To begin seeing how to work with NetInfo, here's a straightforward script that allows you to easily interface with the NetInfo database through the nireport utility.
#!/bin/sh # listmacusers - Simple script to list users in the Mac OS X NetInfo database. # Note that Mac OS X also has an /etc/passwd file, but that's # used only during the initial stages of boot time and for # recovery bootups. Otherwise, all data is in the NetInfo db. fields="" while getopts "Aahnprsu" opt ; do case $opt in A ) fields="uid passwd name realname home shell" ;; a ) fields="uid name realname home shell" ;; h ) fields="$fields home" ;; n ) fields="$fields name" ;; p ) fields="$fields passwd" ;; r ) fields="$fields realname" ;; s ) fields="$fields shell" ;; u ) fields="$fields uid" ;; ? ) cat << EOF >&2 Usage:#!/bin/sh # listmacusers - Simple script to list users in the Mac OS X NetInfo database. # Note that Mac OS X also has an /etc/passwd file, but that's # used only during the initial stages of boot time and for # recovery bootups. Otherwise, all data is in the NetInfo db. fields="" while getopts "Aahnprsu" opt ; do case $opt in A ) fields="uid passwd name realname home shell" ;; a ) fields="uid name realname home shell" ;; h ) fields="$fields home" ;; n ) fields="$fields name " ;; p ) fields="$fields passwd" ;; r ) fields="$fields realname" ;; s ) fields="$fields shell" ;; u ) fields="$fields uid" ;; ? ) cat << EOF >&2 Usage: $0 [Aahnprsu] Where: -A output all known NetInfo user fields -a output only the interesting user fields -h show home directories of accounts -n show account names -p passwd (encrypted) -r show realname/ fullname values -s show login shell -u uid EOF exit 1 esac done exec nireport . /users ${fields:=uid name realname home shell}[Aahnprsu] Where: -A output all known NetInfo user fields -a output only the interesting user fields -h show home directories of accounts -n show account names -p passwd (encrypted) -r show realname/fullname values -s show login shell -u uid EOF exit 1 esac done exec nireport . /users ${fields:=uid name realname home shell}
Almost this entire script is involved in building the variable fields , which starts out blank. The nireport utility allows you to specify the names of the fields you'd like to see, and so, for example, if the user specifies -a for all interesting fields, nireport actually is fed
fields="uid name realname home shell"
This is a clear, straightforward script that should be quite easily understood .
The listmacusers script accepts quite a few different command arguments, as shown in the usage message. You can specify exact fields and field order by using hnprsu , or you can list all fields except the encrypted password field with -a or force everything to be listed with -A . Without any arguments, the default behavior is to show all interesting user fields ( -a ).
First off, let's specify that we want to see the user ID, login name, real name, and login shell for every account in the NetInfo database:
$ listmacusers -u -n -r -s -2 nobody Unprivileged User /dev/null 0 root System Administrator /bin/tcsh 1 daemon System Services /dev/null 99 unknown Unknown User /dev/null 25 smmsp Sendmail User /dev/null 70 www World Wide Web Server /dev/null 74 mysql MySQL Server /dev/null 75 sshd sshd Privilege separation /dev/null 505 test3 Mr. Test Three /bin/tcsh 501 taylor Dave Taylor /bin/bash 502 badguy Test Account /bin/tcsh 503 test /bin/tcsh 506 tintin Tintin, Boy Reporter /bin/tcsh 507 gary Gary Gary /bin/bash
Notice that it shows many of the administrative accounts (basically everything with a login shell of /dev/null ). If we want to see only login accounts, we'll want to screen out the /dev/null shells :
$ listmacusers -u -n -r -s grep -v /dev/null 0 root System Administrator /bin/tcsh 505 test3 Mr. Test Three /bin/tcsh 501 taylor Dave Taylor /bin/bash 502 badguy Test Account /bin/tcsh 503 test /bin/tcsh 506 tintin Tintin, Boy Reporter /bin/tcsh 507 gary Gary Gary /bin/bash
The badguy account isn't supposed to be there! To find out what's going on there, and to modify NetInfo entries, it's wise to use the Apple-supplied NetInfo Manager application, which can be found in Applications/Utilities or launched from the command line with the command
open -a "NetInfo Manager"