Skip to content

Instantly share code, notes, and snippets.

@dolfly dolfly/macuser
Created Feb 19, 2019

Embed
What would you like to do?
Mac User Account Create & Delete
mac user account create and delete
#!/bin/bash
# cf. Adding a User From the Command Line,
# http://developer.apple.com/documentation/Porting/Conceptual/PortingUnix/additionalfeatures/chapter_10_section_9.html
if [[ "$(/usr/bin/whoami)" != "root" ]]; then printf '/nMust be run as root!/n/n'; exit 1; fi
OPATH=$PATH
export PATH=/usr/bin:/usr/sbin:/bin:/sbin
OIFS=$IFS
export IFS=$' /t/n'
declare sudo=/usr/bin/sudo dscl=/usr/bin/dscl
printf "/e[1mEnter first name/e[m: "
read firstname
# no spaces in names
if [[ -z "$(printf -- "$firstname" | /usr/bin/grep -Eo "^[^[:space:]]+$")" ]]; then
printf '/nUse a name without spaces! /nPlease, try again!/n/n'
exit 1
fi
# name must not begin with a number
if [[ -n "$(printf -- "$firstname" | /usr/bin/grep -E "^[[:digit:]]")" ]]; then
printf '/nName must not begin with a number! /nPlease, try again!/n/n'
exit 1
fi
# make sure the user name is unique
new_user="$(/usr/bin/dscl . -search /Users name "$firstname" 2>/dev/null)"
if [[ -z "$new_user" ]]; then
new_user="$firstname"
else
printf "/nUser name already exists: $firstname /nPlease, modify your name and try it again/x21/n/n" # cf. man ascii for /x21
exit 1
fi
# make sure the user's primary group name is unique
# note: the user's primary group name is also based on the first name!
new_group="$(/usr/bin/dscl . -search /Groups name "$firstname")"
if [[ -z "$new_group" ]]; then
new_group="$firstname"
else
printf "/nThe user's primary group name already exists: $firstname/x21 /nPlease, try again/x21/n/n"
exit 1
fi
# make sure there is no (file or) home directory of the same name already
if [[ -e "/Users/$new_user" ]]; then
printf "/nUser $new_user already exists at /Users/$new_user/x21 /nPlease, try again/x21/n/n"
exit 1
fi
# last name
printf "/e[1mEnter last name/e[m: "
read lastname
# no spaces in names
if [[ -z "$(printf -- "$lastname" | /usr/bin/grep -Eo "^[^[:space:]]+$")" ]]; then
printf '/nUse a name without spaces! /nPlease, try again!/n/n'
exit 1
fi
# name must not begin with a number
if [[ -n "$(printf -- "$lastname" | /usr/bin/grep -E "^[[:digit:]]")" ]]; then
printf '/nName must not begin with a number! /nPlease, try again!/n/n'
exit 1
fi
# enter password
printf "/e[1mEnter password/e[m: "
stty_orig=$(/bin/stty -g)
pass=''
blank='false'
while [[ "$blank" != "true" ]]; do
/bin/stty -icanon -echo
c=$(/bin/dd bs=6 count=1 2> /dev/null)
# Check for a CR.
if [[ -z "$(printf -- "$c" | /usr/bin/tr -d "/r/n")" ]]; then
blank='true'
else
/bin/stty echo
printf "*"
pass="$pass$c"
/bin/stty -echo
fi
done
/bin/stty icanon echo
/bin/stty "$stty_orig"
passwd1="$pass"
printf "/n"
# check minimum password length: 6
if [[ -z "$(printf -- "$passwd1" | /usr/bin/grep -Eo "^([[:alnum:]]|[[:punct:]]){6,}$")" ]]; then
printf '/nUse at least 6 characters (alphanumeric, punctuational) for your password! /nPlease, try again!/n/n'
exit 1
fi
# confirm password
printf "/e[1mConfirm password/e[m: "
stty_orig=$(/bin/stty -g)
pass=''
blank='false'
while [[ "$blank" != "true" ]]; do
/bin/stty -icanon -echo
c=$(/bin/dd bs=6 count=1 2> /dev/null)
