I know there are group names such as "Staff" and "Admin", but are those the only ones? I suspect that the root user should also be assigned in a group. Using the command dscacheutil -q user
tells me the gid of root – 0. And if a user account is an admin, then isn't it in both "Admin" and "Staff" group(s)?
By running the command ls -la /Users
, I get the following output:
Nicholass-MacBook:~ Ee$ ls -la /Users
total 32
drwxr-xr-x 12 root admin 408 Nov 3 15:11 .
drwxr-xr-x@ 35 root wheel 1258 Oct 29 20:21 ..
-rw-r--r--@ 1 root admin 12292 Oct 27 09:02 .DS_Store
-rw-r--r-- 1 root wheel 0 Aug 25 16:58 .localized
drwxrwx--- 5 root admin 170 Nov 3 08:00 Deleted Users
drwxr-xr-x+ 21 Ee staff 714 Nov 3 08:06 Ee
drwx------+ 84 root admin 2856 Oct 26 06:49 Ee (Deleted)
drwxr-xr-x+ 11 EeJ staff 374 Nov 3 15:07 EeJ
drwxr-xr-x+ 14 900 admin 476 Oct 24 2012 Ee******** (Deleted)
drwxr-xr-x 3 root admin 102 Oct 27 06:50 Old Ee (frm Snow Leopard)
drwxr-xr-x+ 11 ParAcnt staff 374 Nov 3 15:11 ParAcnt
drwxrwxrwt 6 root wheel 204 Nov 1 18:18 Shared
Best Answer
The command
dscacheutil -q group
will output all groups with their name, ID numbers, and list of members. Be warned, when I say it will output all the groups, I mean all the groups, including built-in system ones mortals were never meant to see. I'm just saying, don't freak out there are so many groups for a single-user system.root
as the superuser is in a group by itself and also implicitly a member of every other group. Any user account can be a member of multiple groups. On my system the only member ofstaff
isroot
; admins are all in theadmin
group.wheel
is another group name you'll frequently see for some system files; it's a popular group name on Linux systems to assign to files so that admins can edit them without using their password insudo
.It should also be noted that Mac OS X supports access control lists that provide more granular control over file permissions than traditional Unix permissions; IIRC the
+
in the file permissions list indicates there are such extended permissions associated with the file.