dseditgroup - macOS

Overview

The dseditgroup command is a utility in macOS used for creating, editing, and deleting groups in the Directory Services (DS) store. It allows administrators to manage group attributes, memberships, and permissions systematically. This tool is vital in structured environments like businesses or schools where user and group management is essential.

Syntax

The general syntax for dseditgroup is as follows:

dseditgroup [options] [action] [group_spec]
  • action: Specifies the action to be achieved (-o create, -o delete, -o edit, -o read).
  • group_spec: Identifies the group (by name or by GUID) on which the action is to be performed.

Options/Flags

  • -o operation: The operation to perform on the group. Valid operations are create, delete, edit, and read.
  • -n nodename: Specifies the node name to operate on, defaulting to /Local/Default.
  • -u username: Admin username for authentication; required if the command needs admin privileges.
  • -p password: Admin password for authentication; may prompt if not provided and required.
  • -r recordname: Specify the group record name when creating or modifying a group.
  • -i gid: Assigns or modifies the group’s ID number.
  • -t grouptype: Designates the group type, typical values are group or computer.
  • -L: Used to avoid interaction, automatically acknowledging all queries.
  • -q: Run in quiet mode, suppressing non-critical output messages.

Examples

  1. Creating a New Group:

    dseditgroup -o create -i 1010 -n /Local/Default -r "ExampleGroup"
    • This creates a new group named “ExampleGroup” with a Group ID (GID) of 1010.

  2. Adding a User to a Group:

    dseditgroup -o edit -n /Local/Default -u adminUser -p adminPass -a johndoe -t user "ExampleGroup"
    • Adds the user johndoe to “ExampleGroup”.

  3. Removing a User from a Group:

    dseditgroup -o edit -n /Local/Default -u adminUser -p adminPass -d johndoe -t user "ExampleGroup"
    • Removes the user johndoe from “ExampleGroup”.

  4. Deleting a Group:

    dseditgroup -o delete -n /Local/Default "ExampleGroup"

Common Issues

  • Authentication Failure: When -u and -p are incorrectly specified, or not specified when required, resulting in permission errors.
  • Duplicate Group ID: Attempting to create a group with an ID that already exists can result in errors. Ensure unique GIDs.

Integration

dseditgroup can be a part of scripts for automated setup or cleanup tasks, and can be piped with other commands:

dscl . -list /Groups | grep -v '^_' | xargs -I {} dseditgroup -o read -n /Local/Default {}
  • This command lists all non-system groups and provides a detailed readout of each.
  • dscl: Directory Service command line utility, useful for more detailed Directory Services operations.
  • dscacheutil: Tool for interacting with the Directory Services cache.

Further reading and additional resources are available in the main macOS System Administration documentation, usually accessible through Apple’s official support website.