Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Create a new user via the Terminal UNIX
Here are the steps required to create a user in the terminal on a Mac OS X machine. First you need to know the current users, and their user IDs. Open the terminal and type:
nireport / /users name uid | grep "5[0123456789][0123456789]"
This should report all users that are in the 500+ range for the user ID. User accounts generally start at 501, and work up, so look at the list returned, and pick the next available number to assign to the new user you are creating. You will use it in place of the uid 555 below.

The first line here will create the user, but then you need to assign it some properties. The user I am creating here has a shortname of "ftpuser". Feel free to substitute the shortname of your choice. Remember you can't reuse a shortname, so if there is already a user called "ftpuser", you need to pick something else. The home directory can really be anywhere, but we are using the standard location in this example. By assigning the /dev/null shell, we are preventing the user from logging in via SSH. The Mac OS X default shell is /bin/tcsh. There are other properties you can assign a user, but these are the basic ones that you should use.
sudo niutil -create / /users/ftpuser
sudo niutil -createprop / /users/ftpuser uid 555
sudo niutil -createprop / /users/ftpuser realname "FTP User"
sudo niutil -createprop / /users/ftpuser home "/Users/ftpuser"
sudo niutil -createprop / /users/ftpuser shell "/dev/null"
sudo niutil -createprop / /users/ftpuser gid 20
sudo niutil -createprop / /users/ftpuser passwd "*" 
sudo passwd ftpuser
Then you will be prompted to enter the password you want to create for the new user. Optionally you can skip this step, and the account is created, but logins are disabled until the password has a value assigned.

The last step is to create the user's home directory. You could simply create the directory and give the user ownership of it, or use the lines below to copy the standard Mac OS X user template. This will create the standard set of directories and files for the new user.
sudo cp -R /System/Library/User\ Template/English.lproj /Users/ftpuser
sudo chown -R ftpuser:staff /Users/ftpuser
This is basically what happens when you use the Accounts Preference Pane to create an account. Optionally you could SSH to another machine and create accounts.
    •    
  • Currently 2.60 / 5
  You rated: 1 / 5 (10 votes cast)
 
[126,556 views]  

Create a new user via the Terminal | 19 comments | Create New Account
Click here to return to the 'Create a new user via the Terminal' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
AddUser Shell Script
Authored by: luhmann on Jun 05, '03 10:48:04AM

Here is an excellent shell script that helps automate the process:

http://testuser.eshirazi.com/adduser/

You must make the script executable before running. There are some examples about how to use the script here:

http://www.macfora.com/forums/showthread.php?s=&threadid=9697



[ Reply to This | # ]
a minor improvement to the grep
Authored by: mosch on Jun 05, '03 11:13:10AM
the grep can be done more succintly as nireport / /users name uid | egrep "5[0-9]{2}"

[ Reply to This | # ]
Who are these users??
Authored by: GCmagic on Jun 05, '03 12:43:12PM

I tried the command and this list returned (in addition to my known users). Are these 200+ range users embedded in the system or should I start worrying about a security issue?

news 250
pgsql 252
games 253
canna 254
postfix 255
tomcat 257
jabber 258



[ Reply to This | # ]
Who are these users??
Authored by: macubergeek on Jun 05, '03 01:42:01PM

nah these are just user accounts that those applicatins need to run.. Typically in unix, for security purposes, you run a server like mysqld as an unpriveleged user mysql. That way if badguy tries to buffer overflow mysql all they get is the priveleges that user mysql had, maybe no shell if that user had no shell.



[ Reply to This | # ]
What I'd like...
Authored by: phillymjs on Jun 05, '03 02:12:07PM

...is a script or GUI utility that does "create new user based on existing user."

Right now I use a dummy account when doing system builds, then I go into NetInfo Manager and change names and file paths in the dummy account as needed, to approximate that sort of function. It's kind of a pain.

Anyone know a way to do this?

What would be even cooler, though, would be if that functionality was made into an option in Carbon Copy Cloner. :-)

~Philly



[ Reply to This | # ]
Defalt User Template
Authored by: matx666 on Jun 05, '03 03:45:25PM

Not sure if this helps you, but for my "build" purposes I need additional accounts created to keep serials and authorizations of apps i install as admin in an admin account. The way to do this is to populate the Default User Template with the prefs and files which keep those SNs. some apps serialize themselves, but others like QT Pro and DVDSP and many others do not and do it by user (lame!)... so look in /System/Library/User\ Template/English.lproj for some answers.

-x



[ Reply to This | # ]
Create a new user via the Terminal
Authored by: ssevenup on Jun 05, '03 02:47:15PM

I have been refining my adduser script for many months. It has some elements that are specific to my organization. In general this becomes a much more complicated process than it would first appear. Some things to consider about advantages of this method for adding user accounts...

Apple's GUI does not preserve resource forks when populating the home directory. If you need to customize your builds like we do, this can be a deal breaker. My script uses CpMac (part of Dev tools) to overcome this shortcoming.

Apple's GUI does not allow you to specify a UID or alternate home directory.

