#!/bin/sh## Create local admin account with ssh access# This script can e.

1. #!/bin/sh
2. #
3. # Create local admin account with ssh access
4. # This script can e.g. be used as a postinstall script in a package in an InstaDMG workflow
5. #
6. # Thomas Berglund, 2010 (thomas.berglund AT gmail.com)
7.  
8. # Set the username and password
9. USERNAME="eviladmin"
10. PASSWORD="superSecretPassword"
11. UNIQUE_ID="499"
12. HOME_PATH="/Users" # set this to something else if you want to hide the home folder
13.  
14. # Define Directory Services Local Database path
15. DSLocalDB="${3}/private/var/db/dslocal/nodes/Default"
16.  
17. # Create user
18. /usr/bin/dscl -f "$DSLocalDB" localonly -create /Local/Target/Users/${USERNAME}
19. /usr/bin/dscl -f "$DSLocalDB" localonly -create /Local/Target/Users/${USERNAME} RealName ${USERNAME}
20. /usr/bin/dscl -f "$DSLocalDB" localonly -create /Local/Target/Users/${USERNAME} PrimaryGroupID 20
21. /usr/bin/dscl -f "$DSLocalDB" localonly -create /Local/Target/Users/${USERNAME} UniqueID ${UNIQUE_ID}
22. /usr/bin/dscl -f "$DSLocalDB" localonly -create /Local/Target/Users/${USERNAME} UserShell /bin/bash
23. /usr/bin/dscl -f "$DSLocalDB" localonly -create /Local/Target/Users/${USERNAME} NFSHomeDirectory ${HOME_PATH}/${USERNAME}
24. /usr/bin/dscl -f "$DSLocalDB" localonly -create /Local/Target/Users/${USERNAME} naprivs -1073741569
25. /usr/bin/dscl -f "$DSLocalDB" localonly -passwd /Local/Target/Users/${USERNAME} $PASSWORD
26.  
27. # Get GeneratedUID for admin group and $USERNAME
28. ADMIN_GUID="$(/usr/bin/dscl -f "$DSLocalDB" localonly -read /Local/Target/Groups/admin GeneratedUID | cut -d " " -f 2)"
29. USERNAME_GUID="$(/usr/bin/dscl -f "$DSLocalDB" localonly -read /Local/Target/Users/${USERNAME} GeneratedUID | cut -d " " -f 2)"
30.  
31. # Create ssh group, if you want the admin user to have access via ssh
32. /usr/bin/dscl -f "$DSLocalDB" localonly -create /Local/Target/Groups/com.apple.access_ssh
33. /usr/bin/dscl -f "$DSLocalDB" localonly -append /Local/Target/Groups/com.apple.access_ssh PrimaryGroupID 403
34. /usr/bin/dscl -f "$DSLocalDB" localonly -append /Local/Target/Groups/com.apple.access_ssh RealName "Remote Login ACL"
35. /usr/bin/dscl -f "$DSLocalDB" localonly -append /Local/Target/Groups/com.apple.access_ssh NestedGroups ${ADMIN_GUID}
36.  
37. # Assign group memberships for admin account
38. /usr/bin/dscl -f "$DSLocalDB" localonly -append /Local/Target/Groups/_appserveradm GroupMembership ${USERNAME}
39. /usr/bin/dscl -f "$DSLocalDB" localonly -append /Local/Target/Groups/_appserverusr GroupMembership ${USERNAME}
40. /usr/bin/dscl -f "$DSLocalDB" localonly -append /Local/Target/Groups/admin GroupMembership ${USERNAME}
41. /usr/bin/dscl -f "$DSLocalDB" localonly -append /Local/Target/Groups/admin GroupMembers ${USERNAME_GUID}