Mac OS X里添加用户及Open Directory和NetInfo的使用

Open Directory and the dscl Tool

http://developer.apple.com/documentation/Porting/Conceptual/PortingUnix/additionalfeatures/chapter_10_section_9.html

Open Directory is the built-in Mac OS X directory system that system and application processes can use to store and find administrative information about resources and users. Open Directory includes components such as OpenLDAP and Kerberos for providing local and remote authentication.

By default, each Mac OS X computer runs client and server processes, but the server only serves to the local client. You can also bind client computers to servers other than the local server over a number of protocols including LDAP. Information is then accessed in a hierarchical scheme. In such a scheme, each client computer accesses the union of the information provided first by its local server and then by any higher-level servers it is bound to.

NetInfo is the default way that Mac OS X stores user and some network information. When a user is added, the system automatically adds their information to the local NetInfo database using Open Directory. Traditional tools such as adduser do not work as you might expect. You can add users in several ways:

• Through the Users pane of System Preferences

• Through /Applications/Utilities/NetInfo Manager

• From the command line (see "Example: Adding a User From the Command Line")

You can find more information on NetInfo in netinfo(5) and lookupd(8). Understanding and Using NetInfo gives a broad overview, while netinfo(3), netinfo(5), nidump(8), nicl(8), nifind(1), niload(8), niutil(1), and nireport(1) round out details of implementation. In general, however, direct use of NetInfo is discouraged. You should use Directory Service functionality instead.

You can find more information on Directory Service in Open Directory Programming Guide , Mac OS X Server Open Directory Administration, and the manual pages DirectoryService(8), dscl(1), dsconfigldap(1), dsexport(1), dsimport(1) , and dsperfmonitor(1).

Example: Adding a User From the Command Line

This section shows a simple example of using the Directory Service command-line tool, dscl(1), to add a user to the system. The example specifies some of the properties that you would normally associate with any user.

Note: These commands must be run as the root user. If you are executing them from the command line manually, you should do this with sudo(8). If you are using them in a script, you should use sudo when running the script.

1. Create a new entry in the local (/) domain under the category /users.

   dscl / -create /Users/portingunix

2. Create and set the shell property to bash.

   dscl / -create /Users/portingunix UserShell /bin/bash

3. Create and set the user's full name.

   dscl / -create /Users/portingunix RealName "Porting Unix Applications To Mac OS X"

4. Create and set the user's ID.

   dscl / -create /Users/portingunix UniqueID 503

5. Create and set the user's group ID property.

   dscl / -create /Users/portingunix PrimaryGroupID 1000

6. Create and set the user home directory. (Despite the name NFSHomeDirectory, this is the local path to the home directory.)

   dscl / -create /Users/portingunix NFSHomeDirectory /Local/Users/portingunix

7. Set the password.

   dscl / -passwd /Users/portingunix PASSWORD

   or

   passwd portingunix

8. To make that user useful, you might want to add them to the admin group.

   dscl / -append /Groups/admin GroupMembership portingunix

This is essentially what System Preferences does when it makes a new user, but the process is presented here so you can see more clearly what is going on behind the scenes with the NetInfo database. A look through the hierarchies in the NetInfo Manager application also helps you understand how the database is organized.