Mac dscl - Sandip's Notes

# [[Mac dscl]] _Created: 2025-07-31_ | #osx #mac | [[Mac OSX System Administration]] The `dscl` (Directory Service Command Line) utility is a powerful tool for querying and managing macOS's directory services. When using `dscl`, remember: 1. The `.` parameter specifies the local directory node 2. Common paths are `/Users`, `/Groups`, `/Computers` 3. Common operations are `-read`, `-list`, `-search`, `-create`, `-delete`, `-append`, `-merge` 4. Modifying operations (create, delete, etc.) usually require sudo 5. Some attributes might be hidden or require special permissions to view ## View all attributes for your user ```shell-session $ dscl . -read /Users/$USER|tail Password: ******** Picture: /Library/User Pictures/Flowers/Whiterose.heic PrimaryGroupID: 20 RealName: Sandip Bhattacharya RecordName: sandipb com.apple.idms.appleid.prd..... RecordType: dsRecTypeStandard:Users UniqueID: XXX UserShell: /bin/bash ``` A single attribute: ```shell-session $ dscl . -read /Users/$USER UserShell UserShell: /bin/bash ``` ## User groups ```shell-session $ dscl . -list /Groups GroupMembership | grep $USER _appserveradm sandipb _appserverusr sandipb _lpadmin sandipb access_bpf sandipb admin root sandipb ``` ## All users on the system ```shell-session $ dscl . -list /Users | tail _webauthserver _windowserver _www _wwwproxy _xserverdocs daemon nobody root sandipb ``` ## All groups ```shell-session $ dscl . -list /Groups | tail nogroup operator owner procmod procview staff sys tty utmp wheel ``` ## Info about a specific group ```shell-session $ dscl . -read /Groups/admin AppleMetaNodeLocation: /Local/Default ... GroupMembership: root sandipb Password: * PrimaryGroupID: 80 RealName: Administrators RecordName: admin BUILTIN\Administrators RecordType: dsRecTypeStandard:Groups SMBSID: S-1-5-32-544 ``` ## All users with shell access ```shell-session $ dscl . -list /Users UserShell | grep -v "/usr/bin/false" _mbsetupuser /bin/bash _uucp /usr/sbin/uucico root /bin/sh sandipb /bin/bash ``` ## Other uses ```bash # Search for users with specific attribute dscl . -search /Users RealName "John" # List all record types dscl . -list / # List all attributes for a user (including hidden ones) dscl . -read /Users/$USER # Get a user's password policy dscl . -read /Users/$USER accountPolicyData # List all authentication authorities dscl . -read /Users/$USER AuthenticationAuthority ```