Manage users and groups scripts
This page provides shell scripts to manage users.
Contents
groupadd
#!/bin/sh
################################################################################
# groupadd
#
# This script emulates the groupadd command that is
# standard in many UNIX like Operating Systems.
#
# This script should be placed in /usr/sbin
# it should be owned by root:admin and chmod 744
#
#-------------------------------------------------------------------------------
# constants
#
# define version number
version='2.0'
# define script name
script_name='groupadd'
# display items
display_indent=' '
debug=0
#-------------------------------------------------------------------------------
# find the shell utils wee need
#
# find dscl
dscl=`which dscl`
if [ ! -x "$dscl" ] ; then
>&2 echo "$script_name: unable to find/use dscl"
exit 10
fi
# find sed
sed=`which sed`
if [ ! -x "$sed" ] ; then
>&2 echo "$script_name: unable to find/use sed"
exit 10
fi
# find cut
cut=`which cut`
if [ ! -x "$cut" ] ; then
>&2 echo "$script_name: unable to find/use cut"
exit 10
fi
# find grep
grep=`which grep`
if [ ! -x "$grep" ] ; then
>&2 echo "$script_name: unable to find/use grep"
exit 10
fi
# find expr
expr=`which expr`
if [ ! -x "$expr" ] ; then
>&2 echo "$script_name: unable to find/use expr"
exit 10
fi
#-------------------------------------------------------------------------------
# get a free GID greater than 500
#
get_free_gid()
{
continue="no"
number_used="dontknow"
fnumber=500
until [ $continue = "yes" ] ; do
if [ `$dscl . -list /Groups gid | $sed -e 's/blank:\{1,\}/:/g' | $cut -f 2 -d : | $grep -c "^$fnumber$"` -gt 0 ] ; then
number_used=true
else
number_used=false
fi
if [ $number_used = "true" ] ; then
fnumber=`$expr $fnumber + 1`
else
group_id="$fnumber"
continue="yes"
fi
done;
}
#-------------------------------------------------------------------------------
# check if the scripts is run by the root user
#
check_uid() {
if [ "`whoami`" = root ] ; then
uID=0
else
if [ "$uID" = "" ] ; then
uID=-1
fi
fi
export uID
}
#-------------------------------------------------------------------------------
# display script usage
#
display_usage()
{
>&2 echo "Usage: $script_name [-g gid [-o]] group"
exit $1
}
#-------------------------------------------------------------------------------
# display script version
#
display_version()
{
>&2 echo "$script_name: version $version by Francois Corthay"
>&2 echo "based on $script_name by Chris Roberts"
exit $1
}
################################################################################
# Command line parameters
#
# get command line parameters
override=0
define_gid=0
group_id=
while getopts ":hvg:o-:" opt ; do
case $opt in
h ) display_usage 0 ;;
v ) display_version 0 ;;
g ) define_gid=1
group_id=$OPTARG ;;
o ) override=1 ;;
- ) case $OPTARG in
help )
display_usage 0 ;;
version )
display_version 0 ;;
* )
display_usage 2 ;;
esac ;;
? ) >&2 echo "$script_name: invalid option $1"
display_usage 2 ;;
esac
done
shift $(($OPTIND - 1))
group="$1"
# check for the existence of the "group_id" parameter
if [ $define_gid -ne 0 ] ; then
if [ -z "$group" ] ; then
>&2 echo "$script_name: -g requires a gid"
display_usage 3
fi
fi
# check for the existence of the "group" parameter
if [ -z "$group" ] ; then
display_usage 2
fi
# check that the group name doesn't exist yet
if [ `$dscl . -list /Groups | $grep -c "^$group$"` -ne 0 ] ; then
>&2 echo "$script_name: group \"$group\" already exists"
exit 9
fi
# if no GID passed get one
if [ -z $group_id ] ; then
get_free_gid
else
if [ $override -ne 1 ] ; then
if [ `$dscl . -list /Groups gid | $sed -e 's/blank:\{1,\}/:/g' | $cut -f 2 -d : | $grep -c "^$group_id"` -gt 0 ]; then
>&2 echo "$script_name: gid \"$group_id\" is already in use"
exit 4
fi
fi
fi
# check that the script is run by root
check_uid
if [ $uID != 0 ] ; then
>&2 echo "$script_name: you must be root"
exit 10
fi
#-------------------------------------------------------------------------------
# display debug info
#
if [ $debug -ne 0 ] ; then
echo "Adding group $group"
echo "${display_indent}with GID $group_id"
fi
#-------------------------------------------------------------------------------
# make the group
#
$dscl . -create /Groups/$group
$dscl . -create /Groups/$group PrimaryGroupID $group_id
$dscl . -create /Groups/$group Password '*'
