Book HomeMac OS X for Unix GeeksSearch this book

3.7. Managing Groups

NetInfo stores information about groups in its /groups directory. This is different from the /etc/group file, which is consulted only in single-user mode.

To list all of the group IDs (GIDs) and group names for the local domain, invoke nireport with the NetInfo domain (., the local domain), the directory (/groups), and the properties you want to inspect--in this case, gid and name:

% nireport . /groups gid name
-2      nobody
-1      nogroup
0       wheel
1       daemon
2       kmem
3       sys
4       tty
5       operator
6       mail
7       bin
20      staff
25      smmsp
31      guest
45      utmp
66      uucp
68      dialer
69      network
70      www
74      mysql
75      sshd
80      admin
99      unknown
TIP: Although the flat file format is called group (after the /etc/group file), the NetInfo group directory is /groups. If you forget that last s, NetInfo will look for the wrong directory.

3.7.1. Creating a Group with niload

The niload utility can be used to read the flat file format used by /etc/group (name:password:gid:members). To add a new group, you can create a file that adheres to that format, and load it with niload. For ad hoc work, you can use a here document rather than a separate file:

# niload group . <<EOF
? writers:*:1001:
? EOF

Here Documents

A here document is a shell quoting syntax that allows you to send data to standard input as though it had come in from a file. You can use this syntax interactively from the command line or in a shell script. The EOF tag, shown in the previous example, can be any text string. The here document starts with <<STRING and ends when STRING appears on a line by itself. For example, you can sort a bunch of words with here documents. (The ? character is supplied by the shell to let you know it is expecting input.)

% sort <<WORDS
? gamma
? beta
? alpha
? omega
? WORDS
alpha
beta
gamma
omega

3.7.2. Creating a Group with nicl

To create a group with nicl, you'll need to create a directory under /groups and set the gid and passwd properties. If you want a password, it must be encrypted with crypt( ). If you don't want a group password, use an asterisk instead. (Be sure to quote the * so that the shell does not attempt to expand it.) The following creates a group named writers as GID 5005 with no password and no members:

# nicl / create /groups/writers gid 5005
# nicl / create /groups/writers passwd '*'

3.7.3. Adding Users to a Group

You can add users to the group by appending values to the users property with nicl's -merge switch at the command line (or by using the merge command interactively). If the users property does not exist, nicl creates it. If the users are already part of the group, they are not added to the list (contrast this with the -append command, which can result in the same user being added more than once if the command is invoked multiple times).

# nicl / -merge /groups/writers users bjepson rothman
TIP: To give someone administrative privileges, add that user to the admin group (/groups/admin). This gives him or her the ability to use sudo and install software that requires such privileges.

3.7.4. Listing Groups with nidump

Use nidump to confirm that the new group was created correctly. To list groups with nidump, pass in the format (in this case, the group file) and the domain (., the local domain).

% nidump group . | grep writers
writers:*:5005:bjepson,rothman

Because you can use nireport to dump any NetInfo directory, you could also use it to see this information:

% nireport . /groups name passwd gid users | grep writers
writers *       5005    bjepson,rothman

3.7.5. Deleting a Group

To delete a group, use nicl's -delete switch. Be careful with this switch, since it will delete everything in and below the specified NetInfo directory:

# nicl / -delete /groups/writers


Library Navigation Links

Copyright © 2003 O'Reilly & Associates. All rights reserved.