List of all users and groups

Asked 20/8, 2009 at 1:53 Answered 20/8, 2009 at 18:40

Solved c objective-c cocoa macos macos-carbon

I'm trying to get a list of all users and all groups on Mac OS X 10.5+. How can I do this?

For example, the list of all users on my machine should return: _amavisd, _appowner, _appserver, _ard, _atsserver, _calendar, _carddav, _clamav, _coreaudiod, _cvmsroot, _cvs, _cyrus, _devdocs, _dovecot, _eppc, _installer, _jabber, _lda, _locationd, _lp, _mailman, _mcxalr, _mdnsresponder, _mysql, _pcastagent, _pcastserver, _postfix, _qtss, _sandbox, _screensaver, _securityagent, _serialnumberd, _softwareupdate, _spotlight, _sshd, _svn, _teamsserver, _timezone, _tokend, _trustevaluationagent, _unknown, _update_sharing, _usbmuxd, _uucp, _windowserver, _www, _xgridagent, _xgridcontroller, daemon, dave, nobody, root (that was painstakingly compiled manually).

How can I get that list (and the corresponding list of all groups) programmatically? I'm open to alternative (non-c based) solutions, such as Applescript, commandline, etc.

Update a long time later

TALlama's answer prompted me to investigate the API to Open Directory, and I found that this list can be easily acquired programmatically:

#import <OpenDirectory/OpenDirectory.h>
ODSession *s = [ODSession defaultSession];
ODNode *root = [ODNode nodeWithSession:s name:@"/Local/Default" error:nil];
ODQuery *q = [ODQuery queryWithNode:root forRecordTypes:kODRecordTypeUsers attribute:nil matchType:0 queryValues:nil returnAttributes:nil maximumResults:0 error:nil];

NSArray *results = [q resultsAllowingPartial:NO error:nil];
for (ODRecord *r in results) {
    NSLog(@"%@", [r recordName]);
}

That will log the usernames of every user on the system. Substituting in kODRecordTypeGroups will get you the list of all the groups.

The -[ODQuery resultsAllowingPartial:error:] method is a blocking call, so you'd either want to execute this code on a background thread, or use an <ODQueryDelegate> to aggregate the results.

Telegonus answered 20/8, 2009 at 1:53 Comment(7)

Sadly, the fact that you were able to make that exhaustive list manually suggests that you already had a way to automate it. You presumably read a list of directory names or something? Great question to ask though. Google turned up the answer in about 15 seconds. – Cynicism 20/8, 2009 at 3:28

I got it from another program. – Telegonus 20/8, 2009 at 3:34

Clarification: the other program had the list in a popupbutton, and I copied it out. I want a similar popupbutton. =) As for google, I spent a while searching for variations on "mac get list of all users" and couldn't find anything relevant. – Telegonus 20/8, 2009 at 3:36

Is there a pure obj-c way (without calling command line tool) ? – Bushey 16/6, 2011 at 6:26

@Bushey (A long time later) I was playing around with this the other day and came up with some code to do this. – Telegonus 27/1, 2013 at 17:35

@Dave :Thanks for the update – Bushey 4/2, 2013 at 6:27

I took your suggestion (the OpenDirectory code) as my start-point and it is great - however, I now need to get group membership for each one of the users... what "id -Gn <uid>" command-line gives you... and I just can't get the hang of this OpenDirectory API – Radiothorium 30/12, 2020 at 16:6

122

The tool you want is almost certainly dscl. The shortest way to do it was already pointed out:

$ dscl . list /users
$ dscl . list /groups

If you want to output information about each user, though, use readall:

$ dscl . readall /users
$ dscl . readall /groups

And if you need to programatically parse said information, use -plist to make your life easier:

$ dscl -plist . readall /users
$ dscl -plist . readall /groups

Concordance answered 20/8, 2009 at 18:40 Comment(5)

