What Is The Relationship between "Users & Groups" and /etc/group?

I want to setup a wireshark group so I can run it without being root. I tried using the System Preferences tool, Users & Groups, to add a wireshark group but I didn't see anything show up in /etc/group.

Where is the group stored if it's not /etc/group. Do groups set up in User & Groups have any relationship with the chmod/chgrp permissions?

I installed Wireshark via MacPorts and it doesn't currently set the permissions correctly to run as a normal user.

Solution 1:

That /etc/group file only exists to let the system function in single user boot mode. I wouldn't rely on it for anything other than a possible sanity check for known system groups.

You'll want to use dscl the directory service command line (and associated dsXXX commands to interact with whatever directory services external to the local store) to retrieve group and user information from the database that normal run time changes and lookups happen.

The manual page can get you started and then Apple developer documentation and specific sites (like this one and code posted at GitHub ) might be good places for follow on research and questions on syntax / scripting / usage.

Also - I would install homebrew and see the output from brew info wireshark which details the tool to script setting up a security group and change permissions on the device(s) Wireshark needs to own for capture.

If you're not into that package manager - here's a script that might do the trick.

• https://gist.github.com/breiter/cbf0307c671f8bc0a7c4