Home > Mac administration, macOS, Packaging > Creating local user accounts with pycreateuserpkg

Creating local user accounts with pycreateuserpkg

As part of setting up new Macs, you may want to add one or more local user accounts with a pre-determined password to those Macs. The reasons for this may include the following:

  • Setting up a local administrator account
  • Setting up a “loaner” user account for a pool of loaner laptops
  • Setting up a local user account that automatically logs at startup for a library kiosk
  • Setting up a generic “student” account for use in a school’s computer lab

Previously, it was possible to use the venerable CreateUserPkg utility to accomplish this goal, but the password scheme used by CreateUserPkg stopped working on macOS High Sierra. An alternative tool which works on macOS High Sierra is pycreateuserpkg, a Python script written by Greg Neagle which generates packages that create local user accounts when installed. For more information, see below the jump.

Using pycreateuserpkg:

1. Download pycreateuserpkg from GitHub using the link below:

https://github.com/gregneagle/pycreateuserpkg

2. Decide on the settings you want for the new user account, using the options available below:

As an example, let’s create an installer package which installs a local user account with the following characteristics:

Account’s shortname: kiosk
Account’s displayed name: Kiosk
UID: 604
Account shell: /bin/bash
Account should have admin rights: No
Account should auto-login: Yes

Since we also need to provide version and identifier information for the installer package, we’ll use the following characteristics:

Version number: 1.0
Package identifier: com.github.kiosk_user_setup

To create the installer package which installs the previously-defined local account, make sure you have a copy of pycreateuserpkg available, then use the command shown below:

/path/to/createuserpkg --name="kiosk" --uid=604 --fullname="Kiosk" --shell="/bin/bash" --version=1.0 --identifier="com.github.kiosk_user_setup" "Create Kiosk User Account.pkg" --autologin

Screen Shot 2017 12 23 at 9 24 30 PM

 

Since we have not defined what the account’s password will be as part of the command above, we will be prompted to enter the password then enter it again to verify:

Screen Shot 2017 12 23 at 9 26 05 PM

 

Screen Shot 2017 12 23 at 9 26 21 PM

 

That should generate a new installer package named Create Kiosk User Account.pkg.

Screen Shot 2017 12 23 at 9 27 52 PM 

Testing pycreateuserpkg-generated installers

Once the package has been built, test it by taking the pycreateuserpkg-generated installer package and install it on a Mac which does not have the local account set up on it. The end result should be that the local account is set up on the Mac and configured with the desired settings and account rights.

Screen Shot 2017 12 23 at 9 32 12 PM

Screen Shot 2017 12 23 at 9 32 16 PM

 

To give some additional examples, let’s create a local administrator account with the following characteristics:

Account’s shortname: admin
Account’s displayed name: Administrator
UID: 600
Account shell: /bin/bash
Account should have admin rights: Yes
Account should auto-login: No

Since we also need to provide version and identifier information for the installer package, we’ll use the following characteristics:

Version number: 1.0
Package identifier: com.github.admin_user_setup

To create the installer package which installs the previously-defined local account, make sure you have a copy of pycreateuserpkg available, then use the command shown below:

/path/to/createuserpkg --name="admin" --uid=600 --fullname="Administrator" --shell="/bin/bash" --admin --version=1.0 --identifier="com.github.admin_user_setup" "Create Local Admin User Account.pkg"

Screen Shot 2017 12 23 at 9 35 43 PM

 

 

Screen Shot 2017 12 23 at 9 36 15 PM

 

When the package is installed, an account like this should now appear in the Users & Groups preferences in System Preferences.

 

Screen Shot 2017 12 23 at 9 36 41 PM

Screen Shot 2017 12 23 at 9 36 44 PM

 

Finally, let’s create a standard user local account with the following characteristics:

Account’s shortname: standarduser
Account’s displayed name: Standard User
UID: 603
Account shell: /bin/bash
Account should have admin rights: No
Account should auto-login: No

Since we also need to provide version and identifier information for the installer package, we’ll use the following characteristics:

Version number: 1.0
Package identifier: com.github.standard_user_user_setup

To create the installer package which installs the previously-defined local account, make sure you have a copy of pycreateuserpkg available, then use the command shown below:

/path/to/createuserpkg --name="standarduser" --uid=603 --fullname="Standard User" --shell="/bin/bash" --version=1.0 --identifier="com.github.standard_user_user_setup" "Create Standard User User Account.pkg"

 

Screen Shot 2017 12 23 at 9 34 57 PM

 

Screen Shot 2017 12 23 at 9 30 59 PM

 

When the package is installed, an account like this should now appear in the Users & Groups preferences in System Preferences.

 

Screen Shot 2017 12 23 at 9 33 16 PM

Screen Shot 2017 12 23 at 9 33 21 PM

 

How pycreateuserpkg works

pycreateuserpkg works by creating a plist file for the specified local user account, which allows the account information to work on 10.8.x and later. The user’s account information is written to a plist file and stored in the directory listed below:

/private/var/db/dslocal/nodes/Default/users

Screen Shot 2017 12 23 at 9 00 05 PM

 

An example account plist is shown below:

If the auto-login option is selected, an additional /etc/kcpassword file is also installed to facilitate the auto-login process.

Screen Shot 2017 12 23 at 9 00 11 PM

If the auto-login option is not selected, the /etc/kcpassword file will not be installed.

Screen Shot 2017 12 23 at 9 41 00 PM

Once the necessary file(s) are created by pycreateuserpkg, the utility then generates an installer package and post-installation script to install the account’s plist and the /etc/kcpassword file (if needed) into their proper places. An example postinstall script from a pycreateuserpkg-generated installer package is shown below:

Note: The postinstall script may have different functionality, depending on which options are selected. For example, this is the postinstall script generated for an installer package which installs a standard user account which is set to auto-login:

Once the pycreateuserpkg-generated package is installed, the account’s file(s) are put into the necessary places and the postinstall script handles any necessary preparation needed for the account to work properly.

  1. Doug
    January 5, 2018 at 9:44 pm

    I’ve tried using this but the computer doesn’t recognize the password I’ve set after package creation.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: