Home Forums OS X Server and Client Discussion Questions and Answers Hiding Local Accounts in Leopard

Viewing 13 posts - 1 through 13 (of 13 total)
  • Author
    Posts
  • #370472
    knowmad
    Participant

    Hello,
    I have been banging my head against this one for a week plus. I have seen no good answers anywhere.

    It USED to be in TIGER and before that if you changed the UID to be below 500, you got an account that did not show up in the accounts pane and the login window. Move the home directory to someplace hidden, like /var and you had an essentially hidden local user account. Very useful for troubleshooting and keeping paranoid users from deleting your local admin/resource account.

    Now, that does not seem to work. I did search the forums here and found this discussion: [url]http://tinyurl.com/2vwann[/url] but it is not the answer. I also posted over at Mac OSX Hints and started this discussion: [url]http://forums.macosxhints.com/showthread.php?t=80670[/url]

    I can tell you that apple says the machine accounts are all below UID and GID 100.
    No help.
    I can tell you that several people have suggested using DSCL to create the account manually…
    [code]$ sudo dseditgroup -o create -i 102 -r “USERNAME” USERNAME
    $ sudo dscl .
    > create /Users/USERNAME
    > create /Users/USERNAME UniqueID 102
    > create /Users/USERNAME UserShell /bin/bash
    > create /Users/USERNAME RealName “USERNAME”
    > create /Users/USERNAME NFSHomeDirectory /usr/local/USERNAME
    > create /Users/USERNAME PrimaryGroupID 102
    > create /Users/USERNAME Password *
    > quit
    $ sudo mkdir -p /usr/local/USERNAME/
    $ sudo chown -R USERNAME:USERNAME /usr/local/USERNAME[/code]
    (this was originally suggested here: [url]http://tinyurl.com/3b9ub9[/url] which has its own discussion attached)
    This seems to work for some but not for me or any of my co-workers whom I have shanghaied into testing this for me. I get an odd thing with it, it seems at first to work but on second login by any account, the cache must be updated because all of a sudden I can see the account in question….

    So what am I doing wrong? Should the DSCL manually account creation work to make hidden users and something about my setup (a fresh install off the GM Disc, no changes to the OS, no network accounts, local only authentication, nothing special at all, completely clean) is messing it up?

    Are all those who say it works simply not checking back after the DS Cache updates?

    Anyone have a suggestion on where else to look for answers?

    Any help/guidance is GREATLY appreciated (constructive criticism too).
    Thanks either way,
    Knowmad

    PS i forgot to mention that although the code here marks it as using UID/GID 102, I have also tried it using UID/GID below 100… multiple times with multiple names…. no luck

    #370486
    knowmad
    Participant

    Rene Says: [quote]
    November 8th, 2007 at 08:57 AM
    Easy way to create a postgres user is use system prefs and after that hide the user with command:

    [code]sudo dscl . -change /Users/pgsql UserShell ”/bin/bash” ”/usr/bin/false”[/code][/quote]

    This is a comment posted over at this discussion: [url]http://tinyurl.com/ytcpbb[/url]

    I am happy with the ease of the answer…. I just don’t fully understand it…. anyone care to explain it a bit more than ‘do this’?

    #370489
    knowmad
    Participant

    no luck. It does hide the account, it also makes it not possible to log into the account except from the command line….
    need a better answer and a full explanation…. anyone?

    #370542
    OD Master
    Participant

    Hello –

    just issue the following in Terminal on the clients:

    defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool YES

    this restores the behavior you want 🙂

    – Norbert

    #370561
    benfeea1
    Participant

    BINGO!

    “defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool YES” worked for me.
    It hides it in the accounts pref pane, the login window, and the fast user switch menu.

    #370562
    benfeea1
    Participant

    Does everyone prefer to use a UID in the range of 100 – 499. It seems like below 100 is mostly system IDs.

    #370570
    knowmad
    Participant

    [QUOTE][u]Quote by: OD+Master[/u][p]Hello –

    just issue the following in Terminal on the clients:

    defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool YES

    this restores the behavior you want 🙂

    – Norbert[/p][/QUOTE]

    thank you…. to which deity do you prefer your praise and eternal thanks be sent?

    but in all seriousness…. how did you figure that one out?

    what was I missing, where was I not looking?

    I will be posting your comments in the other two threads, but with full recognition that the answer is yours not mine.

    #370615
    OD Master
    Participant

    No, I didn’t figure this out myself either.
    I got this tip from Apple engineering during the Leopard Seed.

    – Norbert 🙂

    #370859
    FastGM3
    Participant

    [QUOTE][u]Quote by: OD+Master[/u][p]Hello –

    just issue the following in Terminal on the clients:

    defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool YES

    this restores the behavior you want 🙂

    – Norbert[/p][/QUOTE]

    I’m still missing something, because simply running this command did not hide my admin account. Please answer the following.

    1. In Leopard do I still need to change my admin account’s UID to something below 500, before running the above command?
    2. In Leopard now that NetInfo is gone, Is there a place in the GUI to change a UID? Where?
    3. What is the command line to change an admin account’s UID?
    4. Will I still need the “setfile” command to hide the hidden accounts user directory?
    5. I noticed in some replies directions using the dscl command should I have been following those procedures prior to changing the plist?

    TIA!

    #370866
    Magus255
    Participant

    1. Yes
    2. I haven’t found it if there is 1. Though you could probably use workgroup manager. Command line is rather easy though.
    3. sudo dscl .
    > change /Users/USERNAME UniqueID old# new#

    you an also check knowmad’s post and just use change with old value and new value instead of create

    4. Easier to just move it to /var or something like that. Same as above command only use NFSHomeDirectory and paths instead of UniqueID

    5. Doesn’t matter if you change plist with defaults first or if you change ID first.

    #375389
    digitol
    Participant

    Hope this Guide will Help out:

    http://www.tcsn.net/mont/hiddenuserleopard/welcome.html

    -Digito-

    #375392
    knowmad
    Participant

    [QUOTE][u]Quote by: digitol[/u][p]Hope this Guide will Help out:

    http://www.tcsn.net/mont/hiddenuserleopard/welcome.html

    -Digito-[/p][/QUOTE]

    link is dead

    #375411
    digitol
    Participant

    – Try this one:

    http://www.tcsn.net/mont/hiddenuserleopard/

    Should work.

    – Digitol –

Viewing 13 posts - 1 through 13 (of 13 total)
  • You must be logged in to reply to this topic.

Comments are closed