Hidding The Administrator Account in OS X 10.5 (Leopard)

unimachead · #1 (**permalink**) 03-20-2008

I would like to know how to hide my initial account (which is an administrator account) in the new Leopard 10.5 operating system.
In the old OS 10.4 this could be done very easily with the help of NetInfo Manager. You could change the UID to anything below 500 and secure your account, however in the new 10.5 OS this is no longer possible. NetInfo manager is no longer. Is there a script that can be entered via terminal that takes care of this?
In terminal you can check the user database with the following:
dscl . list /Users UniqueID

In raw UNIX you can check with the following:
cat /etc/passwd

Any pro help would be appreciated.

xbin · #2 (**permalink**) 03-24-2008

Try this:

sudo defaults write /Library/Preferences/com.apple.loginwindow HiddenUserList -array-add <admin_name>

Substitute <admin_name> with the admin user name. You'll probably need to reboot the system.

tlarkin · #3 (**permalink**) 03-24-2008

I think also if you set the UID to under 500 it will hide it from the finder but not the loginwindow, if you use the previous line above with the sudo default write command it should do from both.

Sorry, I didn't fully read the original post. I take quick breaks from work and browse forums to clear my mind of something I am working on, and so as of a result I sometimes hastily answer things.

To answer your question about the user id, UID, you can set it by using the dscl command in OS X. For example, lets say you have a user called hidden administrator, short name hadmin

Code:

dscl / -create /Users/hadmin UniqueID 401

I am not exactly sure if you can modify a UID on a system, and I am willing to bet OS X doesn't like you doing that. I know in Work Group Manager in an OD environment you can't change the shortname nor can you change the UID once it has been generated. So, you may have to recreate your hidden user account.

unimachead · #4 (**permalink**) 03-24-2008

Thanks Guys, I'll give it a shot. But I think I'm pretty close to finding what I'm looking for. I'll post as soon as I can verify the solution.

unimachead · #5 (**permalink**) 03-27-2008

I think I've found a solution for the hiding the admin account, but it took a little experimenting to get it to work. At first I had dropped the UID & GID to 102 and along with script: sudo dscl .-change /Users/pgsql UserShell "/bin/bash" "/usr/bin
false" ... it hides the account, but weirdly locks you out at the login screen.

Things seem to be much smoother by dropping the UID to 499 and the GID to 501 along with the script: defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool YES

This hides the account well with no problems. I'm still experimenting with a few other things, but this should do the trick.

unimachead · #6 (**permalink**) 03-29-2008

Just a special thanks to Mark S. for working with us on this down in Texas.

tlarkin · #7 (**permalink**) 04-24-2008

I have a script that creates this now, the script is still with in testing phases so it may or may not work 100% please use at your own risk, and if you make any tweaks let me know to make it better.

Code:

#!/bin/bash

if [ -z $1 ] ; then
	echo "usage: `basename $0` [username] [password] ([UID] optional) ([GID] optional)"
	exit 1
fi

USERNAME=$1
PASSWORD=$2
USERID=$3
GROUPID=$4

if [ `uname -r | cut -c1` = 8 ] ; then
	PATH='/NetInfo/root'
elif [ `uname -r | cut -c1` = 9 ] ; then
	PATH='/Local/Default'
else
	exit 1
fi

if [ -z $GROUPID ] || [ -z $UNIQUEID ] ; then
	GROUPID=0
	UNIQUEID=489
fi

checkUser ()
{
	if [[ `/usr/bin/dscl localhost list /Local/Default/Users | /usr/bin/grep "$USERNAME" | /usr/bin/grep -v "$USERNAME." | /usr/bin/grep -v ".$USERNAME"` == "$USERNAME" ]] ; then
		echo "the username '$USERNAME' already exists"
		exit 1
	fi
}

makeUser ()
{
	/usr/bin/sudo /usr/bin/dscl localhost create $PATH/Users/$USERNAME
	/usr/bin/sudo /usr/bin/dscl localhost create $PATH/Users/$USERNAME PrimaryGroupID 0
	/usr/bin/sudo /usr/bin/dscl localhost create $PATH/Users/$USERNAME UniqueID 0
	/usr/bin/sudo /usr/bin/dscl localhost create $PATH/Users/$USERNAME UserShell /bin/bash
	/usr/bin/sudo /usr/bin/dscl localhost passwd $PATH/Users/$USERNAME $PASSWORD
	/usr/bin/sudo /usr/bin/dscl localhost append $PATH/Groups/admin GroupMembership $USERNAME
}

moveUser ()
{
    /bin/echo "creating new admin account homedir…"
	/bin/mkdir -p /var/home/$USERNAME
	/usr/bin/ditto -rsrc -V /System/Library/User\ Template/English.lproj/ /var/home/$USERNAME/
	/usr/sbin/chown -Rf $USERNAME:admin /var/home/$USERNAME
	/bin/echo "confirming what we just did…"
	/bin/ls /var/home/$USERNAME/
	/usr/bin/id $USERNAME
	/bin/echo "if that looks good, we're all set."
}	

deleteUser ()
{
	/usr/bin/sudo /usr/bin/dscl localhost delete $PATH/Users/$USERNAME
	/usr/bin/sudo /usr/bin/dscl localhost delete $PATH/Groups/admin GroupMembership $USERNAME
}

hideUser ()
{
	/usr/bin/sudo /bin/cp -n /Library/Preferences/com.apple.loginwindow.plist /Library/Preferences/com.apple.loginwindow.plist.backup
	/usr/bin/sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool TRUE
	/usr/bin/sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array $USERNAME
	/usr/bin/sudo /usr/bin/defaults write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool FALSE
}

checkUser
makeUser
moveUser
hideUser
#deleteUser

You will need to fill in the blanks, and it also moves the hidden account's home directory to /private/var/home

More UNIX and Linux Forum Topics You Might Find Helpful
Thread	Thread Starter	Forum	Replies	Last Post
Vi in Leopard	Gale Gorman	OS X (Apple)	5	09-16-2008 07:08 PM
Change Account to not lock account if password expires	stringzz	UNIX for Dummies Questions & Answers	1	04-04-2008 05:31 PM
Emacs in terminal for OS X Leopard	USFstudent	OS X (Apple)	1	04-04-2008 09:42 AM
Setting an account to be a non-login account automatically?	LordJezo	UNIX for Dummies Questions & Answers	0	06-16-2006 09:28 AM
Hidding Files in UNIX	smdakram	UNIX for Dummies Questions & Answers	3	01-13-2002 09:05 AM

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes	Rate This Thread
Switch to Linear Mode Hybrid Mode Switch to Threaded Mode	Rate This Thread: