Is it considered reliable to create user accounts by 'dscl' commands? I know how to do this and it seems to work fine with macOS 10.14.5 but I'm concerned that it might miss some settings or not work with the next OS update.
iMac 27" 5K, macOS 10.14
skynaut wrote:
Is it considered reliable to create user accounts by 'dscl' commands?
Sure it's reliable, but of course you should research the proper use of it using man dscl. Creating new User Accounts through Users & Groups is essentially a GUI front end for it. Yes you might miss some settings but off the top of my head I don't have anything in particular to suggest. Your experience with it and encountering no problems is worth much more than that anyway.
No one knows the changes any future macOS updates or upgrades will bring.
Here's the script I wrote for this purpose. It's intended to be used by remote ssh login to create new accounts without screen sharing. Obviously the inclusion of a temporary password is not the highest security but users would be instructed to change it ASAP. I would edit the username/password and potentially other options as required. I'd appreciate any feedback.
#!/bin/bash
# Date: Created July 18 2019
# Author: Perry Radau
# Create a new user account on macOS.
# Usage: sudo ./Createuseracct.sh
# Set the Name, Shortname and UID, and password
userPass="mypassword"
testuser="newbie"
#longUser can be a full name including a space e.g. "First Last"
longUser=$testuser
shortUser=$testuser
#Can we find this user? Use grep -w in order to avoid multiple matches from similar usernames.
userCheck=$(dscl . list /Users | grep -w $shortUser)
if [ -z $userCheck ]
then
echo "Creating user "$shortUser
else
echo "You are trying to create a user that already exists!"
echo "Must exit"
exit 1
fi
# Auto generates the UID to be the next higher one available among those in the 500 to 509 range.
userID=$(dscacheutil -q user | grep 'uid: 50' | sort | tail -n 1 | awk '{print int($2)+1}')
#Can we find this UID?
uidCheck=$(dscacheutil -q user | grep -w $userID | awk '{print $2}')
if [ -z $uidCheck ]
then
echo "Using UID "$userID
else
echo "You are trying to create a UID that already exists!"
echo "Must exit"
exit 1
fi
# gid 20 is staff
groupID=20
# Shutting off iCloud Prompt
defaults write /System/Library/'User Template'/Non_localized/Library/Preferences/com.apple.SetupAssistant DidSeeCloudSetup -boolean YES
# Shut off all warnings about 32 bit applications 'This app is not optimized for the Mac'
defaults write -g CSUIDisable32BitWarning -boolean TRUE
# Building the dscl command
dscl . -create /Users/$shortUser
dscl . -create /Users/$shortUser UserShell /bin/bash
dscl . -create /Users/$shortUser RealName "$longUser"
dscl . -create /Users/$shortUser UniqueID $userID
dscl . -create /Users/$shortUser PrimaryGroupID $groupID
dscl . -create /Users/$shortUser NFSHomeDirectory /Users/$shortUser
dscl . -passwd /Users/$shortUser $userPass
#Optionally make this an Admin account
dscl . -append /groups/admin GroupMembership $shortUser
echo "Done creating new user "$shortUser" with UID "$userID"."
echo "Please logout and login (not switch) to begin using this account."
exit 0
You might need to create an error handler to check for disallowed characters in the username or pw (for example). Also, it would have to comply with any password policy restrictions on managed Macs.
That's all I can think of at the moment.
creating a user account by command line (terminal)