[OS X TeX] Re: users and groups on Leopard

[Anthony Morton]

>> With Leopard the above doesn't seem to apply anymore. If you open / 
>> etc/passwd you'll see that it begins with
>
> I use Leopard and it works fine for me. You are typing this on the  
> command line aren't you?
> Perhaps you need to sudo?

Yes, you will see a bunch of default users defined in /etc/passwd -  
but there won't be a record for yourself if you're on an out-of-the- 
box installation.  While the system will consult /etc/passwd as a  
fallback measure, user accounts are normally handled by OpenLDAP.  For  
more details, "man DirectoryService" and then check out the referenced  
items, especially dscl.

However, OpenLDAP is used just in the way NetInfo was once used, to  
identify users, groups and system resources.  File permissions are  
still handled in the classic Unix way, but can be extended using  
Access Control Lists.  (Apple's 'chmod' has been extended to allow  
manipulation of ACLs as well.)

>> Directory Utility (in /Applications/Utilities/) allows to configure  
>> access to such servers, though I imagine the new mechanism is  
>> primarily designed for central administration by a system  
>> administrator via Mac OS X Server. Directory Utility has also  
>> inherited from NetInfo Manager the ability to activate the root  
>> user and change its password.
>
> The Directory utility really only provides a nice user interface so  
> you can mount remote directories on your computer and treat them as  
> volumes.

I think you have something else in mind - Directory Utility provides  
the interface for configuring additional directory servers that allow  
additional groups of users and system resources to be identified.   
This allows a network administrator to configure additional user  
accounts without having to define them on each individual PC: very  
handy in offices and other multiuser environments.

>> I was unfamiliar with dscl. Nice looking app and well documented  
>> too (man dscl or info dscl). I'll need to have a play with that I  
>> think.

A good way to start exploring is with

dscl . -list /

which lists all the top-level databases handled by OpenLDAP.  One of  
these is called 'Users' so you can

dscl . -list /Users

which should print out all the users defined in /etc/passwd, plus the  
actual users you've defined yourself.

Then to print out a user record, type (for example)

dscl . -list /Users/root

Much more can be done with the aid of the man page.

Regards,
Tony M.