Table of contents
Users
Get User List
dscl . list /Users | grep -v "^_"
List existing group
IDs in numerical order
dscl . -list /Groups PrimaryGroupID | awk '{print $2}' | sort -n
List sorted by group name:
dscl . list /Groups PrimaryGroupID
List sorted by group gid
dscl . list /Groups PrimaryGroupID | tr -s ' ' | sort -n -t ' ' -k2,2
List groups with members
dscl . list /Groups GroupMembership
Example a user with uid 501:
dsmemberutil checkmembership -u 501 -g 20
Create the new group ‘newgroup’ and assign it an ID
dscl . -list /groups PrimaryGroupID | awk '{print $2}' | sort -n
sudo dscl . -create /Groups/newgroup
sudo dscl . -create /Groups/newgroup PrimaryGroupID 1000
View the new group
dscl . -read /Groups/newgroup
output
AppleMetaNodeLocation: /Local/Default
GeneratedUID: 423AF02C-F053-41E0-ABCD-33127EF9A9CA
PrimaryGroupID: 1000
RecordName: newgroup
RecordType: dsRecTypeStandard:Groups
Add user to group
sudo dseditgroup -o edit -a john -t user admin
sudo dseditgroup -o edit -a john -t user wheel
Create new user
sudo dscl . -create /Users/newuser
sudo dscl . -create /Users/newuser UserShell /bin/bash
sudo dscl . -create /Users/newuser RealName "New User"
sudo dscl . -create /Users/newuser UniqueID "1000"
sudo dscl . -create /Users/newuser PrimaryGroupID 1000
sudo dscl . -create /Users/username NFSHomeDirectory /Local/Users/username
sudo dscl . -passwd /Users/username password
sudo dscl . -append /Groups/admin GroupMembership username
View the new user
dscl . -read /Users/newuser
output
AppleMetaNodeLocation: /Local/Default
GeneratedUID: 47D6D841-C7F1-4962-9F7E-167E8BFC3A91
PrimaryGroupID: 1000
RealName:
Application
RecordName: newuser
RecordType: dsRecTypeStandard:Users
UniqueID: 1000
UserShell: /usr/bash
Change Password
sudo dscl . -passwd /Users/username password
Root
Enable Root User
Use Directory Utility
Use Spotlight to find and open Directory Utility, or follow these steps:
- From the menu bar in the Finder, choose Go > Go to Folder.
- Type or paste /System/Library/CoreServices/Applications/, then press Return.
- Open Directory Utility from the window that opens.
To enable or disable the root user
In the Directory Utility window, click the lock icon, then enter an administrator name and password.
- To enable the root user, choose Edit > Enable Root User from the menu bar. Then enter the password that you want to
use. You can then log in as the
root user. - To disable the root user, choose Edit > Disable Root User.
To change the root password
In the Directory Utility window, click the lock icon, then enter an administrator name and password. From the menu
bar, choose Edit > Change Root
Password.
Log in as the root user
When the root user is enabled, you have its privileges only while logged in as the root user.
- Choose an Apple menu > Log Out to log out of your current user account.
- At the login window, log in with the username “root” and the password you created for the root user.
- If the login window is a list of users, click Other, then log in.
add user to SUDO
su AdminUser
authentication, and then:
Now, as Adminuser, use the visudo command to edit the sudoers file:
sudo visudo
# Add the following line to the sudoers file:
username ALL = (ALL) ALL
If you want to be able to use sudo without typing a password:
username ALL = (ALL) NOPASSWD:ALL
Groups
get group permissions
dscacheutil -q group -a name wheel
WHEEL:
As previously mentioned, the wheel group has more permissions than any other group. I don't know a quick way to have the system show whether being a member of the wheel group provides ALL the permissions that the root user has, but I can tell you that on my mac, the only member of WHEEL is root.
- SYSTEM:
My installation of macOS Sierra has no group and no user named system.
- ADMIN:
users in this group are:
- STAFF:
members of this group can do most but not all the things unix can do . members of the staff group are:
Root user group
The root user is a member of the following groups (this information is listed as a result of typing this into the
command line: groups root):
- wheel
- daemon
- kmem
- sys
- tty
- operator
- procview
- procmod
- everyone
- staff
- certusers
- localaccounts
- admin
- com.apple.sharepoint.group.2
- _appstore
- _lpadmin
- _lpoperator
- _developer
- com.apple.access_ftp
- com.apple.access_screensharing
- com.apple.access_ssh
- com.apple.sharepoint.group.1
Admin
administrator on a mac, the account setup when the is first setup, is in these groups this information is listed as a
result of typing this into the command line: groups): This basically is the mac owner's account
- staff
- com.apple.sharepoint.group.2
- everyone
- localaccounts
- _appserverusr
- admin
- _appserveradm
- _lpadmin
- _appstore
- _lpoperator
- _developer
- com.apple.access_ftp
- com.apple.access_screensharing
- com.apple.access_ssh
- com.apple.sharepoint.group.1
default admin account is not in these groups that root is in:
- wheel
- daemon
- kmem
- sys
- tty
- operator
- procview
- procmod