groupdel
#!/bin/sh
################################################################################
# groupdel
#
# This script emulates the groupdel command that is
# standard in many UNIX like Operating Systems.
#
# this script should be placed in /usr/sbin
# it should be owned by root.admin and chmod 744
#
#-------------------------------------------------------------------------------
# constants
#
# define version number
version='2.0'
# define script name
script_name='groupdel'
#-------------------------------------------------------------------------------
# find the shell utils wee need
#
# find dscl
dscl=`which dscl`
if [ ! -x "$dscl" ] ; then
>&2 echo "$script_name: unable to find/use dscl"
exit 10
fi
# find grep
grep=`which grep`
if [ ! -x "$grep" ] ; then
>&2 echo "$script_name: unable to find/use grep"
exit 10
fi
#-------------------------------------------------------------------------------
# check if the scripts is run by the root user
#
check_uid() {
if [ "`whoami`" = root ] ; then
uID=0
else
if [ "$uID" = "" ] ; then
uID=-1
fi
fi
export uID
}
#-------------------------------------------------------------------------------
# display script usage
#
display_usage()
{
>&2 echo "Usage: $script_name group"
exit $1
}
#-------------------------------------------------------------------------------
# display script version
#
display_version()
{
>&2 echo "$script_name: version $version by Francois Corthay"
>&2 echo "based on $script_name by Chris Roberts"
exit $1
}
################################################################################
# Command line parameters
#
# get command line parameters
while getopts ":hv-:" opt ; do
case $opt in
h ) display_usage 0 ;;
v ) display_version 0 ;;
- ) case $OPTARG in
help )
display_usage 0 ;;
version )
display_version 0 ;;
* )
display_usage 2 ;;
esac ;;
? ) >&2 echo "$script_name: invalid option $1"
display_usage 2 ;;
esac
done
shift $(($OPTIND - 1))
group="$1"
# check for the existence of the "group" parameter
if [ -z "$group" ] ; then
display_usage 2
fi
# check for the existence of the group to be deleted
if [ `$dscl . -list /Groups | $grep -c "^$group$"` -ne 1 ];then
>&2 echo "$script_name: group \"$group\" not found"
exit 6
fi
# check that the script is run by root
check_uid
if [ $uID != 0 ] ; then
>&2 echo "$script_name: you must be root"
