How to Add User to Admin Group Using nicl under Mac OS X

Under most flavors of Unix, it’s quite easy to add a user to a group. You just edit the /etc/group file and it’s done. You cannot do that under Mac OS X. OS X introduced NetInfo database. The files are in binary format and you cannot just edit the database files. There is a utility called NetInfo Manager to take care of that.

Recently, one user recovered her PowerBook by herself. During the process, the NetInfo database got erased, a new one was created. She didn’t create the new account to match the old account name. Therefore, when she finally get on the machine using the newly created account, she has no access to her old files. Also, one application reqires the user name matches the old user name.

I used NetInfo Manager to change the new user’s name and home directory. She can see her old files and preferences, also she can use that application again. However, there is one problem. I forgot to update the admin group for the modified user name. The modified account is now a regular account and it’s the only account on the machine.

Apparently, I cannot do any admin tasks using the only regular account. How can I modify the admin group without using any of those GUI utilities?

Later, I learned that I can use nicl to manipulate the NetInfo database and it’s also available under single user mode. Here are the steps.

  1. Boot the machine to single user mode by holding down Command(Apple icon)+S during booting process.
  2. Type the following to mount the drive with read/write access.

    fsck -y

    mount -wu /

  3. Type the following to add uruser to the admin group.

    nicl -raw /var/db/netinfo/local.nidb -append /groups/admin users uruser

  4. Type reboot to boot the machine.

6 Comments on How to Add User to Admin Group Using nicl under Mac OS X

  1. Kisakookoo,

    This question is not suitable for this post. Anyway, after you log on to There is a menu on the top left corner “My Account”. Click that and select “Edit Profile”. If for some reason, you still cannot edit your profile. I suggest you contact support at

    Good luck.

  2. not so smart to show how to become root soo easy. Users must understand being root is dangerous. Why dont you change the post and show how to become user of another group like www or something.

  3. Well, the main point is no one has admin privilege to the original system. Therefore, I showed how did I get around to it. If a user has physical access to a machine, he can do a lot more than getting admin account. I don’t think there is any need to conceal the info.

  4. Ok, I understand that very well and it is a good post.

    But i can’t approve users to have full admin rights o_O all the time, guess thats my problem.

    Again, good post, and you are right about physical access (we can do whatever we want 😉 if we know how…

1 Trackbacks & Pingbacks

  1. Addgroup on OSX « Niall’s Blog

Leave a Reply

Social Widgets powered by

Advertisment ad adsense adlogger