Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Creating 'secret' user accounts in 10.2 Apps
This hint combines two other hints I read here on MacOSXHints.com. We have an iMac, largely used by my children, but upon which I have an admin user account. I can also imagine situations where for reasons of business or personal privacy it might make sense to have an invisible account. If Zach or Victoria becomes the principal user of the computer and finds scrolling down to log in a bit of a nuisance, perhaps Mom or Dad can hide their accounts. To avoid having a parent's account show up or even be visible to one of the kids, both at the login screen and from the /Users folder, adopt the following steps:
  1. In System Preferences, Accounts, create the user you want. Make special note of the short username; you'll need that when you...

  2. Open /Applications -> Utilities -> NetInfo Manager. Scroll the center pane down to users, click the lock and enable changes, and select the short username you just created. In the bottom pane, delete the value for the property "realname". DO NOT delete the property itself, just click on the value entry until the text is editable and delete the name of that user. The effect of doing this will be to suppress the display of your new user in the login panel.

  3. Open the terminal and type sudo setfile -a V /Users/new_short_username. This makes the home folder for the new user invisible in the /Users folder. As an aside, I did this with the "Shared" folder. I had deleted it previously but as it happens the iTunes store keeps subscriber information there.
You now have an invisible user on your machine. To log in, press the down arrow once at the login panel, and then press option-Return. You will be presented with name and password fields. Type your new short user name and your new password, and you're in as a reasonably stealthy new user of the machine.

This is no substitute for real data privacy, of course. There's nothing to prevent a determined user, especially with an admin password, from finding out that the account exists by typing ls -a /Users/. But it does keep a curious kid from finding your account if you want to prevent that.

    •    
  • Currently 3.50 / 5
  You rated: 4 / 5 (4 votes cast)
 
[27,785 views]  

Creating 'secret' user accounts in 10.2 | 18 comments | Create New Account
Click here to return to the 'Creating 'secret' user accounts in 10.2' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Creating 'secret' user accounts in 10.2
Authored by: laurence.wilks on Sep 16, '03 10:24:17AM
But it does keep a curious kid from finding your account if you want to prevent that.
Unless of course they are curious enough to read Mac OS X Hints!

[ Reply to This | # ]
Creating 'secret' user accounts in 10.2
Authored by: leenoble_uk on Sep 16, '03 10:28:45AM

I've been doing this for a while now. apologies for not posting this hint. But in addition I'd like to advise you that if you mount your invisible folder on another machine over a network it may cause both machines to lock up. I may be wrong now as it's a long time since I made that mistake and I don't fancy trying it again.
If you put the setFile code into an executable file and write an applescript to run the command, and then make another to make it visible again you can keep these handy and make your home folder visible/invisible at will.
Oh and rob may not have noticed as he probably has DevTools installed but setFile is only available with developer tools installed.



[ Reply to This | # ]
Creating 'secret' user accounts in 10.2
Authored by: klktrk on Sep 16, '03 11:35:12AM

Just to add to that...

Instead of deleting the user name, you can change the user id of your secret user to something under 500, say 401, if you'd like. Under Jaguar this should keep the username from showing up in the login screen. I create, as a matter of course, a hidden admin account on every install of Mac OS X I do. I also use NetInfo to change the location of the admin user to a hidden folder (usually /private/var/.admin/ -- here I'm following the model that the root user has an unofficial home folder at /private/var/root).



[ Reply to This | # ]
Moving the user folder
Authored by: hamarkus on Sep 16, '03 01:15:29PM

Good idea to move the user folder as well. But isn't the user still visible from Netinfo? I mean, if somebody is smart enough to discover the hidden user via the terminal, she or he might also look into Netinfo.



[ Reply to This | # ]
Disallow Netinfo
Authored by: abriening on Oct 14, '03 06:50:26PM
You can disallow Netinfo, or any other application, in System Preferences -> Accounts -> Users -> Capabilities. Just check Use only these applications and then check/uncheck the applications allowed/disallowed for that user.

[ Reply to This | # ]
setfile: command not found?
Authored by: hamarkus on Sep 16, '03 12:21:00PM

Neat idea, unfortunately the command setfile is unknown to my system (and I do have Developper Tools installed).



[ Reply to This | # ]
setfile: command not found?
Authored by: leenoble_uk on Sep 16, '03 12:25:33PM

You usually have to reference it directly. It is not in the /bin directory.

it's setFile [cap F] not setfile
The full path which you need to use (unless you have moved it) is:

/Developer/Tools/setFile



[ Reply to This | # ]
Thanks!
Authored by: hamarkus on Sep 16, '03 12:57:06PM

Thanks!