# Check for a CR.
if [[ -z "$(printf -- "$c" | /usr/bin/tr -d "/r/n")" ]]; then
blank='true'
else
/bin/stty echo
printf "*"
pass="$pass$c"
/bin/stty -echo
fi
done
/bin/stty icanon echo
/bin/stty "$stty_orig"
passwd2="$pass"
printf "/n"
if [[ "$passwd1" != "$passwd2" ]]; then
printf '/nPasswords do not match. /nPlease, try again!/n/n'
exit 1
else
printf '/nPassword confirmation was successful!/n/n'
fi
# get unique id numbers (uid, gid) that are greater than 500
unset -v i new_uid new_gid idvar
declare -i new_uid=0 new_gid=0 i=500 idvar=0
while [[ $idvar -eq 0 ]]; do
i=$[i+1]
if [[ -z "$(/usr/bin/dscl . -search /Users uid $i)" ]] && [[ -z "$(/usr/bin/dscl . -search /Groups gid $i)" ]]; then
new_uid=$i
new_gid=$i
idvar=1
#break
fi
done
if [[ $new_uid -eq 0 ]] || [[ $new_gid -eq 0 ]]; then printf 'Getting unique id numbers (uid, gid) failed!/n'; exit 1; fi
# old version
# get unique id numbers (for uid, gid) by increasing the highest id number already in use by 1
#new_uid=$(($(/usr/bin/dscl . -list /Users uid | /usr/bin/awk '{print $NF;}' | /usr/bin/sort -n | /usr/bin/tail -n 1) + 1))
#new_gid=$(($(/usr/bin/dscl . -list /Groups gid | /usr/bin/awk '{print $NF;}' | /usr/bin/sort -n | /usr/bin/tail -n 1) + 1))
# make sure $new_uid and $new_gid are equal
#if [[ $new_uid -ne $new_gid ]]; then
# if [[ $new_uid -gt $new_gid ]]; then new_gid="$new_uid"; else new_uid=$new_gid; fi
#fi
# check once again ...
if [[ $new_uid -eq $new_gid ]] && [[ "$new_user" == "$firstname" ]] && [[ "$new_group" == "$firstname" ]]; then
# create the user's primary group
$sudo /usr/sbin/dseditgroup -o create -r "$firstname $lastname" -i $new_gid "$new_group"
$sudo $dscl . -append "/Groups/$new_group" passwd "*"
$sudo $dscl . -create "/Users/$new_user"
$sudo $dscl . -append "/Users/$new_user" RealName "$firstname $lastname"
$sudo $dscl . -append "/Users/$new_user" NFSHomeDirectory "/Users/$new_user"
###$sudo $dscl . -append "/Users/$new_user" NFSHomeDirectory "/Local/Users/$new_user"
$sudo $dscl . -append "/Users/$new_user" UserShell /bin/bash
$sudo $dscl . -append "/Users/$new_user" PrimaryGroupID $new_gid
$sudo $dscl . -append "/Users/$new_user" UniqueID $new_uid
$sudo $dscl . -append "/Users/$new_user" hint ""
$sudo $dscl . -append "/Users/$new_user" comment "user account /"$firstname $lastname/" created: $(/bin/date)"
$sudo $dscl . -append "/Users/$new_user" picture "/Library/User Pictures/Animals/Butterfly.tif"
$sudo $dscl . -append "/Users/$new_user" sharedDir Public
$sudo $dscl . -passwd "/Users/$new_user" "$passwd1"
# add some other properties that are usually set (Mac OS X 10.4)
$sudo $dscl . -append "/Users/$new_user" _shadow_passwd ""
$sudo $dscl . -append "/Users/$new_user" _writers_hint "$new_user"
$sudo $dscl . -append "/Users/$new_user" _writers_real_name "$new_user"
$sudo $dscl . -append "/Groups/$new_group" GroupMembership "$new_user" # add new user to the user's primary group
#$sudo /usr/sbin/dseditgroup -o edit -a "$new_group" -t user "$new_user"
$sudo $dscl . -append /Groups/staff GroupMembership "$new_user" # test: add new user to group staff
