Directory Services stores information about groups in its /groups directory. This is different from the /etc/ group file, which is consulted only in single- user mode.
To list all of the group IDs (GIDs) and group names for the local domain, invoke nireport with the NetInfo domain ( . , the local domain), the directory ( /groups ), and the properties you want to inspectin this case, gid and name :
$ nireport . /groups gid name -2 nobody -1 nogroup 0 wheel 1 daemon 2 kmem 3 sys 4 tty 5 operator 6 mail 7 bin 20 staff 26 lp 27 postfix 28 postdrop 29 certusers 45 utmp 66 uucp 68 dialer 69 network 70 www 74 mysql [... and so on ...]
|
The niload utility can be used to read the flat file format used by /etc/group ( name:password:gid: members ). To add a new group, you can create a file that adheres to that format, and load it with niload . For ad hoc work, you can use a here document (an expression that functions as a quoted string, but spans multiple lines) rather than a separate file:
$ sudo niload group . <<EOF > writers:*:1001: > EOF
To create a group with dscl , you'll need to create a directory under /groups and set the gid and passwd properties. An asterisk ( * ) specifies no password; be sure to quote it so that the shell does not attempt to expand it. The following creates a group named writers as GID 5005 with no password and no members:
$ sudo dscl . create /groups/writers gid 5005 $ sudo dscl . create /groups/writers passwd '*'
You can add users to the group by appending values to the users property with dscl 's merge command at the command line (or by using the merge command interactively; start dscl in interactive mode with sudo dscl . ). If the users property does not exist, dscl creates it. If the users are already part of the group, they are not added to the list (contrast this with the -append command, which can result in the same user being added more than once if the command is invoked multiple times):
$ sudo dscl . merge /groups/writers users bjepson rothman
Use nidump to confirm that the new group was created correctly. To list groups with nidump , pass in the format (in this case, the group file) and the domain ( . , the local domain):
$ nidump group . grep writers writers:*:5005:bjepson,rothman
Because you can use nireport to dump any directory, you could also use it to see this information:
$ nireport . /groups name passwd gid users grep writers writers * 5005 bjepson,rothman
To delete a group, use dscl 's delete command. Be careful with this command, since it deletes everything in and below the specified NetInfo directory:
$ sudo dscl . delete /groups/writers