Newsroom Update

Beginning in May, a special Today at Apple series titled “Made for Business” will offer small business owners and entrepreneurs free opportunities to learn how Apple products and services can support their growth and success. Learn more >

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: RW_DHC
RW_DHC Author
User level: Level 1
0 points

Open Directory Users system group ... why is its short name "staff"?

I just tried to add a "staff" group in Workgroup Manager and it told me that this group already exists. Eventually I figured out, by going to "View" > "Show System Users and Groups", that Open Directory Users has a short name of "staff."

This is unfortunate, because not all "users" are explicitly members of "staff" (in other words contractors, guests, that sort of thing). Apple ought to know that. I want to have a group that's actually called Staff so that I can enable the mailing list and have an email address that is staff@mydomain.com. I don't know why they didn't give Open Directory Users a short name of dirusers or something else in order to give us the freedom to create a staff group.

I tried renaming Open Directory Users' short name "users" and it worked, but I decided to reset it to "staff" while I do a little more research and now I can't change it back to staff.

Is there anything I can do to free up the "staff" group name? Am I missing something?

all, Mac OS X (10.5.6)

Posted on Jan 20, 2009 11:01 AM

Reply
8 replies
User profile for user: Antonio Rocco
Antonio Rocco
User level: Level 6
12,278 points

Jan 20, 2009 11:12 AM in response to RW_DHC

Hi

As far back as I can remember (not sure about 10.1 or 10.2?) Apple have reserved Staff for system use so it's no great surprise. You could express your wish for change by leaving Apple some feedback?

http://www.apple.com/contact/feedback.html

There is similar thread to yours here:

http://discussions.apple.com/thread.jspa?threadID=1826848&tstart=0

Tony
Reply
User profile for user: RW_DHC
RW_DHC Author
User level: Level 1
0 points

Jan 20, 2009 1:27 PM in response to Antonio Rocco

Baffling move on Apple's part. Absolutely baffling. Staff is an organizational concept, Open Directory Users a technical one. What were they thinking?

But, even though "staff" is supposedly reserved as the short name of Open Directory Users, Workgroup Manager allowed me to change it to "users"! Not very reserved after all. I should now be able to create a new group using that short name, but no. And now Workgroup Manager won't let me change it back.
Reply
User profile for user: RW_DHC
RW_DHC Author
User level: Level 1
0 points

Jan 22, 2009 11:26 AM in response to Jeff Richie

You don't think it's baffling that the makers of this software could not foresee an instance in which Open Directory Users and Staff do not mean the same thing? Guests, consultants, corporate partners, technicians, and others might have accounts in our Directory but they are not staff. Staff are staff, not users. Make sense?
Reply
User profile for user: RW_DHC
RW_DHC Author
User level: Level 1
0 points

Jan 26, 2009 9:41 AM in response to Antonio Rocco

The membership of the Open Directory Users group is defined by the system (I think at first login the user account is added to the OD Users group, but correct me if I'm wrong). Users who require accounts may indeed be staff members, but they might be guests, technicians, consultants, or anyone else who needs an account on the system.

In order to make use of the mailing list and wiki features, I need staff@mydomain.com to correspond to those accounts who I manually add to a staff group, in other words those accounts which are allowed to receive emails addressed to "all staff." Guests, technicians, consultants, and others, shouldn't necessarily be able to receive these because they might concern sensitive company information. If, at first login, any user becomes a member of the Open Directory Users group, I can't control access in the way I'd like.

Okay, sure ... I can create another group, one which will generate a mailing list with an address of the_staff@mydomain.com or stafflist@mydomain.com, but nothing makes more sense and is cleaner and more user-friendly than a setup which allows a user to type "staff" in Mail.app, have the mydomain.com autocomplete itself, and fire away an email to all employees.
Reply
User profile for user: trondare
trondare
User level: Level 1
10 points

Feb 2, 2009 11:13 AM in response to RW_DHC

Well, LDAP auto-completion uses the EMailAddress record attribute, which doesn't exist for groups to begin with.

So, if you want auto-completion for a group, add the EMailAddress attribute to your staff group and it works just like you want.

Like others pointed out, the 'staff' shortname is a Unix standard. Apple probably couldn't do anything with it even if they wanted to, in order to keep their UNIX certification. You can work cleanly around it, I don't see what the big deal is.
Reply

Open Directory Users system group ... why is its short name "staff"?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up