# add the new user to the admin group (Mac OS X 10.4)
# This should be part of a separate admin user account shell script or
# at least require an additional user input prompt at the beginning!
#$sudo $dscl . -append /Groups/admin GroupMembership "$new_user"
#$sudo $dscl . -append /Groups/appserverusr GroupMembership "$new_user"
#$sudo $dscl . -append /Groups/appserveradm GroupMembership "$new_user"
# log out after running the script to see the new user account has been created
$sudo /usr/sbin/createhomedir -l -u "$new_user"
else
printf "/nConfiguration of user account: $firstname failed/x21 /nPlease, try again/x21/n/n"
exit 1
fi
printf "/nUser account: $firstname successfully created/x21 /nYou can now log in to your new user account/x21/n/n"
export IFS=$OIFS
export PATH=$OPATH
exit
#!/bin/bash
# cf. http://www.macos.utah.edu/documentation/authentication/dscl.html
if [[ "$(/usr/bin/whoami)" != "root" ]]; then printf '/nMust be run as root!/n/n'; exit 1; fi
OPATH=$PATH
export PATH=/usr/bin:/usr/sbin:/bin:/sbin
OIFS=$IFS
export IFS=$' /t/n'
declare sudo=/usr/bin/sudo
printf "/e[1mDelete user account/e[m: "
read user
if [[ -z "$user" ]]; then printf '/nNo user specified! Please, try again!/n/n'; exit 1; fi
# make sure the user exists
usertest="$(/usr/bin/dscl . -search /Users name "$user" 2>/dev/null)"
if [[ -z "$usertest" ]]; then printf "/nUser does not exist: $user/n/n"; exit 1; fi
# get user's group memberships
groups_of_user="$(/usr/bin/id -Gn $user)"
if [[ $? -eq ]] && [[ -n "$(/usr/bin/dscl . -search /Groups GroupMembership "$user")" ]]; then
# delete the user's group memberships
for group in $groups_of_user; do
$sudo /usr/bin/dscl . -delete "/Groups/$group" GroupMembership "$user"
#$sudo /usr/sbin/dseditgroup -o edit -d "$user" -t user "$group"
done
fi
# delete the user's primary group
if [[ -n "$(/usr/bin/dscl . -search /Groups name "$user")" ]]; then
$sudo /usr/sbin/dseditgroup -o delete "$user"
fi
# if the user's primary group has not been deleted ...
if [[ -n "$(/usr/bin/dscl . -search /Groups name "$user")" ]]; then
printf "
/e[1mWarning/e[m:
The group memberships of the user /e[1m$user/e[m have been deleted/x21
groups_of_user: $groups_of_user
The user's primary group /e[1m$user/e[m, however, has not been deleted/x21
Please, try again/x21
Exiting .../n
"
exit 1
fi
# find the GeneratedUID of the user and remove the password hash file
# from /private/var/db/shadow/hash/<GeneratedUID>
# sudo ls -a /private/var/db/shadow/hash
# sudo ls -l /private/var/db/shadow/hash/<GeneratedUID>
guid="$(/usr/bin/dscl . -read "/Users/$user" GeneratedUID | /usr/bin/awk '{print $NF;}')"
if [[ -f "/private/var/db/shadow/hash/$guid" ]]; then
$sudo /bin/rm -f /private/var/db/shadow/hash/$guid
fi
# delete the user
$sudo /usr/bin/dscl . -delete "/Users/$user"
# make a backup
if [[ -d "/Users/$user" ]]; then
$sudo /usr/bin/ditto -rsrc -c -k "/Users/$user" "/Users/${user}-archive-$(/bin/date).zip"
fi
# remove the user's home directory
if [[ -d "/Users/$user" ]]; then
$sudo /bin/rm -rf "/Users/$user"
fi
export IFS=$OIFS
export PATH=$OPATH
exit
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.