exit 10
fi
#-------------------------------------------------------------------------------
# kill the group
#
$dscl . -delete /Groups/$group
useradd
#!/bin/sh
################################################################################
# useradd
#
# This script emulates the useradd command that is
# standard in many UNIX like Operating Systems.
#
# This script should be placed in /usr/sbin
# it should be owned by root.admin and chmod 755
#-------------------------------------------------------------------------------
# constants
#
# define version number
version='2.0'
# define script name
script_name='useradd'
# display items
display_indent=' '
debug=0
#-------------------------------------------------------------------------------
# find the shell utils wee need
#
# find dscl
dscl=`which dscl`
if [ ! -x "$dscl" ] ; then
>&2 echo "$script_name: unable to find/use dscl"
exit 10
fi
# find ditto
ditto=`which ditto`
if [ ! -x "$ditto" ] ; then
>&2 echo "$script_name: unable to find/use ditto"
exit 10
fi
# find cut
cut=`which cut`
if [ ! -x "$cut" ] ; then
>&2 echo "$script_name: unable to find/use cut"
exit 10
fi
# find expr
expr=`which expr`
if [ ! -x "$expr" ] ; then
>&2 echo "$script_name: unable to find/use expr"
exit 10
fi
# find grep
grep=`which grep`
if [ ! -x "$grep" ] ; then
>&2 echo "$script_name: unable to find/use grep"
exit 10
fi
# find sed
sed=`which sed`
if [ ! -x "$sed" ] ; then
>&2 echo "$script_name: unable to find/use sed"
exit 10
fi
# find head
head=`which head`
if [ ! -x "$head" ] ; then
>&2 echo "$script_name: unable to find/use head"
exit 10
fi
# find tail
tail=`which tail`
if [ ! -x "$tail" ] ; then
>&2 echo "$script_name: unable to find/use tail"
exit 10
fi
# find rm
rm=`which rm`
if [ ! -x "$rm" ] ; then
>&2 echo "$script_name: unable to find/use rm"
exit 10
fi
#-------------------------------------------------------------------------------
# get a free GID greater than 1000
#
get_free_uid()
{
continue="no"
number_used="dontknow"
fnumber=1000
until [ $continue = "yes" ] ; do
if [ `$dscl . -list /Users uid | $sed -e 's/blank:\{1,\}/:/g' | $cut -f 2 -d : | $grep -c "^$fnumber$"` -gt 0 ] ; then
number_used=true
else
number_used=false
fi
if [ $number_used = "true" ] ; then
fnumber=`$expr $fnumber + 1`
else
user_id="$fnumber"
continue="yes"
fi
done;
}
#-------------------------------------------------------------------------------
# get a free GID greater than 500
#
get_free_gid()
{
continue="no"
number_used="dontknow"
fnumber=500
until [ $continue = "yes" ] ; do
if [ `$dscl . -list /Groups gid | $sed -e 's/blank:\{1,\}/:/g' | $cut -f 2 -d : | $grep -c "^$fnumber$"` -gt 0 ] ; then
number_used=true
else
number_used=false
fi
if [ $number_used = "true" ] ; then
fnumber=`$expr $fnumber + 1`
else
group_id="$fnumber"
continue="yes"
fi
done;
}
#-------------------------------------------------------------------------------
# check if the scripts is run by the root user
#
check_uid() {
if [ "`whoami`" = root ] ; then
uID=0
else
if [ "$uID" = "" ] ; then
uID=-1
fi
fi
export uID
}
#-------------------------------------------------------------------------------
# display script usage
#
display_usage()
{
usage_indent=' '
>&2 echo "Usage: $script_name [-u uid [-o]] [-g group] [-G group,...]"
>&2 echo "${usage_indent}[-d home] [-m [-k template]] [-s shell] [-c comment]"
>&2 echo "${usage_indent}[-f inactive] [-e expire]"
>&2 echo "${usage_indent}[-p passwd] user"
exit $1
}
#-------------------------------------------------------------------------------
# display script version
#
display_version()
{
>&2 echo "$script_name: version $version by Francois Corthay"
