The directory services command line (dscl) command can be used to create a group. Here we’re going to use dscl to create a group called Local Admins (or ldadmins for short). First up, create the group:
dscl . create /Groups/ladminsNow give our ladmins group the full name by creating the name key:
dscl . create /Groups/ladmins RealName “Local Admins”Now to give the group a password:
dscl . create /Groups/ladmins passwd “*”Now let’s give the group a Group ID:
dscl . create /Groups/ladmins gid 400That wasn’t so hard, but our group doesn’t have any users.
dscl . create /Groups/ladmins GroupMembership localadminWhy create a group with just one member though… We can’t use the create verb again, with dscl or we’ll overwrite the existing contents of the GroupMembership field, so we’re going to use append instead:
dscl . append /Groups/ladmins GroupMembership 2ndlocaladminIf you use dscl to read the group:
dscl . read /Groups/ladminsYou’ll notice that because it was created through dscl it has a Generated ID of its own. You can easily nest other groups into this one using their Generated IDs as well:
dscl . create /Groups/ladmins GroupMembers 94B6B550-5369-4028-87A8-0ABAB01AE396The “.” that we’ve been using has been interchangeable (in this case) with /Local/Default. Now let’s look at making a little shell script to do a few of the steps to use with imaging, touch a file called createladmins.bash and then give it the following contents:
dscl . create /Groups/ladmins dscl . create /Groups/ladmins RealName “Local Admins” dscl . create /Groups/ladmins passwd “*” dscl . create /Groups/ladmins gid 400 dscl . create /Groups/ladmins GroupMembership localadmin dscl . append /Groups/ladmins GroupMembership 2ndlocaladminIf you then want to hide these admins, check out my cheat sheet here: https://krypted.com//mac-os-x/hiding-admin-users-in-mac-os-x/
The post Create Groups Using dscl appeared first on krypted.