For some reason, this does not list all users, even if I run with sudo. It doesn't show any of the "real" users, just the system-ish ones. – Wicker 21/7, 2011 at 17:51

Works on my Lion install; what OS are you seeing it fail with? – Concordance 21/7, 2011 at 20:35

1.5.8. I figured it out. I didn't realize there were several different ways that osx can authenticate. Turns out I needed JacobTaylor's "Open Directory" approach. – Wicker 21/7, 2011 at 21:27

Note: dscl -list is limited to 256 results, so this is not guaranteed to list all user accounts. – Titanate 14/9, 2012 at 19:3

that's hardly a programmatic way to do it from my application. Any API? – Radiothorium 29/12, 2020 at 9:28

Open Directory approach (from: http://rickcogley.blogspot.com/2008/11/listing-open-directory-users-on-os-x.html):

dscacheutil -q user
dscacheutil -q group

Take each line from the respective output that starts with "name:" strip off the "name:" and you have your list. If you do not have dscacheutil, you can use the manual commands:

root# dscl localhost list /Local/Default/Users
root# dscl localhost list /LDAPv3/127.0.0.1/Users

Old school approach for before Open Directory....(sigh): For list of users:

Grab the /etc/passwd file from the system.
Split it out by lines
Split out each line based on ":"
Take the first symbol for each line

For list of groups:

Grab the /etc/group file from the system.
Split it out by lines
Split out each line based on ":"
Take the first symbol for each line

Cynicism answered 20/8, 2009 at 1:58 Comment(5)

I don't think this works - grepping /etc/passwd on my mac doesn't yield my username. – Liddell 20/8, 2009 at 2:1

+1 same here, but it seems like it has everything else. Thanks! I'll keep this open in case there's a better way. – Telegonus 20/8, 2009 at 2:6

I believe that Directory Services replaces /etc/passwd. The file is probably only there for legacy reasons. – Conduplicate 20/8, 2009 at 2:8

Note: dscacheutil -q user and dscl -list are limited to 256 results, so this is not guaranteed to list all user accounts. – Titanate 14/9, 2012 at 19:5

Here too (MacOS 10.15.7) - "normal" Mac users, created via the "Users & Groups" UI (in System Preferences) don't appear in /etc/passwd file. Maybe there's another such file (same format) that extends it for the "Mac users" ? – Radiothorium 29/12, 2020 at 9:32

Non-garbbled/no-tempfile commands:

# dscl . list /users
# dscl . list /groups

Corkscrew answered 20/8, 2009 at 2:16 Comment(3)

Wow, even better! I love this site! =) – Telegonus 20/8, 2009 at 2:22

Note: dscl -list is limited to 256 results, so this is not guaranteed to list all user accounts. – Titanate 14/9, 2012 at 19:4

Is there a programmatic API to get to the same functionality? I don't wish to create an external process via NSTask, collect and parse its text output every time my Cocoa application needs the list of users... maybe that's normal for UniX style programming, but not for Mac programming. – Radiothorium 29/12, 2020 at 9:46

Back in the old days, we'd do this trivially with the NetInfo Kit, but today there's no tidy Objective-C way to do it. You'll have to dig in to the OpenDirectory API.

Zahara answered 20/8, 2009 at 8:51 Comment(0)

check out, for example, dsexport.

Here are some examples:

dsexport /tmp/export.out /Local/Default dsRecTypeStandard:Groups

dsexport /tmp/export.out /Local/Default dsRecTypeStandard:Users

the outputs are a bit rubbish, but something like sed could clean them up for you.

Liddell answered 20/8, 2009 at 2:2 Comment(2)

Excellent! Just a simple pass with a regular expression has cleaned them right up! Thank you! – Telegonus 20/8, 2009 at 2:10

Note: dsexport is limited to 256 results, so this is not guaranteed to list all user accounts. – Titanate 14/9, 2012 at 19:7

Recommended topics

Hot tags