>&2 echo "based on $script_name by Chris Roberts"
exit $1
}
################################################################################
# Command line parameters
#
# get command line parameters
define_user_id=0
override_user_id=0
define_initial_group=0
define_other_groups=0
define_home_directory=0
define_login_shell=0
define_comment=0
create_home_directory=0
define_skeleton_dir=0
define_inactive_days=0
define_expire_date=0
define_password=0
while getopts ":hvu:og:G:d:s:c:mk:f:e:p:-:" opt ; do
case $opt in
h ) display_usage 0 ;;
v ) display_version 0 ;;
u ) define_user_id=1
user_id=$OPTARG ;;
o ) override_user_id=1 ;;
g ) define_initial_group=1
initial_group=$OPTARG ;;
G ) define_other_groups=1
other_groups=$OPTARG ;;
d ) define_home_directory=1
home_directory=$OPTARG ;;
m ) create_home_directory=1 ;;
k ) define_skeleton_dir=1
skeleton_dir=$OPTARG ;;
s ) define_login_shell=1
login_shell=$OPTARG ;;
c ) define_comment=1
comment=$OPTARG ;;
f ) define_inactive_days=1
inactive_days=$OPTARG ;;
e ) define_expire_date=1
expire_date=$OPTARG ;;
p ) define_password=1
password=$OPTARG ;;
- ) case $OPTARG in
help )
display_usage 0 ;;
version )
display_version 0 ;;
* )
display_usage 2 ;;
esac ;;
? ) >&2 echo "$script_name: invalid option $1"
display_usage 2 ;;
esac
done
shift $(($OPTIND - 1))
user="$1"
# check for the existence of the "user" parameter
if [ -z "$user" ] ; then
display_usage 2
fi
# check that the user doesn't exist yet
if [ `$dscl . -list /Users | $grep -c "^$user$"` -ne 0 ] ; then
>&2 echo "$script_name: user \"$user\" exists"
exit 9
fi
# get / check UID
if [ $define_user_id -eq 0 ] ; then
get_free_uid
else
if [ `$dscl . -list /Users uid | $sed -e 's/blank:\{1,\}/:/g' | $cut -f 2 -d : | $grep -c "^$fnumber$"` -eq 0 ] ; then
override_user_id=0
else
if [ $override_user_id -eq 0 ] ; then
>&2 echo "$script_name: uid $user_id already exists"
exit 4
fi
fi
fi
# get / check GID
create_initial_group=0
if [ $define_initial_group -eq 0 ] ; then
get_free_gid
create_initial_group=1
initial_group="$user"
else
if [ `$dscl . -list /Groups | $grep -c "^$initial_group$"` -eq 0 ] ; then
>&2 echo "$script_name: unknown group $initial_group"
exit 6
else
group_id=`$dscl . -list /Groups gid | $sed -e 's/blank:\{1,\}/:/g' | $grep "^$initial_group:" | $cut -f 2 -d ':'`
fi
fi
# check other groups
if [ $define_other_groups -ne 0 ] ; then
other_groups=`echo $other_groups | $sed -e 's/,/ /g'`
for group in $other_groups ; do
if [ `$dscl . -list /Groups | $grep -c "^$group$"` -eq 0 ] ; then
>&2 echo "$script_name: unknown group $group"
exit 6
fi
done
fi
# define home directory
if [ $define_home_directory -eq 0 ] ; then
home_directory="/Users/$user"
fi
# check home directory
if [ -d "$home_directory" ] ; then
create_home_directory=0
else
if [ $create_home_directory -eq 0 ] ; then
>&2 echo "$script_name: invalid home directory $home_directory"
exit 12
fi
fi
# skeleton directory
copy_skeleton_dir=0
if [ $define_skeleton_dir -ne 0 ] ; then
if [ -d "$skeleton_dir" ] ; then
if [ $create_home_directory -no 0 ] ; then
copy_skeleton_dir=1
fi
else
>&2 echo "$script_name: invalid skeleton directory $skeleton_dir"
>&2 echo "${display_indent}have a look at /System/Library/User\ Template/"
exit 12
fi
fi
# login shell
if [ $define_login_shell -eq 0 ] ; then
login_shell=`which bash`
fi
if [ ! -x "$login_shell" ] ; then
>&2 echo "$script_name: invalid shell \"$login_shell\""
exit 3
fi
# check inactive days
if [ $define_inactive_days -ne 0 ] ; then
non_numbers=`echo $inactive_days | $grep "[^0-9]"`
if [ -n "$non_numbers" ] ; then
>&2 echo "$script_name: invalid numeric argument \"$inactive_days\""
exit 3
fi
fi
