Login or Register to Ask a Question and Join Our Community

Linux and UNIX Man Pages

Linux & Unix Commands - Search Man Pages

memberd(1) [mojave man page]

dsmemberutil(1) 					    BSD General Commands Manual 					   dsmemberutil(1)

NAME

     dsmemberutil -- various operations for the membership APIs, including state dump, check memberships, UUIDs, etc.

SYNOPSIS

     dsmemberutil [-v] [-h] command [options]

DESCRIPTION

     dsmemberutil is a program that implements the membership API calls in a command line utility.

FLAGS

     A list of flags and their descriptions:

     -h      Lists the options for calling dsmemberutil

     -v      Causes dsmemberutil to operate in verbose mode.

COMMANDS

     The action of each command is described below:

     getuuid -ugUGsS value
		 Takes any of the options and returns the associated UUID.

     getid -UGsSX value
		 Takes any of the options and returns the associated UID or GID depending on option provided.

     getsid -ugUGX value
		 Takes any of the options and returns the associated SID.

     checkmembership -uUxs param -gGXS param
		 Returns if a user or group with the associated option is a member of the group.

     flushcache  Flushes the current membership cache.

     Legacy commands such as dumpstate and statistics are gone. See odutil(1) for show cache and statistics operations.

     A list of options available. In some cases -xX and -sS can be used synonymously due to nature of the value.

     -u uid	      Using user with UID

     -U name	      Using user with name

     -s sid	      Using user with SID

     -x uuid	      Using user with UUID

     -g gid	      Using group with GID

     -G name	      Using group with name

     -S sid	      Using group with SID

     -X uuid	      Using group with UUID

EXAMPLES

     Get a user's uuid:
		    % dsmemberutil getuuid -u 501
		    EEA4F2F6-B268-49E7-9C6F-E3C4A37DA4FD

     Get a group's uuid
		    % dsmemberutil getuuid -g 0
		    ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000000

     Get a user's or group's id from a uuid
		    % dsmemberutil getid -X ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C
		    gid: 12

     Check a user's membership in a group (using UID and GID)
		    % dsmemberutil checkmembership -u 501 -g 0
		    user is not a member of the group

     Check a user's membership in a group (using names)
		    % dsmemberutil checkmembership -U root -G wheel
		    user is a member of the group

SEE ALSO

     odutil(1), dseditgroup(1), dscacheutil(1)

Darwin								    Jan 1, 2007 							    Darwin

Check Out this Related Man Page

MBR_CHECK_MEMBERSHIP(3) 				   BSD Library Functions Manual 				   MBR_CHECK_MEMBERSHIP(3)

NAME

     mbr_check_membership, mbr_check_service_membership -- check whether a user is a member of a group or service ACL

SYNOPSIS

     #include <membership.h>

     int
     mbr_check_membership(uuid_t user, uuid_t group, int *ismember);

     int
     mbr_check_service_membership(uuid_t user, const char *service, int *ismember);

DESCRIPTION

     mbr_check_membership() tests if a given user is a member of a group (either direct or indirect via a nested group).  ismember is set to 1 if
     the user is a member or 0 if not a member of the group.  mbr_check_service_membership() similarly tests if a given user is a member of a ser-
     vice ACL group.  Service ACLs are special groups defined with the prefix "com.apple.access_".  The service is then prefixed (e.g., "afp"
     would check "com.apple.access_afp").  There is a special group that grants accessto all services called "com.apple.access_all_services".

     Users may belong to any number of groups.	mbr_check_membership() should always be used to check group membership, rather than calling
     getgroups(2) or getgrouplist(2).  The setgroups(2) and getgroups(2) routines are limited to a fixed number of gids, and so may not include
     all of a user's groups.

     There are two special cases.  If the two uuids are equal, then ismember is set to 1.  If the group uuid is equal to the reserved "everyone"
     uuid (ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C), then ismember will be set to 1 for any valid user.

     Group membership information is managed by opendirectoryd(8).

RETURN VALUES

     mbr_check_membership() does not test whether group exists or not.	Querying membership for a nonexistent group will result in ismember being
     set to 0.	The function returns 0 on success or one of the following error codes on failure:

     [EIO]		Communication with openditectoryd(8) failed.

     [ENOENT]		user can not be found.

     mbr_check_service_membership() is identical to mbr_check_membership() except that ENOENT means no service ACL has been defined.

SEE ALSO

     odutil(1), setgroups(2), getgroups(2), mbr_uid_to_uuid(3), opendirectoryd(8)

Mac OS X							 November 5, 2011							  Mac OS X
Man Page