Apple Mac OS X Server Creating a Group Account

Chapter 8 Working with Users and Groups 111

Creating a Group Account

You can create a new group account by using dscl and other tools. When you create a

group account via the command line, you must also set values for basic attributes of a

group account, such as short name and group ID.

To add a group account:

1Identify an unused group ID by entering the following command to display a list of

assigned group IDs.

$ dscl /LDAPv3/

ipaddress

-list /Groups PrimaryGroupID | awk '{print $2}' |

sort -n

Replace

ipaddress

with the location of your directory domain (the way it is displayed

in the search path in Directory Access). If you connect to a NetInfo domain, use:

$ dscl /NetInfo/root -list /Groups gid | awk ‘{print $2}’ | sort -n.

After you enter the command, the dscl tool displays a list of assigned IDs similar to the

following output:

-2

0

1

99

25

26

27

70

71

76

77

78

79

501

Important: Pick an ID that isn’t on either list, and that is greater than 501.

2Start the dscl tool in interactive mode, specifying the computer you are using as the

source of directory service data:

$ dscl localhost

>

3Change the current folder to /LDAPv3/ipaddress/Groups by entering the path at the

prompt:

> cd /LDAPv3/

ipaddress

/Groups

Replace

ipaddress

with the IP address of your directory server. If using a NetInfo

directory domain, enter cd /NetInfo/root/Groups at the prompt.