# check expire date
if [ $define_expire_date -ne 0 ] ; then
date_ok=1
year=`echo $expire_date | $cut -d '-' -f 1`
if [ -z "$year" ] ; then
date_ok=0
fi
non_numbers=`echo $year | $grep "[^0-9]"`
if [ -n "$non_numbers" ] ; then
date_ok=0
fi
month=`echo $expire_date | $cut -d '-' -f 2`
if [ -z "$month" ] ; then
date_ok=0
fi
non_numbers=`echo $month | $grep "[^0-9]"`
if [ -n "$non_numbers" ] ; then
date_ok=0
fi
day=`echo $expire_date | $cut -d '-' -f 3`
if [ -z "$day" ] ; then
date_ok=0
fi
non_numbers=`echo $day | $grep "[^0-9]"`
if [ -n "$non_numbers" ] ; then
date_ok=0
fi
if [ $date_ok -eq 0 ] ; then
>&2 echo "$script_name: invalid date \"$expire_date\""
exit 3
fi
fi
# check that the script is run by root
check_uid
if [ $uID != 0 ] ; then
>&2 echo "$script_name: you must be root"
exit 10
fi
#-------------------------------------------------------------------------------
# display debug info
#
if [ $debug -ne 0 ] ; then
echo "Adding user $user"
echo "${display_indent}with UID $user_id"
if [ $override_user_id -ne 0 ] ; then
echo "${display_indent}${display_indent}overriding existing UID"
fi
echo "${display_indent}with GID $group_id ($initial_group)"
if [ $create_initial_group -ne 0 ] ; then
echo "${display_indent}${display_indent}to be created"
fi
if [ $define_other_groups -ne 0 ] ; then
echo "${display_indent}also member of groups: $other_groups"
fi
echo "${display_indent}with home directory $home_directory"
if [ $create_home_directory -ne 0 ] ; then
echo "${display_indent}${display_indent}to be created"
fi
if [ $copy_skeleton_dir -ne 0 ] ; then
echo "${display_indent}copying skeleton from $skeleton_dir"
fi
echo "${display_indent}with login shell $login_shell"
if [ $define_comment -ne 0 ] ; then
echo "${display_indent}with comment (real name) $comment"
fi
if [ $define_inactive_days -ne 0 ] ; then
echo "${display_indent}with inactive days $inactive_days before password expires"
fi
if [ $define_expire_date -ne 0 ] ; then
echo "${display_indent}with expire date $expire_date"
fi
if [ $define_password -ne 0 ] ; then
echo "${display_indent}with password $password"
fi
fi
#-------------------------------------------------------------------------------
# create the user
#
# create the user
$dscl . -create /Users/$user
# define UID
$dscl . -create /Users/$user UniqueID $user_id
# define GID
if [ $create_initial_group -eq 0 ] ; then
$dscl . -append /Groups/$initial_group GroupMembership $user
else
$dscl . -create /Groups/$initial_group
$dscl . -create /Groups/$initial_group PrimaryGroupID $group_id
$dscl . -create /Groups/$initial_group Password '*'
$dscl . -create /Groups/$initial_group GroupMembership $user
fi
# add to other groups
if [ $define_other_groups -ne 0 ] ; then
for group in $other_groups ; do
$dscl . -append /Groups/$group GroupMembership $user
done
fi
# define home directory
if [ $create_home_directory -ne 0 ] ; then
mkdir -p $home_directory
chown $user:$initial_group $home_directory
fi
$dscl . -create /Users/$user NFSHomeDirectory $home_directory
# copy skeleton directory
if [ $copy_skeleton_dir -ne 0 ] ; then
$ditto $skeleton_dir $home_directory
fi
# define login shell
$dscl . -create /Users/$user UserShell $login_shell
# define real name
if [ $define_comment -ne 0 ] ; then
$dscl . -create /Users/$user RealName $comment
fi
# define inactive days before password expires
if [ $define_inactive_days -ne 0 ] ; then
# niutil -createprop . /users/$user inactive $inactive_days
echo "Not setting \"inactive days\" property"
fi
# define expire date
if [ $define_comment -ne 0 ] ; then
# niutil -createprop . /users/$user expire $expire_date
echo "Not setting \"expire\" property"
