sudo dseditgroup -o create -t group com.apple.access_loginwindow sudo dseditgroup -o edit -a auser -t user com.apple.access_loginwindowwhich in this case will limit who can login at the console (i.e. loginwindow) to just the user 'auser'. You can check the membership with:
$ dscl . -read /Groups/com.apple.access_loginwindow AppleMetaNodeLocation: /Local/Default GroupMembership: auser PrimaryGroupID: 504 RecordName: com.apple.access_loginwindow RecordType: dsRecTypeStandard:Groups
Similar groups will control access to other services such as com.apple.access_ssh, com.apple.access_screensharing.
No comments:
Post a Comment