site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com On Aug 10, 2009, at 1:46 PM, Tim Murison wrote: Hi, If you want to be accurate, it's a tricky one! -geoff ______________________________________ Geoff Lee <G.Lee@ed.ac.uk> Computing Support School of Arts, Culture and Environment University of Edinburgh 20 Chambers St, Edinburgh, Scotland, EH1 1JZ Tel: +44 (0)131 650 2341 ______________________________________ -- The University of Edinburgh is a charitable body, registered in Scotland, with registration number SC005336. _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... I'm trying to determine how to get a list of BSD user ids that can login to the machine, either with a GUI or via ssh. My current approach is to build something like the 'dscacheutil -q user' command filtering on users who have a valid shell. I'm thinking that a valid shell would be determined by looking in the /etc/shells file. Is there a better way of doing this? This will work to an extent, but it's worth bearing in mind that if you're connected to a directory service like Active Directory, you'll only get the first 1000 users back (for some definition of 'first') out of potentially a lot more. You possibly also want to take into account (doubtless among other things) the contents of the com.apple.access_ssh and com.apple.acess_loginwindow groups, the contents of /etc/sshd_config and the status of the user's password (with regard to policy), all of which can affect whether a user can log in. This email sent to site_archiver@lists.apple.com