Use dseditgroup to allow users access to services (ssh, screen sharing, and more)

Oct 15, '13 06:00:00AM

Contributed by: MacManager

Want to add a user to a specific group using the command line? dseditgroup is your friend! Add users, or groups, to a group you create or system groups which control access to services.

Make sure to insert your local admin's short name (localadmin) and the user (username) or group (groupname) you're trying to add.

Remote Login (SSH)
User: dseditgroup -o edit -n /Local/Default -u localadmin -p -a username -t user com.apple.access_ssh
Group: dseditgroup -o edit -n /Local/Default -u localadmin -p -a groupname -t group com.apple.access_ssh

Screen Sharing
User: dseditgroup -o edit -n /Local/Default -u localadmin -p -a username -t user com.apple.access_screensharing
Group: dseditgroup -o edit -n /Local/Default -u localadmin -p -a groupname -t group com.apple.access_screensharing

Print Administrators
User: dseditgroup -o edit -n /Local/Default -u localadmin -p -a username -t user _lpadmin
Group: dseditgroup -o edit -n /Local/Default -u localadmin -p -a groupname -t group _lpadmin

Explanation:
-o specifies the operation (edit in this case)
-n specifies the domain (another example is /LDAPv3/127.0.0.1 on an ODM)
-u is the admin user to authenticate with (use diradmin for network domains)
-p tells it to prompt for a password
-a tells it to add a user or group
-t specifies the type, user or group

Comments (0)


Mac OS X Hints
http://hints.macworld.com/article.php?story=20131008155803807