98

Administering and Creating Accounts

A user account stores data that Mac OS X Server needs to validate the user’s identity and provide services for the user. This section provides an overview of user accounts.

User accounts, as well as group accounts and computer lists, can be stored in any Open Directory domain accessible from any Mac OS X computer. A directory domain can reside on a Mac OS X computer (for example, the LDAP folder of an Open Directory master, a NetInfo domain, or other read/write directory domain) or it can reside on a non-Apple server (for example, a non-Apple LDAP or Active Directory server). This section describes how to administer user accounts stored in various kinds of directory domains.

Creating a Local Administrator User Account for a Server

Users with server or directory domain administration privileges are known as administrators. An administrator can be a server administrator, domain administrator, or both. Server administrator privileges determine whether a user can view info about or change the settings of a particular server. Domain administrator privileges determine the extent to which the user can view or change the account settings for users, groups, and computer lists in the directory domain.

You can use the serversetup tool to create local administrator users for a server. The serversetup tool is located in /System/Library/ServerSetup/ and it is not in the local path, so you have to provide the path to it. You also have to run it as root.

To create nonadministrator users, see “Creating a Nonadministrator User Account” on page 100. To create administrator users in a network directory domain, see “Creating a Domain Administrator User Account” on page 99.

To create a local administrator user account:

$ sudo /System/Library/ServerSetup/serversetup -createUser fullname

shortname password

The name, short name, and password must be entered in the order shown. If the full name includes spaces, enter it in quotes.

The command displays a 0 if successful, or a 1 if the full name or short name is already in use.

To create an local administrator user with a specific UID:

$ sudo /System/Library/ServerSetup/serversetup -createUserWithID fullname

shortname password uid

The name, short name, password, and UID must be entered in the order shown. If the full name includes spaces, enter it in quotes.

The command displays a 0 if successful, or a 1 if the full name, short name, or UID is already in use or if the UID you specified is less than 100.

Chapter 8 Working with Users and Groups

Page 98
Image 98
Apple Mac OS X Server manual Administering and Creating Accounts, Creating a Local Administrator User Account for a Server