Felipe Alfaro Solana

New with Mac OS X 10.5 is the replacement of the old NetInfo architecture. The new component, Directory Services, is a highly configurable service that can use many back-ends to store, retrieve and abstract concepts like users, groups, machines or mount points.

Directory Services sports LDAP, Active Directory and Open Directory support, and also local files. Local files seem to be stored directly in the root volume, in the /var/db/dslocal/nodes/Default/ directory. Within this subdirectory, we can found others that create a tree-like, hierarchical structure:

• aliases/. Contains a one pList for every account alias that is registered in the Local directory service. There are some built-in aliases, plus additional aliases that can be created from the Accounts preference pane.
• config/. Contains several configuration files for components like Kerberos KDC (in a pretty funny format, that basically looks like XML-syntax wrapper that contains the traditional kdc.conf text-based configuration file as a string), Share points and so on.
• groups/. Contains one pList file for every known local group. The format is pretty straightforward and almost resembles the traditional UNIX /etc/group file, but expressed using XML.
• machines/. Contains one pList file for every known machine. It seems to me this is the equivalent of the /etc/hosts UNIX file where each machine entry is stored in as a single pList file. For a default Mac OS X installation, you will find a localhost.plist and a broadcasthost.plist entry.
• mounts/. Contains one pList for every automount point. By default, there are no automount points defined, and they can be created using the Directory Utility application, dscl or by manually creating or changing pList files.
• networks/. Contains one pList file for every known network. This seems like the equivalent of /etc/ethers in UNIX systems. By default, only a single pList file exists: loopback.plist, which lists 127.0.0.0/8 as a known network.
• users/. Contains one pList file for every known local user. This is the equivalent of /etc/passwd in any UNIX system. As in modern UNIX systems, the password is stored somewhere else (does anybody know where?).

By tweaking these files and restarting the Directory Service, it is possible to emulate the behavior of a UNIX-like system, with the difference that access to these entities is mediated by a service, as is not exposed via a POSIX API that, when configured to use local files, parses the contents of local files. In Mac OS X, it is necessary to notify the Directory Service when the contents of any of the pList files changes.

Another way of editing some of these components without having to use dscl or editing pList files by hand is by right-clicking a user or a group in the Accounts preference pane, then choosing Advanced Options ... from the menu.