When creating a group using the command line, I can use dscl as follows:
sudo dscl . create /Groups/testgroup
sudo dscl . create /Groups/testgroup RealName "Test Group"
sudo dscl . create /Groups/testgroup gid 999
or I can use dseditgroup:
sudo dseditgroup -o create -n /Local/Default -r "Test Group" testgroup
(here, I let dseditgroup automatically assign a GID)
Many of the posts providing guidance for creating a group also include this command:
sudo dscl . create /Groups/testgroup passwd "*"
and the man page for dscl says the parameter to passwd (in this case "*") is a user_path.
In the man page details for passwd, it only talks about it being used to change a password for a user, nothing about how it applies in the context of a group.
when I run
sudo dscl . create /Groups/testgroup passwd "*"
I am prompted for "Password:" and it accepts my admin password (only), and creates a Password field in testgroup. The value for this field displays as an asterisk.
Most (though not all) of the groups on my machine have a Password field such as this. I can scan them quickly using:
dscl . -readall /Groups Password
When I create a Password field for a group like this, does the asterisk indicate some kind of special user_path?
Does the field keep track of which user the password is for, and what the password is?
Once a Password field is created for a group, when and how might it get used?
thanks!
Best Answer
Groups with passwords will allow a user to become a member of that group if the user knows the group password and even if the user is not a member of that group. I'm not sure that group passwords are even implemented in OS X.
In general, if you see the password field set with a single "*" that means the password is not set. Since macOS is POSIX, consulting the Open Group documentation will always give you some clues-http://pubs.opengroup.org/onlinepubs/9699919799/utilities/newgrp.html