Specifications
Chapter 8 Managing User and Group Accounts 111
Creating a Group Account
You can create a group account by using dscl and other tools. When you create a
group account via the command line, you must also set values for basic attributes of a
group account, such as short name and group ID.
To add a group account:
1 Identify an unused group ID by entering the following command to display a list of
assigned group IDs.
$ dscl /LDAPv3/
ipaddress
-list /Groups PrimaryGroupID | awk '{print $2}' |
sort -n
Replace
ipaddress
with the location of your directory domain (the way it appears in
the search path in Directory Access).
After you enter the command, the dscl tool displays a list of assigned IDs similar to the
following output:
-2
0
1
25
78
79
501
Important: In this example, select an ID that isn’t on the list, and that is greater than
501.
2 Start the dscl tool in interactive mode, specifying the computer you are using as the
source of directory service data:
$ dscl localhost
>
3 Change the current folder to /LDAPv3/ipaddress/Groups by entering the path at the
prompt:
> cd /LDAPv3/
ipaddress
/Groups
Replace
ipaddress
with the IP address of your directory server.
4 Authenticate as an administrator by entering the following command, replacing
adminusername with your administrator user name, and entering your administrator
password when prompted:
> auth
adminusername
5 Create a group, replacing officegroup with the new group account’s short name, and
specify the group ID, replacing 600 with the primary group ID.
> create
officegroup
PrimaryGroupID
600