User Management
Overview
Unlike the UNIX approach that relies on /etc/passwd and /etc/shadow files, macOS has its own directory service: DirectoryService (8) (renamed to opendirectoryd(8) as of Lion). The two traditional files are still present, but deprecated. As its name suggests, the daemon is an implementation of the OpenLDAP project.
The directory service maintains the users and groups and also holds many other system configuration settings. Let’s play around with it. To interface with the daemon, OS X supplies a command line utility dscl (8).
How to use
- List users:
$ dscl . list /Users
This is equivalent with:
dscl /Local/Default list /Users
- Get information about a specific user:
$ dscl . -read /Users/`whoami`
[..]
NFSHomeDirectory: /Users/m
Password: ********
Picture:
/Library/User Pictures/Sports/Soccer.png
PrimaryGroupID: 20
RealName: M
RecordName: m
RecordType: dsRecTypeStandard:Users
UniqueID: 501
UserShell: /usr/local/bin/zsh
- Add a new user:
The following script (taken from Mac OS X and iOS Internals: To the Apple’s Core) can be used to create a new user and assign groups, password, home directory, etc.
#!/bin/bash
# Get username, ID and full name field as arguments from command line
USER=$1
ID=$2
FULLNAME=$3
# Create the user node
dscl . -create /Users/$USER
# Set default shell to zsh
dscl . -create /Users/$USER UserShell /bin/zsh
# Set GECOS (full name for finger)
dscl . -create /Users/$USER RealName "$FULLNAME”
dscl . -create /Users/$USER UniqueID $ID
# Assign user to gid of localaccounts
dscl . -create /Users/$USER PrimaryGroupID 61
# Set home dir (∼$USER)
dscl . -create /Users/$USER NFSHomeDirectory /Users/$USER
# Make sure home directory is valid, and owned by the user
mkdir /Users/$USER
chown $USER /Users/$USER
# Optional: Set the password.
dscl . -passwd /Users/$USER "changeme”
# Optional: Add to admin group
dscl . -append /Groups/admin GroupMembership $USER
- Delete existing user:
$ dscl . -search /Users name <username>
$ sudo dscl . -delete "/Users/<username>"