May I have a list of "System" group names, and their respective gid(s)?

macos command-line system-prefs group

I know there are group names such as "Staff" and "Admin", but are those the only ones? I suspect that the root user should also be assigned in a group. Using the command dscacheutil -q user tells me the gid of root - 0. And if a user account is an admin, then isn't it in both "Admin" and "Staff" group(s)?

By running the command ls -la /Users, I get the following output:

Nicholass-MacBook:~ Ee$ ls -la /Users
total 32
drwxr-xr-x  12 root     admin    408 Nov  3 15:11 .
drwxr-xr-x@ 35 root     wheel   1258 Oct 29 20:21 ..
-rw-r--r--@  1 root     admin  12292 Oct 27 09:02 .DS_Store
-rw-r--r--   1 root     wheel      0 Aug 25 16:58 .localized
drwxrwx---   5 root     admin    170 Nov  3 08:00 Deleted Users
drwxr-xr-x+ 21 Ee       staff    714 Nov  3 08:06 Ee
drwx------+ 84 root     admin   2856 Oct 26 06:49 Ee (Deleted)
drwxr-xr-x+ 11 EeJ      staff    374 Nov  3 15:07 EeJ
drwxr-xr-x+ 14 900      admin    476 Oct 24  2012 Ee******** (Deleted)
drwxr-xr-x   3 root     admin    102 Oct 27 06:50 Old Ee (frm Snow Leopard)
drwxr-xr-x+ 11 ParAcnt  staff    374 Nov  3 15:11 ParAcnt
drwxrwxrwt   6 root     wheel    204 Nov  1 18:18 Shared

The command dscacheutil -q group will output all groups with their name, ID numbers, and list of members. Be warned, when I say it will output all the groups, I mean all the groups, including built-in system ones mortals were never meant to see. I'm just saying, don't freak out there are so many groups for a single-user system.

root as the superuser is in a group by itself and also implicitly a member of every other group. Any user account can be a member of multiple groups. On my system the only member of staff is root; admins are all in the admin group. wheel is another group name you'll frequently see for some system files; it's a popular group name on Linux systems to assign to files so that admins can edit them without using their password in sudo.

It should also be noted that Mac OS X supports access control lists that provide more granular control over file permissions than traditional Unix permissions; IIRC the + in the file permissions list indicates there are such extended permissions associated with the file.


Alternative methods for listinggroupsand theirgid:

List sorted by group name:

dscl . list /Groups PrimaryGroupID

List sorted by group gid:

dscl . list /Groups PrimaryGroupID | tr -s ' ' | sort -n -t ' ' -k2,2

List groups with members:

dscl . list /Groups GroupMembership

Note: neither dscacheutil nor dscl list members of the group staff other than root. Use dsmemberutil to confirm a member belongs to the group staff.

Example a user with uid 501:

dsmemberutil checkmembership -u 501 -g 20

Related

How do I move a folder in 10.9 Mavericks?
How can we force MacOS to forget that a specific file was downloaded from the web?
What do the lap colors in the iOS stopwatch mean?
How can I speed up SD card writing speed (using /dev/disk*) on a MacBook Pro?
`brew link unbound` returns `/usr/local/sbin is not writable` error
/etc/hosts gets over written
Fastest way to delete all Timemachine Backups for a machine
How to access my .ssh folder for Transmit or Cyberduck?
Macbook Pro volume greyed out -- no internal speakers available
Any way to change sound output device via Applescript or shell?
How to add user to a group on command line?
Bluetooth corruption on 2013 Macbook Pro