Table of contents
Users
Get User List
dscl . list /Users | grep -v "^_"
List existing group
IDs in numerical order
dscl . -list /Groups PrimaryGroupID | awk '{print $2}' | sort -nList sorted by group name:
dscl . list /Groups PrimaryGroupIDList sorted by group gid
dscl . list /Groups PrimaryGroupID | tr -s ' ' | sort -n -t ' ' -k2,2List groups with members
dscl . list /Groups GroupMembership
Note: neither dscacheutil nor dscl list members of the group staff other than root. Use dsmemberutil to confirm a member belongs to the group staff.
Example a user with uid 501:
dsmemberutil checkmembership -u 501 -g 20
Create the new group ‘newgroup’ and assign it an ID
One thing you have to take care when choosing a group id is that the id is not already used by another group. In order to list the existing group ids in numerical order, you can do:
dscl . -list /groups PrimaryGroupID | awk '{print $2}' | sort -n
sudo dscl . -create /Groups/newgroup
sudo dscl . -create /Groups/newgroup PrimaryGroupID 1000
View the new group
dscl . -read /Groups/newgroup
output
AppleMetaNodeLocation: /Local/Default
GeneratedUID: 423AF02C-F053-41E0-ABCD-33127EF9A9CA
PrimaryGroupID: 1000
RecordName: newgroup
RecordType: dsRecTypeStandard:Groups
OS X conventionally uses different ID ranges for different types of accounts. Here's the current layout as I understand it: up to 100: Reserved for static system-defined (built in) groups 101 - 199: Used by the OS for dynamically created groups (e.g., share point access groups) 200—?: More static system groups (apparently 100 wasn't enough) 400 - 500: More dynamic system groups 501 and up: Local admin-created groups 1024 and up: Domain-based admin-created groups
Add user to group
sudo dseditgroup -o edit -a john -t user admin
sudo dseditgroup -o edit -a john -t user wheel
Create new user
sudo dscl . -create /Users/newuser
sudo dscl . -create /Users/newuser UserShell /bin/bash
sudo dscl . -create /Users/newuser RealName "New User"
sudo dscl . -create /Users/newuser UniqueID "1000"
sudo dscl . -create /Users/newuser PrimaryGroupID 1000
sudo dscl . -create /Users/username NFSHomeDirectory /Local/Users/username
sudo dscl . -passwd /Users/username password
sudo dscl . -append /Groups/admin GroupMembership username
View the new user
dscl . -read /Users/newuser
output
AppleMetaNodeLocation: /Local/Default
GeneratedUID: 47D6D841-C7F1-4962-9F7E-167E8BFC3A91
PrimaryGroupID: 1000
RealName:
Application
RecordName: newuser
RecordType: dsRecTypeStandard:Users
UniqueID: 1000
UserShell: /usr/bash
Change Password
sudo dscl . -passwd /Users/username password
Root
Enable Root User
Use Directory Utility
Use Spotlight to find and open Directory Utility, or follow these steps:
- From the menu bar in the Finder, choose Go > Go to Folder.
- Type or paste /System/Library/CoreServices/Applications/, then press Return.
- Open Directory Utility from the window that opens.
To enable or disable the root user
In the Directory Utility window, click the lock icon, then enter an administrator name and password.
- To enable the root user, choose Edit > Enable Root User from the menu bar. Then enter the password that you want to use. You can then log in as the
root user. - To disable the root user, choose Edit > Disable Root User.
To change the root password
In the Directory Utility window, click the lock icon, then enter an administrator name and password. From the menu bar, choose Edit > Change Root
Password.
Log in as the root user
When the root user is enabled, you have its privileges only while logged in as the root user.
- Choose an Apple menu > Log Out to log out of your current user account.
- At the login window, log in with the username “root” and the password you created for the root user.
- If the login window is a list of users, click Other, then log in.
add user to SUDO
su AdminUser
authentication, and then:
Now, as Adminuser, use the visudo command to edit the sudoers file:
sudo visudo
# Add the following line to the sudoers file:
username ALL = (ALL) ALL
If you want to be able to use sudo without typing a password:
username ALL = (ALL) NOPASSWD:ALL