OSX Directory Services from Command-line


New day, new command. dscl is the command in question. It gives you access to Mac OSX’s Directory Services Command Line interface. Very powerful stuff for those of us who like the command line and hate to do the same task a million times. A useful example is the ability to grant Administrator privileges to a user from command line. Normally you would have to pull up System Preferences/Accounts/Click User and check the “Allow user to administrate this computer” box. Well not anymore….Here is how:

  • First you probably want to check who is an admin on the machine in question:
    • dscl . read /Groups/admin GroupMembership
  • Next you might want to add a user (we call him uberuser here) to the admin list:
    • dscl . append /Groups/admin GroupMembership uberuser
  • And maybe you want to revoke the admin privileges for user uberguber:
    • dscl . delete /Groups/admin GroupMembership uberguber
  • To see all the Directory information for user www:
    • dscl . -read /Users/www
  • To see all the Directory information about group admin:
    • dscl . -read /Groups/admin

There are probably a ton more things you can do with dscl, but that’s beyond the scope of this article (and my knowledge)…..so man dscl and have fun reading.

, ,

Leave a Reply