- Table of Contents
- Copyright
- About the Author
- Acknowledgments
- Tell Us What You Think!
- Introduction
- Part I: Introduction to Mac OS X
- Chapter 1. Mac OS X Component Architecture
- Chapter 2. Installing Mac OS X
- Chapter 3. Mac OS X Basics
- Chapter 4. The Finder: Working with Files and Applications
- Chapter 5. Running Classic Mac OS Applications
- Part II: Inside Mac OS X
- Chapter 6. Native Utilities and Applications
- Chapter 7. Internet Communications
- Chapter 8. Installing Third-Party Applications
- Part III: User-Level OS X Configuration
- Chapter 9. Network Setup
- Chapter 10. Printer and Font Management
- Chapter 11. Additional System Components
- Part IV: Introduction to BSD Applications
- Chapter 12. Introducing the BSD Subsystem
- Chapter 13. Common Unix Shell Commands: File Operations
- Part V: Advanced Command-Line Concepts
- Chapter 14. Advanced Shell Concepts and Commands
- Chapter 15. Command-Line Applications and Application Suites
- Chapter 16. Command-Line Software Installation
- Chapter 17. Troubleshooting Software Installs, and Compiling and Debugging Manually
- Chapter 18. Advanced Unix Shell Use: Configuration and Programming (Shell Scripting)
- Part VI: Server/Network Administration
- Chapter 19. X Window System Applications
- Chapter 20. Command-Line Configuration and Administration
- Chapter 21. AppleScript
- Chapter 22. Perl Scripting and SQL Connectivity
- Chapter 23. File and Resource Sharing with NetInfo
- Chapter 24. User Management and Machine Clustering
- Chapter 25. FTP Serving
- Chapter 26. Remote Access and Administration
- Chapter 27. Web Serving
- Part VII: Server Health
- Chapter 28. Web Programming
- Chapter 29. Creating a Mail Server
- Chapter 30. Accessing and Serving a Windows Network
- Chapter 31. Server Security and Advanced Network Configuration
- Chapter 32. System Maintenance
- Appendix A. Command-Line Reference
- Appendix B. Administration Reference
Skeleton User Accounts
If you're going to have any significant number of users on your machine (or machines), you'll soon find that being able to provide a more customized environment than what comes out of the system Users control pane by default, is a benefit.
Apple has provided a convenient method for you to perform some customization of accounts as created by the Users control pane.This is the inclusion of a UserTemplate directory, from which the accounts made by the pane are created by duplication. The family of UserTemplate directories, individualized by locale, are kept in /System/Library/UserTemplate. This system works for simple configuration settings that you might like to configure for each newly created user, but it has some limitations if you'd like to work with more complex setups. The largest of these is that if you're trying to set up complicated startup scripts, and sophisticated environment settings, it's nice to be able to log in for testing and tweaking.
The easiest way to do this is to create a skeleton user account as a real user account, and to keep it up to date with any environmental customizations that you want to provide for new users when you create accounts. If you create the skeleton user as simply another user account, you can log in to it and then conveniently tweak its settings. Using this method, you can create as many skeleton accounts as you need for different collections of settings.
Even if you prefer to use the Users control pane, the creation of skeleton users as real users on the system can be useful for you. You can configure skeleton users that you can log in as for testing, and then populate the /System/Library/UserTemplate directories as required for customizing the configuration of users under the Users pane.
As covered in Chapter 12, "Introducing the BSD Subsystem," every user's shell environment is configured by the .login and .cshrc (presuming you're using the tcsh or csh shell) scripts in the user's home directory. You might also want to provide a more customized starter Web page or assorted bits of default data.
After you configure an account in the fashion you'd like your new users to have, the hard part is done. It would be nice to have a way to use this account directly from the Users pane as the seed for new accounts as they are created but, unfortunately, we aren't yet so lucky. Instead, you have two options for how to use the starter account information. First, you can create a new user through the Users control pane. After the account is created, you can replace the user's home directory (that the Users control pane created) with a copy of the skeleton account home directory.
Your other option is to create a new user by duplicating an existing user node from the NetInfo hierarchy, making a copy of the skeleton account home directory for the new user's home directory, and then editing the copy of the NetInfo entry for the new user to reflect the correct information for that user.
The first option is probably easier, but the second has the benefit of being able to be done from the command line with nidump and niload.
For the rest of the discussion, it will be assumed that you've created a skeleton account in which you have made any customizations that you want to install for all new users. The account UID will be assumed to be 5002, with a home directory of /Users/skel and a GID of 20.
To implement the first method of providing local customization for a new user, follow these steps:
- Create the new user with the Users control pane. Make any necessary changes to the user's configuration, such as the default GID, as shown in the previous chapter.
- Become root (su, provide password).
- Change directories to the skeleton user's directory (cd ~skel).
- Tar the contents of the current directory, using the option to place the output on STDOUT (tar -cf - .) and then pipe the output of tar into a subshell. In the subshell, cd to the new user's directory, and untar from STDIN (| ( cd ~ <newusername> ; tar -xf - ) ).
- Change directories to one level above the new user's directory (cd ~ <newusername> ; cd ../).
- Change the ownership of everything in the new user's directory to belong to the new user and, potentially, to the user's default group if it's not the same as the skel account default group (chown -R <newusername> : <newusergroup> <newuserdirector y name> ). We'll cover the complete documentation for chown at the end of this chapter.
