Where are the User and Group definitions stored in High Sierra?

I would like to inspect UID and GID numerical values on my High Sierra (10.13.4) server, so that I can coordinate and de-conflict these for use with NFS. Since NFS authenticates at the server level, UIDs and GIDs need to match across the set of machines using the NFS served files, to properly preserve and enforce file and folder permissions.

Traditionally, Unix machines hold these values in /etc/passwd and /etc/group. These files do not contain the Users and Groups I have added to my system.

I can inspect individual user's and group's IDs in the System Preferences dialog, but this becomes tedious with many users. I really need to list all the UIDs and GIDs I have previously configured.

The man page for chmod(1) does not mention any files. The man page for passwd(1) mentions the non-traditional file /etc/master.passwd but this file similarly lacks my Users and Groups.

Is there a .plist file somewhere containing these added User and Group definitions?

Solution 1:

The user and group information on a Mac are stored in Directory Services. That service can bind to external sources and alternate "local" sources like NFS, LDAP, ActiveDirectory (LDAP) but by default, unless you opt in to a directory - the user and group database is locally managed.

You can find the default local files in /private/var/db/dslocal/nodes/Default/groups and users. They are stored in binary plist format so you need to use /usr/libexec/PlistBuddy or similar to read them.

Alternately, you can use the easier method of the dscl utlity which allows you to read and change Directory Services entries. Using dscl has the added bonus of reading any of the optional sources in their preference to retrieve this information the same a program would.