Contents

Main K Contents Page Page Page Page Page Page Page Page Page Page Page About This Guide Using This Guide Understanding Notation Conventions Summary Commands and Other Terminal Text Command Parameters and Options Default Settings Commands Requiring Root Privileges Getting Documentation Updates Getting Additional Information Page Page Opening Terminal Specifying Files and Folders Modifying Flow Control Redirecting Input and Output Using Environment Variables Executing Commands and Running Tools Correcting Typing Errors Repeating Commands Including Paths Using Drag and Drop Searching for Text Within a File Commands Requiring Root Privileges Terminating Commands Scheduling Tasks Sending Commands to a Remote Computer Viewing Command Information Page Page In this chapter you will find commands you can use to connect to remote computers. Understanding Secure Shell How SSH Works Password-Less Logins Using SSH Keys Updating SSH Key Fingerprints What is an SSH Man-in-the-Middle Attack? Controlling Access to SSH Service Connecting to a Remote Computer Using SSH Using Telnet Finishing Basic Setup Installing Server Software Locating Computers for Installation Specifying the Target Computer Volume Preparing the Target Volume for a Clean Installation Installing from Multiple CDs Restarting After Installation Automating Server Setup Creating a Configuration File Page Working with an Encrypted Configuration File Customizing a Configuration File Page Chapter 3 Installing Server Software and Finishing Basic Setup 45 46 Chapter 3 Installing Server Software and Finishing Basic Setup Storing a Configuration File in an Accessible Location Configuring the Server Remotely from the Command Line Changing Server Settings Using the serversetup Tool Using the serveradmin Tool General and Network Preferences Viewing, Validating, and Setting the Software Serial Number Updating Server Software Moving a Server Page Computer Restarting a Computer Automatic Restart Changing a Remote Computers Startup Disk Shutting Down a Computer Manipulating Open Firmware NVRAM Variables Monitoring and Restarting Critical Services Page Preferences Viewing or Changing the Computer Name Viewing or Changing the Date and Time Viewing or Changing the System Date Viewing or Changing the System Time Viewing or Changing the System Time Zone Viewing or Changing Network Time Server Usage Viewing or Changing the Energy Saver Settings Viewing or Changing Sleep Settings Viewing or Changing Automatic Restart Settings Changing the Power Management Settings Viewing or Changing the Startup Disk Settings Viewing or Changing the Sharing Settings Viewing or Changing Remote Login Settings Viewing or Changing Apple Event Response Viewing or Changing the International Settings Viewing and Changing the Login Settings In this chapter you will find commands you can use to change the network settings on a server. Configuring Network Interfaces Managing Network Interface Information Viewing Port Names and Hardware Addresses Viewing or Changing MTU Values Viewing or Changing Media Settings Managing Network Port Configurations Creating or Deleting Port Configurations Activating Port Configurations Changing Configuration Precedence Managing TCP/IP Settings Changing a Servers IP Address Viewing or Changing IP Address, Subnet Mask, or Router Address Page Chapter 6 Setting Network Preferences 69 Viewing or Changing DNS Servers To change the DNS servers for port en0: To view the DNS servers for a particular port or device: To change the DNS servers for a particular port or device: To list the DNS servers for a configuration: Enabling TCP/IP Working with VLANs IEEE 802.3ad Ethernet Link Aggregation Page Managing AppleTalk Settings Managing SNMP Settings Installing SNMP Starting SNMP Configuring SNMP Collecting SNMP Information from the Host Managing Proxy Settings Viewing or Changing FTP Proxy Settings Viewing or Changing Web Proxy Settings Viewing or Changing Secure Web Proxy Settings Viewing or Changing Streaming Proxy Settings Viewing or Changing Gopher Proxy Settings Viewing or Changing SOCKS Firewall Proxy Settings Managing AirPort Settings Managing the Computer, Host, and Bonjour Names Computer Name Hostname Bonjour Name Managing Preference Files and the Configuration Daemon Changing Network Locations Page In this chapter you will find commands that are used to initialize and test disks and volumes. Understanding Disks, Partitions, and the File System Mounting and Unmounting Volumes Mounting Volumes Unmounting Volumes Displaying Disk Information Monitoring Disk Space Reclaiming Disk Space Using Log-Rolling Scripts Erasing, Modifying, Verifying, and Repairing Disks Page Partitioning and Formatting Disks Partitioning a Disk Labeling a Disk Formatting a Disk Checking for Disk Problems Managing Disk Journaling Checking to See If Journaling is Enabled Enabling Journaling for an Existing Volume Enabling Journaling When You Erase a Disk Disabling Journaling Understanding Spotlight Technology Enabling and Disabling Spotlight Performing Spotlight Searches Controlling Spotlight Indexing Managing RAID Volumes Imaging and Cloning Volumes Using ASR Page In this chapter you will find commands you can use to set up and manage user and group accounts. Understanding Accounts Administering and Creating Accounts Creating a Local Administrator User Account for a Server Creating a Domain Administrator User Account Checking a Users Administrator Privileges Creating a Nonadministrator User Account Page Page Retreiving a Users GUID Removing a User Account Revoking a Users Right to Access His or Her Account Page Checking a Server Users Name, UID, or Password Modifying a User Account Creating a Mobile User Account Managing Home Folders Administering Group Accounts Creating a Group Account Removing a Group Account Adding a User to a Group Removing a User from a Group Chapter 