MacOS – How to create a ‘Sharing Only’ account via terminal in OS X

bashmacosterminal

I'm attempting to create a 'Sharing Only' account in an OS X app.

I've tried code based on examples like these:
Can user accounts be managed via the command line?
What steps are needed to create a new user from the command line on mountain lion?
without success.

From System Preferences -> Users and Groups -> Advanced Options for 'Sharing Only' account:
Home directory: /dev/null
Since /dev/null discards streams directed to it, substitution in place of '/Users/NewUser' into above code doesn't work.

Best Answer

Based on bispymusic's answer to a previous question:

#!/bin/sh

dscl . create /Users/sharinguser    # use whatever account name you want
dscl . create /Users/sharinguser RealName "Sharing-only Account"
dscl . create /Users/sharinguser hint "Password Hint"
dscl . create /Users/sharinguser picture "/Path/To/Picture.png"
dscl . passwd /Users/sharinguser thisistheaccountpassword
dscl . create /Users/sharinguser UniqueID 550    # Pick something unique
dscl . create /Users/sharinguser PrimaryGroupID 20    # Staff group
dscl . create /Users/sharinguser UserShell /usr/bin/false    # No shell access allowed!
dscl . create /Users/sharinguser NFSHomeDirectory /dev/null    # No home directory!

As with the script it's based on, you'll either need to run it with sudo, or prefix each dscl command with sudo. Be sure to adjust the account name, RealName, password, and UniqueID (and probably the hint and picture). Note that the critical attributes to make this a sharing-only account are the UserShell and NFSHomeDirectory attributes -- leave these as I have them.

It's a bit confusing that all of the lines refer to /Users/sharinguser (or whatever account name you choose) despite this not existing in the filesystem -- this is because it doesn't refer to a file path, but to the path to a record in OS X's directory service. The filesystem and OS X directory services both use the same path notation, but actually have very little to do with each other. Thus, the home directory path can be set to /dev/null while the account's path directory service stays normal.

Related Solutions

MacOS – What steps are needed to create a new user from the command line

Here is a shell script I wrote at work to handle this as part of the NetInstall process (creating a local administrator account automatically during imaging process).

#!/bin/sh
. /etc/rc.common
dscl . create /Users/administrator
dscl . create /Users/administrator RealName "Administrator Account"
dscl . create /Users/administrator hint "Password Hint"
dscl . create /Users/administrator picture "/Path/To/Picture.png"
dscl . passwd /Users/administrator thisistheaccountpassword
dscl . create /Users/administrator UniqueID 501
dscl . create /Users/administrator PrimaryGroupID 80
dscl . create /Users/administrator UserShell /bin/bash
dscl . create /Users/administrator NFSHomeDirectory /Users/administrator
cp -R /System/Library/User\ Template/English.lproj /Users/administrator
chown -R administrator:staff /Users/administrator

Some notes to mention:

I have this saved as an executable ".sh" file.
Since it executes during NetInstall it runs as root, and needs to run as root to work properly. You can also subtract the first two lines, add a "sudo" to the beginning of each subsequent line, and manually run these as individual commands in Terminal.
Modify UniqueID from 501 to a number that you will know is safe on all systems (501 is taken by the first account created on a Mac, generally something higher like 550 will probably be safe, depending on how many users you have on your system).
PrimaryGroupID of 80 creates an Admin user. Change to PrimaryGroupID of 20 to create a Standard user.
I've imaged well over 50 Macs this way with no issues. I use this account to run commands via SSH, to push out patches via ARD and to do local desk-side administration.

MacOS – user-friendly app that can create an archive of system.log files and the like

Could you use an AppleScript like this?

do shell script "tar --disable-copyfile -cf ${TMPDIR}logs.tar /var/log/{system,install}.log*" with administrator privileges

It requires entering the username and password of an admin user though.

Best Answer

Related Solutions

MacOS – What steps are needed to create a new user from the command line

MacOS – user-friendly app that can create an archive of system.log files and the like

Related Question