OSX chown problems after creating users with dscl

Question

Alright, so I've made a user and a group using dscl as follows:

dscl . -create /Users/deadline
dscl . -create /Groups/deadline
dscl . -append /Groups/deadline GroupMembership deadline

Now I'm trying to chown things like so:

mkdir /tmp/stuff
chown deadline:deadline /tmp/stuff

But the problem is that it sets the user and group to nobody instead of this user 'deadline'. What magic voodoo property do I need to add to the user and group to have it set the unix permissions properly?

Also, why must Apple hate me and my Unix background :(

Answer 1

You created the user record, but didn't give it any settings so it's using defaults.

sudo dscl . -append /Groups/deadline PrimaryGroupID 100
sudo dscl . -append /Users/deadline UniqueID 1000 PrimaryGroupID 100

You might want to look at the output of things like:

dscl . -read /Users/$USER
dscl . -read /Groups/admin

to see what attributes can be set.

Answer 2

Actually, you'd run into more-or-less the same problem on any unix system: you haven't assigned user & group IDs to the new user & group, so there's no way to identify their files. Solution: assign IDs. See this previous question, especially palmer's and my answers; if you put them together, it's a fairly complete process for creating a new user (although it's standard to make new users on OS X have a PrimaryGroupID of 20 [staff] instead of 80 [admin]).

Groups are fairly similar, but their PrimaryGroupID should be uniquely generated (and they don't need UserShell, UniqueID, NFSHomeDirectory, or a password.

Adding users to groups is also a bit more complicated than you're used to. To do it properly, you should both add the user's RecordName to the group's GroupMembership list AND add the user's GeneratedUID to the group's GroupMembers list. Doing this with dscl is a pain, but you can do it easily with:

dseditgroup -o edit -a username -t user groupname

(Note: dseditgroup can also create groups, but I don't think it's particularly easier than dscl.)