home | O'Reilly's CD bookshelfs | FreeBSD | Linux | Cisco | Cisco Exam  

Book HomeMac OS X for Unix GeeksSearch this book
PreviousNext

3.8. Managing Users and Passwords

The NetInfo equivalent of the passwd file resides under the /users portion of the NetInfo directory. Mac OS X uses /etc/master.passwd for storing encrypted passwords. That master.passwd file is called the shadow password file because it shadows the other, nonsensitive information contained in the /etc/passwd file. Only the root user can read the shadow password file. Nonprivileged users can use the regular passwd file to discover other information, such as a user's full name or home directory.

The /etc/passwd and /etc/master.passwd files are consulted only while the system is in single-user mode, or if the system has been reconfigured to use BSD Configuration Files (see Section 3.3, earlier in this chapter). To add a normal user to your system, you should use System Preferences Figure Accounts. However, if you want to bulk-load NetInfo with many users or create a user while logged in over ssh, you can use nicl or niload.

You can list all users with the nireport utility. Supply the NetInfo domain (., the local domain), the directory (/users), and the properties you want to inspect (uid, name, home, realname, and shell): 

% nireport . /users uid name home realname shell
-2      nobody  /dev/null           Unprivileged User       /dev/null
0       root    /var/root           System Administrator    /bin/tcsh
1       daemon  /var/root           System Services         /dev/null
99      unknown /dev/null           Unknown User            /dev/null
70      www     /Library/WebServer  World Wide Web Server   /dev/null

3.8.1. Creating a User with niload

The niload utility understands the flat file format used by /etc/passwd (name:password:uid:gid:class:change:expire:gecos:home_dir:shell). See the passwd(5) manpage for a description of each field. To add a new user, create a file that adheres to that format and load it with niload. You can use a here document rather than a separate file. This example creates a user for Ernest Rothman with a UID of 701 and membership in the staff (GID 20) group: 

# niload passwd . <<EOF
? rothman:*:701:20::0:0:Ernest Rothman:/Users/rothman:/bin/tcsh
? EOF

As you can see from this example, we set the password field to *, which disables logins for that account. To set the password, we'll use the passwd command to set it: 

# passwd rothman
Changing password for rothman.
New password: ********
Retype new password: ********

If you niload a user that already exists, that user will not be overwritten or changed in any way. You should delete the user with nicl first (see Section 3.7.5, earlier in this chapter). Before the user can log in, you must create his home directory (see Section 3.8.3, later in this chapter).

3.8.2. Creating a User with nicl

To create a user with nicl, you'll need to create a directory under /users, and set the uid, gid, shell, realname, and home properties. The following code creates the same user shown in the previous section, Section 3.8.1. 

# nicl / -create /users/rothman uid 701
# nicl / -create /users/rothman gid 20
# nicl / -create /users/rothman shell /bin/tcsh
# nicl / -create /users/rothman home /Users/rothman
# nicl / -create /users/rothman realname "Ernest Rothman"
# nicl / -create /users/rothman passwd \*

After you create the user, you should set the password as shown in the previous section.

3.8.3. Creating a User's Home Directory

One thing that NetInfo can't do for you is create the user's home directory. Mac OS X keeps a skeleton directory under the /System/Library/User Template directory. If you look in this directory, you'll see localized versions of a user's home directory. To copy the localized English version of the home directory, use the ditto command: 

# ditto /System/Library/User\ Template/English.lproj /Users/rothman

Then, use chown to recursively set the ownership of the home directory and all its contents (make sure you set the group to a group of which the user is a member): 

# chown -R rothman:staff /Users/rothman

This change makes the new user the owner of his home directory and all its contents.

3.8.4. Modifying a User

You can change a user's properties by deleting a property with -delete and adding it again with -create. For example, to change rothman's shell to bash, use: 

# nicl / -delete /users/rothman shell
# nicl / -create /users/rothman shell /bin/bash
TIP: You can also modify most user settings with System Preferences Figure Accounts.

3.8.5. Listing Users with nidump

Use nidump to confirm that rothman was added successfully. To list users with nidump, pass in the format (in this case, the passwd file) and the domain (use . for the local domain): 

% nidump passwd . | grep rothman
rothman:nIhowm2p0BGsE:701:20::0:0:Ernest Rothman:/Users/rothman:/bin/tcsh

3.8.6. Deleting a User

To delete a user, use nicl's -delete switch. Since -delete recursively deletes everything under the specified directory, use this option with caution: 

# nicl / -delete /users/rothman

If you want to also delete that user's home directory, you will have to do it manually, using rm -r.

PreviousHomeNext
3.7. Managing GroupsBook Index3.9. Managing Hostnames and IP Addresses
Library Navigation Links

Copyright © 2003 O'Reilly & Associates. All rights reserved.