For example, if you've just created a new user named jim, assigned to the group users with the Users control pane, and want to put the skel account configuration into jim's home directory, you would enter the following:
su (provide password) cd ~skel tar -cf - . | ( cd ~jim ; tar -xf - ) cd ~jim cd ../ chown -R jim:users jim
If you'd rather create new users from the command line, either because you can't access the physical console conveniently or because you want to use what you know about shell scripting to automate the process, you can use the second method suggested earlier. You might find this method more convenient for creating users in a NetInfo domain other than loca l host/local. The Users control pane in the non-server version of OS X seems incapable of creating users in other NetInfo domains, and this makes using it for managing cluster users difficult.
To implement the second method, follow these steps:
- Become root (su, give password).
- Change directories to the directory in which you'd like to place the new user's home directory (cd /Users, for example).
- Make a directory with the short name of the user you're about to create (mkdir <n e wusername> to create a directory for a new user named <newusername> ).
- Change directories to the home directory of the skel account (cd ~skel).
- Tar the contents of the current directory, and use the option to place the output on STDOUT (tar -cf - .)
- Pipe the output of the tar command into a subshell. In the subshell, cd to the new user's directory, and untar from STDIN (| ( cd <pathtonewuserd i rectory> ; tar -xf - ). Note that you can't use ~ <newusername> because <newusername> doesn't actually exist on the system yet.)
- Dump your skel account (UID 5002 here, remember) NetInfo entry, or some other user's entry, into a file that you can edit (nidump -r /name=users/uid=5002 -t localhost/local > ~/ <sometempfile> ).
- Edit ~/ <sometempfile> , changing the entries so that they are appropriate for the new user you want to create. You'll want to change at least _writers_passwd, uid, _writers_hint, gid, realname, name, passwd, and home. It's probably easiest to leave passwd blank for now.
- Use niutil to create a new directory for the uid that you've picked for the new user (niutil -p -create -t localhost/local/name=users/uid= <newuserUID> , give the root password when asked).
- Use niload to load the data you modified in ~/ <sometempfile> back into the NetInfo database (cat ~/ <sometempfile> | niload -p -r/name=users/uid=<newuserUID> -t localhost/local).
- Set the password for the new user (passwd <newusername> ;). Provide a beginning password—another BSD utility documented at the end of this chapter.
- Change back to the directory above the new user's home directory (cd ~ <newusername> ; cd ../).
- Change the ownership of the new user's directory to the new user's <username> and <defaultgroup> (chown -R <username> : <usergroup> <newuserd i rectory> ).
If you've made a mistake somewhere along the way, just restore your NetInfo database from the backup that you made before you started this. You also might need to find the nibindd process, and send it a HUP signal (\ps -auxww | grep "nibindd"; kill -HUP <whatever PID belongs to nibindd> ).
To produce results similar to those from the first method earlier, the following example will create a new user with the username of james, UID 600, GID 70, with home directory /Users/james. This again assumes the skel account with UID 5002 and characteristics as described earlier.
su (provide the password)
cd /Users
mkdir james
cd ~skel
tar -cf - . | ( cd /Users/james ; tar -xf - )
nidump -r /name=users/uid=5002 -t localhost/local > ~/skeltemp
vi ~/skeltemp and change the contents from
{
"_shadow_passwd" = ( "" );
"_writers_passwd" = ( "skel" );
"hint" = ( "" );
"uid" = ( "5002" );
"_writers_hint" = ( "skel" );
"gid" = ( "20" );
"realname" = ( "Skeleton Account" );
"name" = ( "skel" );
"passwd" = ( "*" );
"home" = ( "/Users/skel" );
"shell" = ( "/bin/tcsh" );
"sharedDir" = ( "Public" );
}
to
{
"_shadow_passwd" = ( "" );
"_writers_passwd" = ( "james" );
"hint" = ( "" );
"uid" = ( "600" );
"_writers_hint" = ( "james" );
"gid" = ( "70" );
"realname" = ( "James the friendly Giant" );
"name" = ( "james" );
"passwd" = ( "" );
"home" = ( "/Users/james" );
"shell" = ( "/bin/tcsh" );
"sharedDir" = ( "Public" );
}
niutil -p -create -t localhost/local /name=users/uid=600 (give the root
password when asked)
cat ~/skeltemp | niload -p -r /name=users/uid=600 -t localhost/local
(give the root password when asked)
passwd james (fill in a good starting value)
cd ~james
cd ../
chown -R james:www james (GID 70 is group www on this machine)
Just to make sure that your user has been created as you think it should have been, you can use niutil to list the /users NetInfo directory:
[localhost:/Users/ray] root# niutil -list -t localhost/local /users
2 nobody
3 root
4 daemon
5 unknown
6 www
154 joray
166 miwa
161 ray
163 software
171 nomad
173 ftp
174 marvin
175 skel
177 bin
179 betty
181 ralph
184 james
As shown, james does now exist in the NetInfo /users directory, although this listing shows only the NetInfo node numbers, rather than the users and property values. To see whether james has the properties intended, you can use niutil to read the info from the node named james:
[localhost:/Users/ray] root# niutil -read -t localhost/local /users/james
shadow_passwd:
writers_passwd: james
hint:
uid: 600
writers_hint: james
gid: 70
realname: James the friendly Giant
name: james
passwd:
home: /Users/james
shell: /bin/tcsh
sharedDir: Public
Multiple Users and Multiple Machines: Creating Clusters | Next Section
Account Sign In
View your cart