MacOS – May I have a list of “System” group names, and their respective gid(s)

command linegroupmacossystem-prefs

I know there are group names such as "Staff" and "Admin", but are those the only ones? I suspect that the root user should also be assigned in a group. Using the command dscacheutil -q user tells me the gid of root – 0. And if a user account is an admin, then isn't it in both "Admin" and "Staff" group(s)?

By running the command ls -la /Users, I get the following output:

Nicholass-MacBook:~ Ee$ ls -la /Users
total 32
drwxr-xr-x  12 root     admin    408 Nov  3 15:11 .
drwxr-xr-x@ 35 root     wheel   1258 Oct 29 20:21 ..
-rw-r--r--@  1 root     admin  12292 Oct 27 09:02 .DS_Store
-rw-r--r--   1 root     wheel      0 Aug 25 16:58 .localized
drwxrwx---   5 root     admin    170 Nov  3 08:00 Deleted Users
drwxr-xr-x+ 21 Ee       staff    714 Nov  3 08:06 Ee
drwx------+ 84 root     admin   2856 Oct 26 06:49 Ee (Deleted)
drwxr-xr-x+ 11 EeJ      staff    374 Nov  3 15:07 EeJ
drwxr-xr-x+ 14 900      admin    476 Oct 24  2012 Ee******** (Deleted)
drwxr-xr-x   3 root     admin    102 Oct 27 06:50 Old Ee (frm Snow Leopard)
drwxr-xr-x+ 11 ParAcnt  staff    374 Nov  3 15:11 ParAcnt
drwxrwxrwt   6 root     wheel    204 Nov  1 18:18 Shared

Best Answer

The command dscacheutil -q group will output all groups with their name, ID numbers, and list of members. Be warned, when I say it will output all the groups, I mean all the groups, including built-in system ones mortals were never meant to see. I'm just saying, don't freak out there are so many groups for a single-user system.

root as the superuser is in a group by itself and also implicitly a member of every other group. Any user account can be a member of multiple groups. On my system the only member of staff is root; admins are all in the admin group. wheel is another group name you'll frequently see for some system files; it's a popular group name on Linux systems to assign to files so that admins can edit them without using their password in sudo.

It should also be noted that Mac OS X supports access control lists that provide more granular control over file permissions than traditional Unix permissions; IIRC the + in the file permissions list indicates there are such extended permissions associated with the file.

Related Question