I'm not sure if using the tools with OSX Server solve either of these issues, but we don't run a server so it was not important for me to know anyway.

Another thing to consider about command line management of user accounts is the add/remove process for groups. I had to add a lot of logic to search the Netinfo database for duplications. I also needed cleanup code so you don't wind up with users left in the database after they have been removed. or, more importantly, left in one group, but not another.

No script I have found so far (not even mine) has addressed the creation of the config file in /private/etc/httpd/users. The GUI handles this, but none of the scripts do. I plan to work on this eventually. There may be other things the GUI does too that are not obvious.

It's a can of worms, but for many it's one worth opening.

--MM

---
Mark Moorcroft
ELORET Corp. - NASA/Ames RC
Sys. Admin.



[ Reply to This | # ]
Create a new user via the Terminal
Authored by: Gigacorpse on Jun 05, '03 08:31:54PM

Wouldn't Ditto have worked? It has a switch to keep the Resource Forks of files.



[ Reply to This | # ]
Create a new user via the Terminal
Authored by: matsur on Jun 05, '03 06:33:57PM
Instead of /dev/null, I would use /usr/bin/false as a no shell user's shell. More secure IMO.

[ Reply to This | # ]
Create a new user via the Terminal
Authored by: GaelicWizard on Jun 06, '03 03:07:29AM
Try /sbin/nologin it is designed for this purpose.

---
Pell

[ Reply to This | # ]

Create a new user via the Terminal
Authored by: zacht on Jun 05, '03 09:58:08PM
I think the users you list there are mostly (all?) added by Fink, or at least by certain packages that Fink installs. I tried googling for a page with a nice clear explanation of this but couldn't find one in under five minutes.

One thing I found was at http://homepage.mac.com/pinus/fink.html. This is a page with a lot of Japanese (I think) characters, but about a third of the way down the page is a transcript of a session of installing "The GIMP" with Fink, and it mentions pretty much the same list of users.

[ Reply to This | # ]

Create a new user via the Terminal
Authored by: kirkmc on Jun 06, '03 05:33:59AM

See below for a script that does a whole lot more:

http://cocoa.mamasam.com/MACOSXDEV/2002/12/1/51614.php

Kirk



[ Reply to This | # ]
Create a new user via the Terminal
Authored by: kirkmc on Jun 06, '03 07:56:32AM

There's a problem with the Home directory creation part of this tip. If you try it, you'll find that, first of all, the user's directory gives no read rights to others. It should do this, so others can access their public folder. Second, it doesn't copy all the directories in English.lproj.

The correct procedure is the following:

% sudo ditto /System/Library/User\ Template/English.lproj /Users/newuser

% sudo chown -R newuser:staff /Users/newuser

Kirk



[ Reply to This | # ]
Create a new user via the Terminal
Authored by: geordie on Jun 06, '03 11:03:55AM

Using "/usr/sbin/createhomedir -u username" is easier than creating the home directory manually. Actually I just usually do createhomedir -a after creating all the users accounts.



[ Reply to This | # ]
ftp but not ssh
Authored by: buggsinor on Jun 10, '03 01:30:07AM

when i set /dev/null or /sbin/nologin the user can no longer ftp to the server. I want a way to keep them from using ssh but allowing them to ftp. How do I do this?



[ Reply to This | # ]
ftp but not ssh
Authored by: lems1 on Jun 10, '03 12:43:38PM

That's part of your ftp server. There is an option that allows users without shell access to access your ftp server. I'm not sure what ftp server MacOS X ships by default (sftp is good enough for my users).
Hope that helps.


P.S. I'm not sure if proftpd has been ported to MacOS X, but I'm sure that there is somebody somewhere who is doing just that... Proftpd allows you to do what you are requesting with a simple "Allow..." clause in your configuration file.



[ Reply to This | # ]
Create a new user via the Terminal
Authored by: Kid-EZ on Jul 31, '03 08:26:59AM
This tip is not working at all for me.
it could be usefull to add that to add to your local NetInfo database you should use:

sudo niutil -create /local@ip adres /users/foo

However when I check the above Terminal commands in NetInfo Manager I also get to see the newly created user, none of the extra attributes.
It doesn't give error messages in the Terminal.

After:
niutil -create /local@192.168.1.173 /users/flip passwd \"*\"

the terminal states:

niutil: No match.

What now?

I've used some helpfull info from: http://www.bresink.de/osx/DocsNFSManager/index.html

[ Reply to This | # ]
Create a new user via the Terminal
Authored by: Hes Nikke on May 27, '04 01:39:31AM

yeah, i know it's been almost a year, but heres your answer:

the * is being parsed as "any series of characters" if you replace the * with a [code]\*[/code] it'll be quite happy to work.

---
vacuums do not suck. they merely provide an absence that allows other objects to take the place of what becomes absent.



[ Reply to This | # ]
Create a new user via the Terminal
Authored by: richo123 on Sep 18, '09 05:02:54AM

What permissions will it have?



[ Reply to This | # ]