Filter
Top Products
116 Chapter 8 Working with Users and Groups
7 Quit dscl by entering:
> quit
Creating and Deleting Nested Group
Nested groups allow for one group (child) to be a member of a second group (parent),
thus inheriting the permissions and attributes of the parent group. All members of a
nested group will become child members of the parent group as well.
You can create a nested group by using the dseditgroup tool with the -a option,
which adds the group record to the parent group.
To create a nested group:
$ dseditgroup -o edit [-a
childgroup
] [-t group] [-u
username
] [-P
password
]
[-n /LDAPv3/
ipaddess
]
parentgroup
To verify a nested group:
1 Start the dscl tool in interactive mode, specifying the computer you are using as the
source of directory service data:
$ dscl localhost
>
2 Change the current folder to /LDAPv3/ipaddress/Groups by entering the path at the
prompt:
> cd /LDAPv3/
ipaddress
/Groups
Replace
ipaddress
with the IP address of your directory server. If using a NetInfo
directory domain, enter cd /NetInfo/root/Groups at the prompt.
3 Authenticate as an administrator by entering the following command, replacing
adminusername with your administrator user name, and entering your administrator
password when prompted:
> auth
adminusername
4 View the current members of the group by entering (replacing parentgroup with the
group account’s short name):
> read
parentgroup
Parameter Description
childgroup The name of the child group you are adding to the parent group.
username The short name of a user with LDAP directory service access.
password The user password.
ipaddress The IP address of your directory server.
parentgroup The name of the parent group that the child group is being
added to.