How do I create user accounts from the Terminal in Mac OS X 10.5?

Solution 1:

Use the dscl command. This example would create the user "luser", like so:

dscl . -create /Users/luser
dscl . -create /Users/luser UserShell /bin/bash
dscl . -create /Users/luser RealName "Lucius Q. User"
dscl . -create /Users/luser UniqueID "1010"
dscl . -create /Users/luser PrimaryGroupID 80
dscl . -create /Users/luser NFSHomeDirectory /Users/luser

You can then use passwd to change the user's password, or use:

dscl . -passwd /Users/luser password

You'll have to create /Users/luser for the user's home directory and change ownership so the user can access it, and be sure that the UniqueID is in fact unique.

This line will add the user to the administrator's group:

dscl . -append /Groups/admin GroupMembership luser

Solution 2:

(This answer should be considered an addendum to fill in some blanks in palmer's procedure)

To pick an unused UniqueID for you new user, you could use:

maxid=$(dscl . -list /Users UniqueID | awk 'BEGIN { max = 500; } { if ($2 > max) max = $2; } END { print max + 1; }')
newid=$((maxid+1))

...then use the sequence of dscl commands palmer gave to create the account, and then create the new user's home directory with:

cp -R /System/Library/User\ Template/English.lproj /Users/luser
chown -R luser:staff /Users/luser
if [[ "$(sw_vers -productVersion)" != 10.[0-5].* ]]; then
    # Set ACL on Drop Box in 10.6 and later
    chmod +a "user:luser allow list,add_file,search,delete,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,writesecurity,chown,file_inherit,directory_inherit" /Users/luser/Public/Drop\ Box
fi

(there is a createhomedir command, but it didn't work when I tested it.)

---

Solution 3:

If you have a bunch of users to create, it is possible to create a structured text file and pass it to dsimport to do the job.

Apple's Command-Line Administration Guide has a whole chapter on users and groups.

---

Solution 4:

Another way to pick and choose a unique user ID before creating an account is just to look through the list and check that the one you want to use is not there:

 sudo dscl . list /Users uid
 sudo dscl . list groups gid

Handy if you need to use a certain ID

---

Solution 5:

I've leveraged the different answers here to come up with what I think is a nice script to create user accounts. Admittedly, this isn't designed for running a command at a time from ssh; it is moreso designed to be a script run when compiling a package-based image of OS X (as created by Casper Imaging or InstaDMG).

#!/bin/bash
# This script creates a user account under Mac OS X
# (tested with 10.5 and 10.6; likely works with 10.4 but not earlier)
# Written by Clinton Blackmore, based on work at
# http://serverfault.com/questions/20702

# === Typically, this is all you need to edit ===

USERNAME=joeadmin
FULLNAME="Joe Admin"
PASSWORD="hard_to_hack"

# A list of (secondary) groups the user should belong to
# This makes the difference between admin and non-admin users.
# Leave only one uncommented
#SECONDARY_GROUPS=""  # for a non-admin user
SECONDARY_GROUPS="admin _lpadmin _appserveradm _appserverusr" # for an admin user

# ====

if [[ $UID -ne 0 ]]; then echo "Please run $0 as root." && exit 1; fi

# Find out the next available user ID
MAXID=$(dscl . -list /Users UniqueID | awk '{print $2}' | sort -ug | tail -1)
USERID=$((MAXID+1))

# Create the user account
dscl . -create /Users/$USERNAME
dscl . -create /Users/$USERNAME UserShell /bin/bash
dscl . -create /Users/$USERNAME RealName "$FULLNAME"
dscl . -create /Users/$USERNAME UniqueID "$USERID"
dscl . -create /Users/$USERNAME PrimaryGroupID 20
dscl . -create /Users/$USERNAME NFSHomeDirectory /Users/$USERNAME

dscl . -passwd /Users/$USERNAME $PASSWORD


# Add use to any specified groups
for GROUP in $SECONDARY_GROUPS ; do
    dseditgroup -o edit -t user -a $USERNAME $GROUP
done

# Create the home directory
createhomedir -c > /dev/null

echo "Created user #$USERID: $USERNAME ($FULLNAME)"

The script does let you specify which groups a user should belong to. It appears to me that this might differ depending upon the version of OS X you are running. I get different results when I run id as an admin on OS X 10.6 than I do when running as an admin on OS X 10.5.