Specifications
Chapter 8 Managing User and Group Accounts 115
5 Remove the user by entering the following command, replacing ajohnson with the
short name of the user account, ajguid with ajohnson’s GUID, and officegroup with the
short name of the group account:
> delete
officegroup
GroupMembership
ajohnson
> delete
officegroup
GroupMembership
ajguid
6 Review the new settings of the group:
> read
officegroup
dscl displays the settings for the group, showing that the user you removed is no
longer a group member, similar to the following output:
dsAttrTypeNative:apple-generateduid:4B3A5678-E9C1-2EC3-4567-891D234E5678
dsAttrTypeNative:cn: officegroup
dsAttrTypeNative:gidNumber: 600
dsAttrTypeNative:MemberUid: mchen bmiller
dsAttrTypeNative:objectClass: posixGroup apple-group extensibleObject top
AppleMetaNodeLocation: /LDAPv3/ipaddress
GeneratedUID:4B3A5678-E9C1-2EC3-4567-891D234E5678
GroupMembers:2B3A4567-E8C9-9EC2-3456-789D123E4567 8B9A1234-E5C6-7EC8-9123-
456D78E9123
GroupMembership: mchen bmiller
Member: mchen bmiller
PasswordPlus:********
PrimaryGroupID: 600
RecordName: officegroup
RecordType: dsRecTypeStandard:Groups
7 Quit dscl by entering:
> quit
Creating and Deleting a Nested Group
Nested groups allow for one group (the child) to be a member of a second group
(the parent), inheriting the permissions and attributes of the parent group. Members of
a nested group become child members of the parent group.
You can create a nested group by using the dseditgroup tool with the -a option,
which adds the group record to the parent group.