I'd like to script the action of creating a group via Users & Groups and binding it to the admin account and enabling remote login for the same group enabled service and support.
I'm vaguely familiar with commands like dscl – but I'm not sure if this is even the right command
I've seen sudo dscl localhost -append /Local/Default/Groups/thegroupname GroupMembership theusername – to add an admin user to a group BUT What should be put for GroupMembership – if this command is correct – The name of my group is Service and Support
Best Answer
To create a group, add some users and enabling remote login for the same group from scratch do the following:
Locally:
Create group:
Add some details like real name, password etc.:
Use an unused groupID number as gid! You get a sorted list of used gids by entering:
There is also an answer somewhere at apple.stackexchange.com how to find the first free uid or gid greater than x and how to apply it to new groups or users.
Add an admin user (here I assume the user name is admin):
If you want to add a second user use the subcommand
append
:Test whether the group SSH Service ACL exists:
If the group doesn't exist create it similar as the Service and Support group:
Add the group servsupport as nested group to the SSH Service ACL group if the SSH ACL is already enabled:
or if SSH ACL are dsiabled:
Enable remote login:
A script doing essentially this except creating a new Service and Support group is available here: add_localadmins_to_ssh. The linked script requires slight mods to meet your requirements.
Based on the linked script I made a new one meeting your requirements. Take it with a grain of salt and test it thoroughly:
In a managed environment (OpenDirectory or AD) with OD/AD users/groups with local admin access permissions it's much simpler.
If you've already created the group you can lookup the groupID and the group name (
servsupport
above) by right-clicking the group name in "Users & Groups".