91

I would like to be able to create new users in Mac OS X 10.5 remotely after ssh'ing into the machine. How do I do this?

Chealion
  • 5,713
  • 27
  • 29
JR Lawhorne
  • 1,201
  • 2
  • 11
  • 12
  • 1
    I don't yet have the reputation to answer, but if you're looking for how to do this from `single_user` mode (a security reset) then you'll need to reboot holding down `Command-S`, gain write access to the disk per on-screen details, and then `rm /var/db/.AppleSetupDone` which will let you create a new admin account. Hope this helps someone – New Alexandria Jan 03 '13 at 22:26
  • 1
    Make sure you don't confuse `/Volumes/Macintosh HD/var/db/`.AppleSetupDone with the Boot Recovery volume's `/var/db/` dir. You won't find it in the latter. – Sridhar Sarnobat May 30 '21 at 07:28

6 Answers6

88

Use the dscl command. This example would create the user "luser", like so:

dscl . -create /Users/luser
dscl . -create /Users/luser UserShell /bin/bash
dscl . -create /Users/luser RealName "Lucius Q. User"
dscl . -create /Users/luser UniqueID "1010"
dscl . -create /Users/luser PrimaryGroupID 80
dscl . -create /Users/luser NFSHomeDirectory /Users/luser

You can then use passwd to change the user's password, or use:

dscl . -passwd /Users/luser password

You'll have to create /Users/luser for the user's home directory and change ownership so the user can access it, and be sure that the UniqueID is in fact unique.

This line will add the user to the administrator's group:

dscl . -append /Groups/admin GroupMembership luser
palmer
  • 1,279
  • 9
  • 10
20

(This answer should be considered an addendum to fill in some blanks in palmer's procedure)

To pick an unused UniqueID for you new user, you could use:

maxid=$(dscl . -list /Users UniqueID | awk 'BEGIN { max = 500; } { if ($2 > max) max = $2; } END { print max + 1; }')
newid=$((maxid+1))

...then use the sequence of dscl commands palmer gave to create the account, and then create the new user's home directory with:

cp -R /System/Library/User\ Template/English.lproj /Users/luser
chown -R luser:staff /Users/luser
if [[ "$(sw_vers -productVersion)" != 10.[0-5].* ]]; then
    # Set ACL on Drop Box in 10.6 and later
    chmod +a "user:luser allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown,file_inherit,directory_inherit" /Users/luser/Public/Drop\ Box
fi

(there is a createhomedir command, but it didn't work when I tested it.)

Gordon Davisson
  • 11,036
  • 3
  • 27
  • 33
  • 1
    I created a script that populates our Open Directory Master with new users, and then calls `sudo createhomedir -s` (IIRC) on the Open Directory Replicas / Fileshares, and they happily create the home directories. – Clinton Blackmore Jun 05 '09 at 23:07
  • 2
    `dscl -list` is limited to 256 results, so if you have more than 256 users, this technique will fail to guarantee a unique UID. – smokris Sep 14 '12 at 18:57
  • Little trick to evict 2 additional pipes (use only awk): dscl . -list /Users UniqueID | awk '{ if ($2 > max) max = $2; } END { print max + 1; }' – Valtoni Boaventura Aug 16 '19 at 01:37
  • @ValtoniBoaventura Nice. I incorporated that in by answer (with a default in case there are no regular accounts). I also added a step to set the Drop Box ACL (which was added in 10.6). – Gordon Davisson Aug 16 '19 at 07:27
8

I've leveraged the different answers here to come up with what I think is a nice script to create user accounts. Admittedly, this isn't designed for running a command at a time from ssh; it is moreso designed to be a script run when compiling a package-based image of OS X (as created by Casper Imaging or InstaDMG).

#!/bin/bash
# This script creates a user account under Mac OS X
# (tested with 10.5 and 10.6; likely works with 10.4 but not earlier)
# Written by Clinton Blackmore, based on work at
# http://serverfault.com/questions/20702

# === Typically, this is all you need to edit ===

USERNAME=joeadmin
FULLNAME="Joe Admin"
PASSWORD="hard_to_hack"

# A list of (secondary) groups the user should belong to
# This makes the difference between admin and non-admin users.
# Leave only one uncommented
#SECONDARY_GROUPS=""  # for a non-admin user
SECONDARY_GROUPS="admin _lpadmin _appserveradm _appserverusr" # for an admin user

# ====

if [[ $UID -ne 0 ]]; then echo "Please run $0 as root." && exit 1; fi

# Find out the next available user ID
MAXID=$(dscl . -list /Users UniqueID | awk '{print $2}' | sort -ug | tail -1)
USERID=$((MAXID+1))

# Create the user account
dscl . -create /Users/$USERNAME
dscl . -create /Users/$USERNAME UserShell /bin/bash
dscl . -create /Users/$USERNAME RealName "$FULLNAME"
dscl . -create /Users/$USERNAME UniqueID "$USERID"
dscl . -create /Users/$USERNAME PrimaryGroupID 20
dscl . -create /Users/$USERNAME NFSHomeDirectory /Users/$USERNAME

dscl . -passwd /Users/$USERNAME $PASSWORD


# Add use to any specified groups
for GROUP in $SECONDARY_GROUPS ; do
    dseditgroup -o edit -t user -a $USERNAME $GROUP
done

# Create the home directory
createhomedir -c > /dev/null

echo "Created user #$USERID: $USERNAME ($FULLNAME)"

The script does let you specify which groups a user should belong to. It appears to me that this might differ depending upon the version of OS X you are running. I get different results when I run id as an admin on OS X 10.6 than I do when running as an admin on OS X 10.5.

Clinton Blackmore
  • 3,510
  • 6
  • 35
  • 61
  • In another answer, Elliott warns that the 'createhomedir -c' command, toward the end, will create accounts for all users in the directory you are bound to. (The '-c' option, in the man page, 'creates home directories for local home paths only.') There is another option, '-u username', that may work better. – Clinton Blackmore Sep 21 '10 at 18:52
  • hello i'm using the script above. So it adds my new user but when the user will connect to his calendar it says that he doesn't have the permissions! Can you help me ? –  Jan 24 '11 at 02:50
  • 1
    @jimmy: I'd recommend asking a new question on serverfault and link to this answer rather than just asking a question in the comments, which will be seldom seen. I would expect the permissions to be right. Using 'chown' and 'chmod' can help if you can identify a file that does not have the correct permissions ... but I don't know which one it would be. – Clinton Blackmore Jan 26 '11 at 18:31
  • `dscl -list` is limited to 256 results, so if you have more than 256 users, this technique will fail to guarantee a unique UID. – smokris Sep 14 '12 at 18:58
8

If you have a bunch of users to create, it is possible to create a structured text file and pass it to dsimport to do the job.

Apple's Command-Line Administration Guide has a whole chapter on users and groups.

chb
  • 283
  • 2
  • 12
Clinton Blackmore
  • 3,510
  • 6
  • 35
  • 61
  • Odd. Apple seems to have done away with v10.5 of the document you referred to initially, but [kept v10.3](https://images.apple.com/server/docs/Command_Line.pdf) and a less comprehensive [Snow Leopard version](https://manuals.info.apple.com/MANUALS/1000/MA1173/en_US/IntroCommandLine_v10.6.pdf) – chb Oct 16 '17 at 22:37
  • "Command-Line Administration" link is not available anymore – Arkemlar Jul 25 '22 at 15:26
8

Another way to pick and choose a unique user ID before creating an account is just to look through the list and check that the one you want to use is not there:

 sudo dscl . list /Users uid
 sudo dscl . list groups gid

Handy if you need to use a certain ID

  • `dscl -list` is limited to 256 results, so if you have more than 256 users, this technique will fail to guarantee a unique UID. – smokris Sep 14 '12 at 18:58
  • yup that's the shortest path to add that user right here right now, just `grep` it with the `id` you had in mind to use for the new user – yair Aug 05 '15 at 14:13
4

I started a little wrapper about dscl that takes useradd's parameters - it's not complete (nor do I think it can be, as some things are not possible on OS X), but I used it to do some user creation.

The framework is there for all the parameters, so if you want to take advantage of GitHub's awesome social features, it's easy to do.

Xiong Chiamiov
  • 2,874
  • 2
  • 26
  • 30
  • Running *`# gem install osx-useradd.gemspec`* on OS X 10.5 results in *`ERROR: While executing gem ... (Gem::RemoteSourceException)`* and the second line is *`HTTP Response 301 fetching http://gems.rubyforge.org/yaml`*. –  May 08 '19 at 04:50