Deleting Mac OS X users remotely with dscl

by Robert Daeley

I had occasion recently to need to remotely delete a user — let’s call him “George” — on a Mac OS X box that is running the Client version of Tiger. I have ssh access to that machine and, since I keep meaning to learn how to do it, I decided to take the time to make a few notes on the process for the next such occasion.


NetInfo user
2006-04-28 02:34:37
Nice review - but what about the OTHER groups which George may be a member of? You state "I happen to know that George is in only two groups: handmodels and george" - but what if George was an administrative user? In this case, he would also be a member of the "admin", "appserveradm" and "appserverusr" groups.

Any suggestions on how to scan ALL potential locations for a given shortname entry, to ensure you catch them all?

Laurent Pertois
2006-04-28 03:54:05
Try this :

dscl . -list /groups GroupMembership

It will give you all the groups with their members in a second column, you can then try to grep...

There is something I'd like to add, don't forget to delete the password files in /var/db/shadow/hash

Charles Albrecht
2006-04-28 09:53:59
% id -G -n george
2006-04-28 10:48:41
Take a look at

Mac OS X command line user tools
These are wrapper scripts around the netinfo commands that mimic the useradd, userdel, groupadd, groupdel commands of other *nix operating systems. Still under development, but quite useful here where I work.

PLEASE let me know about any bugs/improvements you find/think of.

* niuseradd
* niuserdel
* nigroupadd
* nigroupdel