site_archiver@lists.apple.com Delivered-To: darwin-dev@lists.apple.com On Thu, Aug 20, 2009 at 15:00, Tim Murison<tim.murison@radialpoint.com> wrote:

...

If you want just local accounts that can log in, use     dscl /Local/Default -search Users PrimaryGroupID 20

Thanks for the suggestion.

Does the system require that a user be a member of the gid=20 ("Users") group to log in? I guess the crux of my question would be, is this what Apple uses to populate the accounts system preferences dialog?

On my MacBook, with a mobile account: [mo@pip ~]$ dscl /Local/Default -search Users PrimaryGroupID 20 admin PrimaryGroupID = ( 20 ) nonadmin PrimaryGroupID = ( 20 ) sysop PrimaryGroupID = ( 20 ) “admin” is also a mobile account, but has logged into this Mac in the past and possibly has screwed up group membership (my OD master was originally a Linux box running OpenLDAP which was hand-configured). “nonadmin” (a test account) and “sysop” (local administrator account) are both local accounts. My account isn't in the list, however, nor are others in the directory (the default primary group is “everyone”, IIRC). In other words, although it's _possible_ for an AD or OD user to have a primary GID of 20, they wouldn't do ordinarily. Similarly, although it's possible for a local user to have a GID which isn't 20, you have to go to some trouble to configure them that way for no appreciable benefit. M. -- http://nevali.net _______________________________________________ Do not post admin requests to the list. They will be ignored. Darwin-dev mailing list (Darwin-dev@lists.apple.com) Help/Unsubscribe/Update your Subscription: http://lists.apple.com/mailman/options/darwin-dev/site_archiver%40lists.appl... This email sent to site_archiver@lists.apple.com