5.7. Managing Users and Passwords

 < Day Day Up > 

The Directory Services equivalent of the passwd file resides under the /users portion of the directory. Although Mac OS X includes /etc/passwd and /etc/master.passwd files, they are consulted only while the system is in single-user mode, or if the system has been reconfigured to use BSD Flat Files (see "Configuring Directory Services," earlier in this chapter).

To add a normal user to your system, you should use System Preferences Accounts. However, if you want to bulk-load NetInfo with many users or create a user while logged in over ssh, you can use dscl or niload.

You can list all users with the nireport utility. Supply the NetInfo domain (., the local domain), the directory (/users), and the properties you want to inspect (uid, name, home, realname, and shell):

     $ nireport . /users uid name home realname shell      -2      nobody  /var/empty      Unprivileged User       /usr/bin/false     0       root    /var/root       System Administrator    /bin/sh     1       daemon  /var/root       System Services /usr/bin/false     99      unknown /var/empty      Unknown User    /usr/bin/false     26      lp      /var/spool/cups Printing Services       /usr/bin/false     27      postfix /var/spool/postfix      Postfix User    /usr/bin/false     70      www     /Library/WebServer      World Wide Web Server   /usr/bin/false     71      eppc    /var/empty      Apple Events User       /usr/bin/false     74      mysql   /var/empty      MySQL Server    /usr/bin/false     75      sshd    /var/empty      sshd Privilege separation       /usr/bin/false     76      qtss    /var/empty      QuickTime Streaming Server      /usr/bin/false     77      cyrusimap       /var/imap       Cyrus IMAP User /usr/bin/false     78      mailman /var/empty      Mailman user    /usr/bin/false     79      appserver       /var/empty      Application Server      /usr/bin/false     [... and so on ...]  

5.7.1. Creating a User with niload

The niload utility understands the flat file format used by /etc/passwd (which is name:password:uid:gid:class:change:expire:gecos:home_dir:shell). See the passwd(5) manpage for a description of each field. To add a new user, create a file that adheres to that format and load it with niload. You can use a here document rather than a separate file. This example creates a user for Ernest Rothman with a UID of 701 and membership in the group numbered 701, which you'll create next:

     $ sudo niload passwd . <<EOF     > rothman:*:701:701::0:0:Ernest Rothman:/Users/rothman:/bin/bash     > EOF 

Next, create a group with the same name as the new user and a GID that matches his UID (as of Mac OS X 10.3, users are given their own groups):

     $ sudo niload group . <<EOF     > rothman:*:701:     > EOF 

As you can see from the example, we set the user's password field to *, which disables logins for that account. To set the password, we'll use the passwd command:

     $ sudo passwd rothman     Changing password for rothman.     New password: ********     Retype new password: ******** 

If you niload a user that already exists, that user's entry will be updated with the new information. Before the user can log in, you must create his home directory (see "Creating a User's Home Directory," later in this chapter).

5.7.2. Creating a User with dscl

To create a user with dscl, you'll need to create a directory under /users, and set the uid, gid, shell, realname, and home properties.

The following commands will create the same user shown in the previous section:

     $ sudo dscl . create /users/rothman uid 701     $ sudo dscl . create /users/rothman gid 701     $ sudo dscl . create /users/rothman shell /bin/bash     $ sudo dscl . create /users/rothman home /Users/rothman     $ sudo dscl . create /users/rothman realname "Ernest Rothman"     $ sudo dscl . create /users/rothman passwd \*     $ sudo dscl . create /groups/rothman gid 701     $ sudo dscl . create /groups/rothman passwd \* 

Be sure to quote or escape the asterisk (*) in the passwd entries. After you create the user, you should set the password as shown in the previous section.

5.7.3. Creating a User's Home Directory

One thing that NetInfo can't do for you is create the user's home directory. Mac OS X keeps a skeleton directory under the /System/Library/User Template directory. If you look in this directory, you'll see localized versions of a user's home directory. To copy the localized English version of the home directory, use the ditto command with the rsrc flag to preserve any resource forks that may exist:

     $ sudo ditto --rsrc \       /System/Library/User\ Template/English.lproj /Users/rothman 

Then, use chown to recursively set the ownership of the home directory and all its contents (make sure you set the group to a group of which the user is a member):

     $ sudo chown -R rothman:rothman /Users/rothman 

This change makes the new user the owner of his home directory and all its contents.

5.7.4. Granting Administrative Privileges

To give someone administrative privileges, add that user to the admin group (/groups/admin). This gives him or her the ability to use sudo and run applications (such as software installers) that require such privileges:

     $ sudo dscl . merge /groups/admin users rothman 

If you want this setting to take place immediately, you can run the command sudo lookupd -flushcache to flush any cached credentials.

5.7.5. Modifying a User

You can change a user's properties by using the create command, even if that property already exists. For example, to change rothman's shell to zsh, use:

     $ sudo dscl . -create /users/rothman shell /bin/zsh 

You can also modify most user settings with System Preferences Accounts. If you want to do things the traditional Unix way, Mac OS X includes chsh, chfn, and chpass in Version 10.3 and beyond.


5.7.6. Listing Users with nidump

Use nidump to confirm that rothman was added successfully. To list users with nidump, pass in the format (in this case, the passwd file) and the domain (use . for the local domain):

     $ nidump passwd . | grep rothman     rothman:********:701:701::0:0:Ernest Rothman:/Users/rothman:/bin/zsh 

5.7.7. Deleting a User

To delete a user, use dscl's delete command. Since delete recursively deletes everything under the specified directory, use this command with caution:

     $ sudo dscl . delete /users/rothman 

If you want to also delete that user's home directory, you'll have to do it manually.

Be sure to delete the group you created for this user as well ("rothman" in this example), as shown in "Deleting a Group," earlier in this chapter.


     < Day Day Up > 


    Mac OS X Tiger for Unix Geeks
    Mac OS X Tiger for Unix Geeks
    ISBN: 0596009127
    EAN: 2147483647
    Year: 2006
    Pages: 176

    flylib.com © 2008-2017.
    If you may any questions please contact us: flylib@qtcs.net