2/12/2023 0 Comments Useradd mac os x terminal![]() Pass '-' instead of password in commands above to request prompt. 10:37:26.434 sysadminctl Boot volume APFS FDE: YESThe help page is as follows: ![]() 10:37:26.401 sysadminctl Boot volume CS FDE: NO You can also use sysadminctl to do a quick check of the encryption state of the boot volume using the -filesystem option (although there’s no on and off verb for this option just yet): Sysadminctl -secureTokenStatus charles.edge 2>&1 | awk ''To then disable if it isn’t already disabled: To just get the ENABLED response we’ll just use awk to grab that position (also note that we have to redirect stderr to stdout): There is an x for the password field indicating that the system is using shadow. Secure token is ENABLED for user Charles Edge where options are command-line options as described in Common useradd. Simply pass the RecordName and you’ll get an indication if it’s on or off: To see if it can unlock FileVault we can use the -secureTokenStatus operator built into sysadminctl. But if it were, you would not have the AuthenticationAuthority attribute. Notice that the above is not the whole record you’d typically find with dscl. read /Users/krypted2Here’s a snippet of the dscl output: ![]() We could have passed those as well, using Now let’s use dscl to view the user we just created:ĭscl. Notice that in the above, the system automatically selected a home directory and UID. No clear text password or interactive option was specified (adduser, change/reset password will not allow user to use FDE) !Ĭreating home directory at /Users/krypted2 Sysadminctl -addUser krypted2 -fullName "Charles Edge" -password testinguser -hint hi In the below command, we’ll pass the -addUser option and then use -fullName to fill in the displayed name of the user, -password to send a password to the account and -hint so we can get a password hint into that attribute: You have to do so with other admin accounts per Apple kbase HT208171 (in fact, this article has been in my queue waiting for that issue to be fixed – but keep in mind I’m not prefacing these with sudo in the below commands). However, you can’t do these tasks as root or via sudo. Now you can create a user with a one-liner, and do other forms of user management, such as enabling FileVault for a given user, or managing the guest accounts. MacOS 10.13 brings changes to sysadminctl. You know those dscl scripts we used to use to create users? No longer supposed to be necessary (luckily they do still work).
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |