3.8. Managing Users and Passwords
The NetInfo equivalent of the passwd file resides under the /users portion of the NetInfo directory. Mac OS X uses /etc/master.passwd for storing encrypted passwords. That master.passwd file is called the shadow password file because it shadows the other, nonsensitive information contained in the /etc/passwd file. Only the root user can read the shadow password file. Nonprivileged users can use the regular passwd file to discover other information, such as a user's full name or home directory.
The /etc/passwd and /etc/master.passwd files are consulted only while the system is in single-user mode, or if the system has been reconfigured to use BSD Configuration Files (see Section 3.3, earlier in this chapter). To add a normal user to your system, you should use System Preferences Accounts. However, if you want to bulk-load NetInfo with many users or create a user while logged in over ssh, you can use nicl or niload.
You can list all users with the nireport utility. Supply the NetInfo domain (., the local domain), the directory (/users), and the properties you want to inspect (uid, name, home, realname, and shell):
% nireport . /users uid name home realname shell -2 nobody /dev/null Unprivileged User /dev/null 0 root /var/root System Administrator /bin/tcsh 1 daemon /var/root System Services /dev/null 99 unknown /dev/null Unknown User /dev/null 70 www /Library/WebServer World Wide Web Server /dev/null
3.8.1. Creating a User with niload
The niload utility understands the flat file format used by /etc/passwd (name:password:uid:gid:class:change:expire:gecos:home_dir:shell). See the passwd(5) manpage for a description of each field. To add a new user, create a file that adheres to that format and load it with niload. You can use a here document rather than a separate file. This example creates a user for Ernest Rothman with a UID of 701 and membership in the staff (GID 20) group:
# niload passwd . <<EOF ? rothman:*:701:20::0:0:Ernest Rothman:/Users/rothman:/bin/tcsh ? EOF
As you can see from this example, we set the password field to *, which disables logins for that account. To set the password, we'll use the passwd command to set it:
# passwd rothman Changing password for rothman. New password: ******** Retype new password: ********
If you niload a user that already exists, that user will not be overwritten or changed in any way. You should delete the user with nicl first (see Section 3.7.5, earlier in this chapter). Before the user can log in, you must create his home directory (see Section 3.8.3, later in this chapter).
3.8.2. Creating a User with nicl
To create a user with nicl, you'll need to create a directory under /users, and set the uid, gid, shell, realname, and home properties. The following code creates the same user shown in the previous section, Section 3.8.1.
# nicl / -create /users/rothman uid 701 # nicl / -create /users/rothman gid 20 # nicl / -create /users/rothman shell /bin/tcsh # nicl / -create /users/rothman home /Users/rothman # nicl / -create /users/rothman realname "Ernest Rothman" # nicl / -create /users/rothman passwd \*
After you create the user, you should set the password as shown in the previous section.
3.8.3. Creating a User's Home Directory
One thing that NetInfo can't do for you is create the user's home directory. Mac OS X keeps a skeleton directory under the /System/Library/User Template directory. If you look in this directory, you'll see localized versions of a user's home directory. To copy the localized English version of the home directory, use the ditto command:
# ditto /System/Library/User\ Template/English.lproj /Users/rothman
Then, use chown to recursively set the ownership of the home directory and all its contents (make sure you set the group to a group of which the user is a member):
# chown -R rothman:staff /Users/rothman
This change makes the new user the owner of his home directory and all its contents.
3.8.4. Modifying a User
# nicl / -delete /users/rothman shell # nicl / -create /users/rothman shell /bin/bash
TIP: You can also modify most user settings with System Preferences Accounts.
3.8.5. Listing Users with nidump
% nidump passwd . | grep rothman rothman:nIhowm2p0BGsE:701:20::0:0:Ernest Rothman:/Users/rothman:/bin/tcsh
3.8.6. Deleting a User
# nicl / -delete /users/rothman
Copyright © 2003 O'Reilly & Associates. All rights reserved.