while logged in over ssh, you can use dscl or niload.
You can list all users with the nireport utility. Supply the NetInfo domain (., the local domain), the directory (/users), and the properties you want to inspect (uid, name, home, realname, and shell):
$ nireport . /users uid name home realname shell -2 nobody /var/empty Unprivileged User /usr/bin/false 0 root /var/root System Administrator /bin/sh 1 daemon /var/root System Services /usr/bin/false 99 unknown /var/empty Unknown User /usr/bin/false 26 lp /var/spool/cups Printing Services /usr/bin/false 27 postfix /var/spool/postfix Postfix User /usr/bin/false 70 www /Library/WebServer World Wide Web Server /usr/bin/false 71 eppc /var/empty Apple Events User /usr/bin/false 74 mysql /var/empty MySQL Server /usr/bin/false 75 sshd /var/empty sshd Privilege separation /usr/bin/false 76 qtss /var/empty QuickTime Streaming Server /usr/bin/false 77 cyrusimap /var/imap Cyrus IMAP User /usr/bin/false 78 mailman /var/empty Mailman user /usr/bin/false 79 appserver /var/empty Application Server /usr/bin/false [... and so on ...]
5.7.1. Creating a User with niload
The niload utility understands the flat file format used by /etc/passwd (which is name:password:uid:gid:class:change:expire:gecos:home_dir:shell). See the passwd(5) manpage for a description of each field. To add a new user, create a file that adheres to that format and load it with niload. You can use a here document rather than a separate file. This example creates a user for Ernest Rothman with a UID of 701 and membership in the group numbered 701, which you'll create next:
$ sudo niload passwd . <<EOF > rothman:*:701:701::0:0:Ernest Rothman:/Users/rothman:/bin/bash > EOF
Next, create a group with the same name as the new user and a GID that matches his UID (as of Mac OS X 10.3, users are given their own groups):
$ sudo niload group . <<EOF > rothman:*:701: > EOF
As you can see from the example, we set the user's password field to *, which disables logins for that account. To set the password, we'll use the passwd command:
$ sudo passwd rothman Changing password for rothman. New password: ******** Retype new password: ********
If you niload a user that already exists, that user's entry will be updated with the new information. Before the user can log in, you must create his home directory (see "Creating a User's Home Directory," later in this chapter).
5.7.2. Creating a User with dscl
To create a user with dscl, you'll need to create a directory under /users, and set the uid, gid, shell, realname, and home properties.
The following commands will create the same user shown in the previous section:
$ sudo dscl . create /users/rothman uid 701 $ sudo dscl . create /users/rothman gid 701 $ sudo dscl . create /users/rothman shell /bin/bash $ sudo dscl . create /users/rothman home /Users/rothman $ sudo dscl . create /users/rothman realname "Ernest Rothman" $ sudo dscl . create /users/rothman passwd \* $ sudo dscl . create /groups/rothman gid 701 $ sudo dscl . create /groups/rothman passwd \*
Be sure to quote or escape the asterisk (*) in the passwd entries. After you create the user, you should set the password as shown in the previous section.
5.7.3. Creating a User's Home Directory
One thing that NetInfo can't do for you is create the user's home directory. Mac OS X keeps a skeleton directory under the /System/Library/User Template directory. If you look in this directory, you'll see localized versions of a user's home directory. To copy the localized English version of the home directory, use the ditto command with the rsrc flag to preserve any resource forks that may exist:
$ sudo ditto --rsrc \ /System/Library/User\ Template/English.lproj /Users/rothman
Then, use chown to recursively set the ownership of the home directory and all its contents (make sure you set the group to a group of which the user is a member):
$ sudo chown -R rothman:rothman /Users/rothman
This change makes the new user the owner of his home directory and all its contents.
5.7.4. Granting Administrative Privileges
To give someone administrative privileges, add that user to the admin group (/groups/admin). This gives him or her the ability to use sudo and run applications (such as software installers) that require such privileges:
$ sudo dscl . merge /groups/admin users rothman
If you want this setting to take place immediately, you can run the command sudo lookupd -flushcache to flush any cached credentials.
5.7.5. Modifying a User
You can change a user's properties by using the create command, even if that property already exists. For example, to change rothman's shell to zsh, use:
$ sudo dscl . -create /users/rothman shell /bin/zsh
5.7.6. Listing Users with nidump
Use nidump to confirm that rothman was added successfully. To list users with nidump, pass in the format (in this case, the passwd file) and the domain (use . for the local domain):
$ nidump passwd . | grep rothman rothman:********:701:701::0:0:Ernest Rothman:/Users/rothman:/bin/zsh
5.7.7. Deleting a User
To delete a user, use dscl's delete command. Since delete recursively deletes everything under the specified directory, use this command with caution:
$ sudo dscl . delete /users/rothman
If you want to also delete that user's home directory, you'll have to do it manually.
|< Day Day Up >|