Create a New User on macOS from the Terminal Command Line



  • Managing Users in macOS can be a bit challenging, but it can be done if we understand the steps involved. Unlike traditional UNIX systems, Mac OSX and macOS do not keep all users in the /etc/passwd system. Only system accounts are kept there.

    In macOS we use dscl or the Directory Service Command Line utility to manipulate user accounts. In this example, we will walk through creating a completely new user, setting their details, adding them to the "admin" group (giving them the ability to use sudo to manage the system), and setting their password.

    First the full example, then we will break it down:

    sudo dscl . -create /Users/sally
    sudo dscl . -create /Users/sally UserShell /bin/bash
    sudo dscl . -create /Users/sally RealName "Sally Brown"
    sudo dscl . -create /Users/sally UniqueID 503
    sudo dscl . -create /Users/sally PrimaryGroupID 503
    sudo dscl . -create /Users/sally NFSHomeDirectory /Local/Users/sally
    sudo dscl . -passwd /Users/sally mySecretPassword
    sudo dscl . -append /Groups/admin GroupMembership sally
    

    That's decently self explanatory. But we will go line by line and explain what is happening.

    First, we create the user "container" for the account:

    sudo dscl . -create /Users/sally
    

    Next, we set the user's shell. We use bash in this example. The macOS default is /bin/tcsh and the most recommended shell is /bin/zsh.

    sudo dscl . -create /Users/sally UserShell /bin/bash
    

    Next, we set the actual name of the account user.

    sudo dscl . -create /Users/sally RealName "Sally Brown"
    

    Then we set the unique user ID (uid) for the user. As is typical with UNIX systems, we generally start with 500 for the first user and increment. macOS starts with 501. You will often look up the existing users to see what is available before doing this.

    sudo dscl . -create /Users/sally UniqueID 503
    

    Then we set the primary group ID (gid). It is customary for a normal user to have their own group that matches the ID of their user ID. But this is only a recent tradition and this is actually a very customizable field.

    sudo dscl . -create /Users/sally PrimaryGroupID 503
    

    Next we set a home directory for the user. The name of this field can be confusing as it clearly mentions NFS but we do not use NFS here. This is a vestige of this tool having come from an LDAP background.

    sudo dscl . -create /Users/sally NFSHomeDirectory /Local/Users/sally
    

    Then we have our final required step to set up a working user, setting their password:

    sudo dscl . -passwd /Users/sally mySecretPassword
    

    Our final step that we will show here is optional and only used for accounts that need membership in another group. The most common one would be the admin group which allows access to sudo so that administrative actions can be taken.

    sudo dscl . -append /Groups/admin GroupMembership sally
    



  • It is likely obvious, but as I know that some people are searching for this information, creating administrative users in this way can be done very easily from remote command lines such as ScreenConnect, ConnectWise, MeshCentral, and so forth.