Tuesday, September 19, 2006

Mac OSX Tiger unix groups

Step 1 in setting up the development environment on my Mac OSX Tiger system was to make the common directories needed for development shared among both developers. By default, Tiger will create files/directories as writable by only your user and your group (same as username). So for both developers to be able to use tomcat for example, I added group read/write to all tomcat files and directories. Also had to chgrp all files/directories to a common group for both of us as well. At first I read that I could use the "staff" group, because as I read all users should be added to this group by default. On my Tiger installation though, I was sad to see that only the user root was a part of that group.

Adding new groups and associating users to groups using the Mac OSX UI is very difficult, if not impossible. When adding a user I was surprised there was no option to specify the groups that user should be a part of. Tiger has an application until the Utilities folder called "NetInfo Manager" which manages what unix people would recognize as the /etc/passwd and /etc/groups files among other things, from here you can add new user and group, but there was no clear way to associate multiple users to a group using the tool (for current ones, it displayed a comma-separated list of users within parenthesis, and a drop down denoting the users, but I could not create a drop down using the tool). Another dead end. Finally I found the answer in a couple of obscure command line programs (can be found in Mac OSX for Unix Geeks) called nicl and nireport. Here is what I did to add both users to the "staff" group, and created a group just for development of our project called "developer" and it worked...

To add user1 and user2 to the group "staff":
# nicl / -merge /groups/staff users user1 user2

To get a list of all current groups and gid's (so you know which gid to assign next, use the max here + 1):
# nireport . /groups gid name

To create a new group called "developer" (assuming the highest gid in the previous step was 502):
# nicl / create /groups/developer gid 503
# nicl / create /groups/developer passwd '*'

To add user1 and user2 to the group "developer":
# nicl / -merge /groups/developer users user1 user2

Next time you login to the shell, type "groups" and the new groups should show up for either user1 or user2.

No comments: