Understanding Local Data Stores | Apple Training Series: Mac OS X System Administration Reference, Volume 1

Open Directory in Mac OS X and Mac OS X Server provides system-level support for directory services as well as an extensible plug-in architecture that allows access to different data stores or other directory services. Like any directory service, it provides a standardized way for applications to request and receive information. Open Directory provides access to two local data storesNetInfo and BSD flat files.

NetInfo

The NetInfo database is a repository for administrative information and is the default local data store in Mac OS X. It stores information that was traditionally found in configuration files in UNIX and some Apple-specific information, including the records for local users and groups, mount records, and possibly managed client settings. Some services that run on Mac OS X also use the local NetInfo database to store configuration information. For example, the Internet sharing feature (enabled in System Preferences) stores the Dynamic Host Configuration Protocol (DHCP) subnet information in the local NetInfo database. The NetInfo database is accessed through the netinfod process.

Note

Regardless of how you have configured directory services to search for data, the local NetInfo database is always searched first.

This figure shows how traditional UNIX directory data was stored in several files (on the right) and how Mac OS X stores the data in the local NetInfo database (on the left).

BSD Flat Files

In Mac OS X version 10.2 and later, directory services can also retrieve administrative data from Berkeley System Distribution's version of UNIX (BDS) configuration files, or flat files. This capability enables organizations that already have flat files to use copies of those existing files on Mac OS X computers. BDS flat files can be used alone or in conjunction with other directory services.

Mac OS X v10.2 also allowed you to use any BDS flat files and to customize the mappings of the attributes. Mac OS X v10.3 and later uses a fixed set of flat files. As such, no custom mapping of contents to Mac OS X record types or attributes is allowed.

Because NetInfo and flat files are the only two local data stores, inserting flat files into the directory services data path can be used to show how directory services can access more than one source of administration information. BDS flat files should not be used as a replacement for local directory services; however, in some cases they are used to augment the local NetInfo database by allowing users to log in who are missing from the local NetInfo database.

The following table lists the BDS configuration flat files.

Configuration File	Content
/etc/master.passwd	Users and crypt passwords
/etc/group	Groups
/etc/fstab	NFS mounts
/etc/hosts	Computer names and addresses
/etc/networks	Network names and addresses
/etc/services	TCP/IP service ports and protocols
/etc/protocols	IP protocol names and numbers
/etc/rpcs	ONC RPC servers
/etc/printcap	Printers
/etc/bootparams	Boot parameter settings
/etc/bootp	bootp settings
/etc/aliases	Email aliases and distribution lists
/etc/netgroup	Network groups

You can edit the content of the flat files using any standard text editor.

Locating Standard UNIX Files Containing User and Group Data

To show that the BDS flat files still exist in Mac OS X and Mac OS X Server, follow these steps:

1.	Log in to your computer with the local administrator account.
2.	Open the Terminal application, type sudo s to enter a root shell, and type the local administrator password when prompted.
3.	Type more /etc/master.passwd and press the Return key to view the contents of the file.
4.	If necessary, press the Space bar to move through the file. Every user record in /etc/master.passwd on Mac OS X contains ten attributes, each separated by a colon (:). For example, the following line of code has ten attributes, although other variants of this file may have more or fewer attributes depending on the version of UNIX being used and/or the administrator's prerogative. mysql::74:74::0:0:MySQL Server:/var/empty:/usr/bin/false The first attribute is the short user name (mysql). The second attribute is the account password. An asterisk () indicates no password is set for this user. The third and fourth attributes are the user and primary group IDs, respectively. The fifth attribute should be the account's general classification. (UNIX accounts lack this attribute.) The next two attributes are for the password change time (0) and account expiration time (0). The following attribute is the user's long name (MySQL Server). The next attribute is a pointer to the location of the home folder, if one exists (/var/empty). The final attribute is the default shell, if permitted (/usr/bin/false).
5.	After viewing the /etc/master.passwd file, type more /etc/group to view the contents of the group file.