Snow Leopard (10.6) and Leopard (10.5) User Account Information

Looking at users on Snow Leopard and Leopard based systems is significantly easier than a 10.4 based system. As seen in the Tiger (10.4) User Account Information breakdown, a NetInfo database is used hold user account information among other items. In Leopard, “.plist” files became the norm with many aspects of the system and user account information is one of those areas. Leopard migrated from NetInfo to Directory Service. With this migration, the vital information for each user (group) is found in the following location:

/private/var/db/dslocal/nodes/Default/users and
/private/var/db/dslocal/nodes/Default/groups

In these two directories, you will find a “.plist” file corresponding to each user name or group name, depending on which directory you are evaluating. take for example a user name of “moof”. You will find a file:

/private/var/db/dslocal/nodes/Default/users/moof.plist

This file will contain information such as:

The user’s UUID (Universally Unique Identifier)
The user’s GID (group ID)
The path to the user’s home directory
The long name and short name for the user
The path to the user’s chosen picture
and others

The question many of us want to answer though, who belongs to the admin group on a Mac? Let’s examine the admin group:

/private/var/db/dslocal/nodes/Default/groups/admin.plist

Inside of this “.plist” file, you will find the list of ‘users’, likely beginning with “root” that belong to this group.

Do not end your examination here. Other groups could have privileges that grant access to a folder or file that is vital to your case. Look at the files and folders for assigned POSIX permissions and ACLs (Access Control Lists) to determine what users and groups you need to be concerned with.