8 Working with Users and Groups 115 the group named officegroup has users mchen, ajohnson, and bmiller as members: ajohnson ajguid 6Review the new settings of the group: longer a group member, similar to the following output: Creating and Deleting Nested Group Editing Group Records Creating a Group Folder Viewing the Workgroup a User Selects at Login Importing Users and Groups Creating a Character-Delimited User Import File Page Page Setting Permissions Viewing Permissions Setting the umask for Individual Users Changing Permissions Changing the Owner Changing the Group Securing System Accounts Securing Initial System Accounts Securing the Root Account Restricting Use of the sudo Tool Securing Single-User Boot Setting Password Policy To change a users password: To view the global password policy: To set the minimum password length to 5 characters: To set a more secure global password policy: Finding User Account Information Page In this chapter you will find commands you can use to create share points and manage file services. Managing Share Points 134 Chapter 9 Working with File Services path Listing Share Points To list existing share points: Creating a Share Point To create a share point: Modifying a Share Point To change share point settings: Disabling a Share Point Managing the AFP Service Starting and Stopping AFP Service Checking AFP Service Status Viewing AFP Settings Changing AFP Settings The following table lists AFP settings as they appear using serveradmin. You can change AFP service settings using the serveradmin tool. List of AFP Settings Page Page List of AFP serveradmin Commands examples in the following sections for details on how to use these commands. In addition to the standard start, stop, status, and settings commands, you can use Listing Connected Users The computer will respond with the following array of settings displayed for each connected user: Sending a Message to AFP Users Disconnecting AFP Users The computer will repond with the following output: Canceling a User Disconnect You can use the cancelDisconnect command with the serveradmin tool to cancel a scheduled to be disconnected. To cancel a user disconnect: Listing AFP Service Statistics Viewing AFP Log Files Managing the NFS Service Starting and Stopping NFS Service Checking NFS Service Status Viewing NFS Service Settings Changing NFS Service Settings Managing the FTP Service Starting FTP Service Stopping FTP Service Checking FTP Service Status Viewing FTP Service Settings Changing FTP Service Settings You can change FTP service settings using the serveradmin tool. List of FTP Service Settings Use the following parameters with the serveradmin tool to change settings for the FTP Page List of FTP serveradmin Commands Viewing the FTP Transfer Log Checking for Connected FTP Users Managing the SMB/CIFS Service Starting and Stopping SMB/CIFS Service Checking SMB/CIFS Service Status Viewing SMB/CIFS Service Settings Changing SMB/CIFS Service Settings You can change SMB/CIFS service settings using the serveradmin tool. List of SMB/CIFS Service Settings Use the following parameters with the serveradmin tool to change settings for the SMB/CIFS service. Page Page List of SMB/CIFS serveradmin Commands Listing SMB/CIFS Users The computer will respond with the folowing array of settings displayed for each connected user: Disconnecting SMB/CIFS Users Listing SMB/CIFS Service Statistics Updating Share Point Information Viewing SMB/CIFS Service Logs Managing ACLs Using chmod to Modify ACLs The following are some of the common permissions you can assign to files: The following are the permissions applicable to folders: Page Page In this chapter you will find commands you can use to configure and manage the print service. Understanding the Print Process Performing Print Service Tasks Starting and Stopping Print Service Checking the Status of Print Service Viewing Print Service Settings Changing Print Service Settings Page Page The following is an example of a queue array parameter block: Note: In the example above, my_printer refers to the CUPS queue id. Managing the Print Service Listing Queues You can use the serveradmin getQueues command to list print service queues. Pausing a Queue You can use the serveradmin setQueueState command to pause or release a queue. To pause a queue: To release the queue: Holding a Job Viewing Print Service Log Files Viewing Cover Pages Page and System Images Understanding the NetBoot Service Starting and Stopping NetBoot Service 172 Chapter 11 Working with NetBoot Service and System Images Checking NetBoot Service Status To see if NetBoot service is running: To see complete NetBoot status: Viewing NetBoot Settings To list all NetBoot service settings: Changing General Netboot Service Settings A volume parameter array. Storage Record Array Filters Record Array Image Record Array Port Record Array Note: NetBoot 1.0 and 2.0 can run on the same network interface simultaneously. Working with System Images Updating an Image Booting from an Image Using hdiutil to Work with System Images Using asr to Restore System Images Imaging Multiple Clients Using Multicast asr Choosing a Boot Device Using systemsetup In this chapter you will find commands you can use to manage the mail service. Understanding the Mail Service Postfix Agent Cyrus Mailman Managing the Mail Service Starting and Stopping Mail Service Checking the Status of Mail Service Viewing Mail Service Settings Changing Mail Service Settings Mail Service Settings Use the following parameters with the serveradmin tool to change settings for the mail Page Page Page Page Page Page Page Page Page Page Page Mail serveradmin Commands You can use the following commands with the serveradmin tool to manage mail Listing Mail Service Statistics Viewing the Mail Service Logs Backing Up the Mail Files Reconstructing the Mail Database Setting Up SSL for Mail Service Generating a CSR and Creating a Keychain Page Obtaining an SSL Certificate Importing an SSL Certificate into the Keychain Accessing the Server Certificates Creating a Password File Configuring Mailboxes Enabling Sieve Scripting Enabling Sieve Support 204 Chapter 12 Working with the Mail Service Self-Defined Forwarding Script Basic Sort and Anti-Junk Mail Filter Script Page Page Understanding Web Technology Managing the Web Service Starting and Stopping Web Service Checking Web Service Status Viewing Web Settings Changing Web Settings serveradmin and Apache Settings Changing Settings Using serveradmin Web serveradmin Commands Listing Hosted Sites Viewing Service Logs Viewing Service Statistics Page Example Script for Adding a Website Tuning the Server Performance Working with Application Servers and Java Apache Tomcat JBoss Server MySQL Database Page Managing Network Services Managing the DHCP Service Starting and Stopping DHCP Service Checking the Status of DHCP Service Viewing DHCP Service Settings Changing DHCP Service Settings To see a list of available service settings: To change several DHCP settings at once: DHCP Service Settings Use the following parameters with the serveradmin tool to change settings for the DHCP service. DHCP Subnet Settings Array Page 222 Chapter 14 Working with Network Services Adding a DHCP Subnet Subnet Parameter Adding a DHCP Static Map List of DHCP serveradmin Commands Viewing the DHCP Service Log Managing the DNS Service Starting and Stopping the DNS Service Checking the Status of DNS Service Viewing DNS Service Settings Changing DNS Service Settings DNS Service Settings List of DNS serveradmin Commands Viewing the DNS Service Log Listing DNS Service Statistics Configuring IP Forwarding Managing the Firewall Service Firewall Startup Starting and Stopping Firewall Service Checking the Status of Firewall Service Viewing Firewall Service Settings Changing Firewall Service Settings Firewall Service Settings Defining Firewall Rules The unmodified ipfw.conf file: 232 Chapter 14 Working with Network Services 2Deny access to a range of IP addresses associated with cracker.evil.org. An example of this would be similar to the following: ipfilter Rules Array Firewall serveradmin Commands You can use the following commands with the serveradmin tool to manage the firewall Viewing Firewall Service Log Using Firewall Service to Simulate Network Activity Managing the NAT Service Starting and Stopping NAT Service Checking the Status of NAT Service Viewing NAT Service Settings Changing NAT Service Settings NAT Service Settings Use the following parameters with the serveradmin tool to change settings for NAT NAT serveradmin Commands You can use the following commands with the serveradmin tool to manage NAT Port Mapping Viewing the NAT Service Log Managing the VPN Service Starting and Stopping VPN Service Checking the Status of VPN Service Viewing VPN Service Settings Changing VPN Service Settings List of VPN Service Settings Use the following parameters with the serveradmin tool to change settings for VPN Page Page List of VPN serveradmin Commands You can use the following commands with the serveradmin tool to manage VPN Viewing the VPN Service Log Site-to-Site VPN Configuring Site-to-Site VPN Adding a VPN Keyagent User Setting Up IP Failover IP Failover Prerequisites IP Failover Operation Enabling IP Failover Configuring IP Failover Enabling PPP Dial-In Restoring the Default Configuration for Server Services Page Page In this chapter you will find commands used to configure and manage the Open Directory service. Understanding Open Directory Using General Directory Tools Testing Your Open Directory Configuration Modifying a Directory Domain Testing Open Directory Plug-ins Registering URLs with SLP Changing Open Directory Service Settings Managing OpenLDAP Configuring LDAP Configuring slapd and slurpd Daemons Idle Rebinding Options Searching the LDAP Server 256 Chapter 15 Working with Open Directory To avoid this error, include the -x option when you enter the command. For example: Chapter 15 Working with Open Directory 257 Usually the namingContexts value is the first thing you want to determine. Using LDIF Files Additional Information About LDAP Managing NetInfo Configuring NetInfo Managing Open Directory Passwords Open Directory Password Server Kerberos and Apple Single Sign-On Page Using Directory Service Tools Operating on Directory Service Directory Domains Finding Network Information Manipulating a Single Named Group Record Adding or Removing LDAP Server Configurations Configuring the Active Directory Plug-In Page Streaming Server Starting and Stopping the QTSS Service Checking QTSS Service Status Viewing QTSS Settings Changing QTSS Settings Chapter 16 Working with QuickTime Streaming Server 269 QTSS Settings Look in the sample file for: Parameter (qtss:) Description Default = Page Page Managing QTSS You can use the following commands with the serveradmin tool to manage the QTSS Listing Current Connections Viewing QTSS Service Statistics Viewing Service Logs Forcing QTSS to Reread its Preferences Preparing Older Home Folders for User Streaming Configuring Streaming Security Resetting the Streaming Server Admin User Name and Password Controlling Access to Streamed Media Creating an Access File Page Accessing Protected Media Adding User Accounts and Passwords Adding or Deleting Groups Making Changes to the User or Group File Manipulating QuickTime and MP4 Movies Creating Reference Movies Page Configuring the Log File Configuring Your System Logging Local Logging Remote Logging Page Appendix PCI RAID Card Command Reference The megaraid tool uses are described in the following table, along with parameter explanations. Page Page Page Glossary Page Page Page Page Page Page Page Page Page Index Index A B C D E F G H I K L M N O P Q R S T U V W X