MacOS – Proper group ID (gid) for Lion

macosunix

If you create a brand new admin account in Lion, the following will be your id and group memberships (from $ id [new Lion account] | perl -lne 's/ /\n/g; s/,/\n\t/g; print;'):

uid=504(lt)
gid=20(staff)
groups=20(staff)
    402(com.apple.sharepoint.group.1)
    12(everyone)
    33(_appstore)
    61(localaccounts)
    79(_appserverusr)
    80(admin)
    81(_appserveradm)
    98(_lpadmin)
    100(_lpoperator)
    204(_developer)
    403(com.apple.sharepoint.group.2)
    401(com.apple.access_screensharing)

In contrast, an older OS X account will have these uid, gid, etc:

uid=501(andrew)
gid=501(andrew)
groups=501(andrew)
    403(com.apple.sharepoint.group.2)
    204(_developer)
    100(_lpoperator)
    98(_lpadmin)
    81(_appserveradm)
    80(admin)
    79(_appserverusr)
    61(localaccounts)
    12(everyone)
    401(com.apple.access_screensharing)
    402(com.apple.sharepoint.group.1)

Note that the gid=20(staff) on the newer account and the that user is a member of 20(staff).

When you upgrade an older account to Lion, the older user and group names are kept.

There have been issues reported with not having staff group membership on upgraded accounts:

  1. Inability to install or upgrade Homebrew;
  2. The display of 'Fetching' when pressing Cmd+I on files in your user folder
  3. ACL and permission issues.

The current workaround seems to be this:

  1. Add the user to staff (i.e.: $ sudo dscl . append /Groups/staff GroupMembership `whoami` or equivalent)
  2. Use Lion Recovery to restore default home folder permissions (Click on the 'No Disc – Lion' tab).

So far, this has fixed a lot of the issues I had with the upgrade, and I seem to have longer battery life and lower CPU usage.

However, here are the questions I have:

1. Should I go through the trouble of changing the gid=501 to gid=20 on my account or is just being a member of the group staff good enough?

2. Is being a member of 20(staff) the same as having gid=20(staff)?

3. If I did change the gid= part of my account, how do I do that on Lion? I only know how to do it on Ubuntu…

Best Answer

I haven't seen any difference in how OS X treats the primary group vs. a user's other groups, so I don't think it makes any real difference. I'd be inclined to "fix" it for neatness, though. These commands should set the primary group to 20, and then add a "secondary" membership in the old andrew group:

sudo dscl . create /Users/andrew PrimaryGroupID 20
sudo dseditgroup -o edit -a andrew -t user andrew

(Note: using dscl to add secondary group memberships doesn't quite do it right -- use dseditgroup instead.)

Related Question