fi
# set password
if [ $define_password -ne 0 ] ; then
$dscl . -passwd /Users/$user $password
fi
userdel
#!/bin/sh
################################################################################
# userdel
#
# This script emulates the useradd command that is
# standard in many UNIX like Operating Systems.
#
# This script should be placed in /usr/sbin
# it should be owned by root.admin and chmod 755
#-------------------------------------------------------------------------------
# constants
#
# define version number
version='2.0'
# define script name
script_name='userdel'
#-------------------------------------------------------------------------------
# find the shell utils wee need
#
# find dscl
dscl=`which dscl`
if [ ! -x "$dscl" ] ; then
>&2 echo "$script_name: unable to find/use dscl"
exit 10
fi
# find cut
cut=`which cut`
if [ ! -x "$cut" ] ; then
>&2 echo "$script_name: unable to find/use cut"
exit 10
fi
# find grep
grep=`which grep`
if [ ! -x "$grep" ] ; then
>&2 echo "$script_name: unable to find/use grep"
exit 10
fi
# find sed
sed=`which sed`
if [ ! -x "$sed" ] ; then
>&2 echo "$script_name: unable to find/use sed"
exit 10
fi
# find rm
rm=`which rm`
if [ ! -x "$rm" ] ; then
>&2 echo "$script_name: unable to find/use rm"
exit 10
fi
#-------------------------------------------------------------------------------
# check if the scripts is run by the root user
#
check_uid() {
if [ "`whoami`" = root ] ; then
uID=0
else
if [ "$uID" = "" ] ; then
uID=-1
fi
fi
export uID
}
#-------------------------------------------------------------------------------
# display script usage
#
display_usage()
{
>&2 echo "Usage: $script_name [-r] user"
exit $1
}
#-------------------------------------------------------------------------------
# display script version
#
display_version()
{
>&2 echo "$script_name: version $version by Francois Corthay"
>&2 echo "based on $script_name by Chris Roberts"
exit $1
}
################################################################################
# Command line parameters
#
# get command line parameters
remove_directory=0
while getopts ":hvr-:" opt ; do
case $opt in
h ) display_usage 0 ;;
v ) display_version 0 ;;
r ) remove_directory=1 ;;
- ) case $OPTARG in
help )
display_usage 0 ;;
version )
display_version 0 ;;
* )
display_usage 2 ;;
esac ;;
? ) >&2 echo "$script_name: invalid option $1"
display_usage 2 ;;
esac
done
shift $(($OPTIND - 1))
user="$1"
# check for the existence of the "user" parameter
if [ -z "$user" ] ; then
display_usage 2
fi
# check that the user exists
if [ `$dscl . -list /Users | $grep -c "^$user$"` -eq 0 ] ; then
>&2 echo "$script_name: user \"$user\" not found"
exit 6
fi
# check if the user runs applications
if [ `ps aux | $grep -c "^$user "` -ne 0 ] ; then
>&2 echo "$script_name: user \"$user\" is currently logged in"
exit 8
fi
# check that the script is run by root
check_uid
if [ $uID != 0 ] ; then
>&2 echo "$script_name: you must be root"
exit 10
fi
#-------------------------------------------------------------------------------
# delete the user
#
# delete the home directory
if [ $remove_directory -ne 0 ]; then
home_directory=`dscl . -read /Users/$user | grep NFSHomeDirectory | sed -e 's/.*: //'`
$rm -rf $home_directory
fi
# delete the user
$dscl . -delete /Users/$user
# remove the user from all groups
group_list=`$dscl . -list /Groups`
for group in $group_list ; do
group_members=`$dscl . -read /Groups/$group GroupMembership`
if [ `echo "$group_members" | grep -c 'GroupMembership: '` -ne 0 ] ; then
group_members=`echo "$group_members" | $sed -e 's/.*GroupMembership: //'`
# echo "$group: $group_members"
fi
remove_user=0
for member in $group_members ; do
if [ "$member" = "$user" ] ; then
remove_user=1
fi
done
if [ $remove_user -ne 0 ] ; then
# echo "removing $user in group $group"
$dscl . -delete /Groups/$group GroupMembership $user
fi
done