[ Reply to This | # ]
setfile: command not found?
Authored by: boltar on Sep 16, '03 03:36:02PM

Actually, as long as you're running HFS+, "setfile" is as good as "setFile". HFS is case preserving but case insensitive.



[ Reply to This | # ]
Creating 'secret' user accounts in 10.2
Authored by: olwylee on Sep 16, '03 03:46:17PM
For those that are having probs with the setfile command, use this hint to symlink it to /usr/bin.

Then you can just type setfile and the rest of the command at the prompt.

[ Reply to This | # ]
Creating 'secret' user accounts in 10.2
Authored by: gatorparrots on Sep 16, '03 04:06:52PM
Of course, there are other ways...

1). Set the UID (user ID) of the user you wish to hide from the Login Window to a number below 500. You could issue these commands in the terminal to affect such a change:

sudo niutil -createprop . /users/$USERNAME uid 499
sudo find / -user $OLDUID -exec chown 499 {} \;
2). Simply tell the Login Window not to display admin users:
sudo defaults write com.apple.loginwindow HideAdminUsers true
One can also affect this change with Mike Bombich's LoginWindow Manager application: http://www.bombich.com/software/lwm.html

[ Reply to This | # ]
I hate GeekLog
Authored by: gatorparrots on Sep 16, '03 04:11:13PM
Of course it had to eat the backslash...
sudo find / -user $OLDUID -exec chown 499 {} \;


[ Reply to This | # ]
Creating 'secret' user accounts in 10.2
Authored by: roguElement on Feb 27, '05 11:13:14AM

Excellent hint, thank you for the detail.

My case is the opposite - a coworker created a secret account on my PowerBook and uses it to remotely login and create (mostly harmless) michief at will.

My question is this: how do you kill off this secret user? I used your hint to find that I do in fact have a 499 user, but my UNIX skills aren't good enough to delete it.

Thanks



[ Reply to This | # ]
Creating 'secret' user accounts in 10.2
Authored by: pheed on Sep 19, '03 09:11:42AM

Does anyone know how to also keep this user from showing up in the "Accounts" System Preference Pane? I'm not sure if changing the user ID to <500 does the trick. I did this first, but then immediately changed it back. I had difficulty setting preferences such as desktop picutre, clock preferences, etc.

---

E-mail me: moc.cam@deehp



[ Reply to This | # ]
Creating 'secret' user accounts in 10.2
Authored by: ewg on Nov 14, '03 02:27:59PM

Be very, very careful changing uid numbers in Mac OS X.

The reason is that user information, including file ownership, uses the uid, not the username. If you change the uid, you're no longer you.

See a previous poster's 'find' command for a way to change file ownership information to match a changed uid.



[ Reply to This | # ]
Creating 'secret' user accounts in 10.2
Authored by: boee on May 12, '04 12:35:40PM
Reassign ownership of files to username:
chown -R username.users /Users/username
chmod -R 700 /Users/username

---
Pete D

[ Reply to This | # ]

Creating 'secret' user accounts in 10.2
Authored by: leenoble_uk on Nov 05, '03 06:18:43AM

After installing Panther I was unable to access the Accounts preference pane. I tried multiple fixes found on the Apple discussions forum but none of them worked. It was only after restoring my realname properties for ALL USER ACCOUNTS that I could get the pane to load. I don't think the invisible home directory part does any harm but I currently have that disabled too.
Personally I thought having an invisible account or two was helpful to my security should the laptop end up in the wrong hands but this seems to be impossible now. I had an IP notifier running on a hidden admin account so I could potentially trace its location. I also made it easy for the thief to get into the dummy account (the only one displayed on the login screen) and connect to the internet.
I haven't tried knocking my UIDs below 500 though.

---
So, I said ... well, I can't actually remember exactly what I said. But it was one of the most enormously cruel and frighteningly witty put downs ever.



[ Reply to This | # ]
Creating 'secret' user accounts in 10.2
Authored by: a-bort on Sep 19, '04 11:01:12PM
So in the end, with help of the http://www.bombich.com website and gatorparrots tip i came to the following construction (actually on Tiger..)

--> user folder to other place (Terminal):
sudo ditto -rsrcFork /Users/SecretUser /private/var/.SecretUser
sudo niutil -createprop / /users/secretuser home /private/var/.SecretUser

--> gif SecretUser uid 499, so it will be invisible to the finder (Terminal):
sudo niutil -createprop . /users/secretuser uid 499
sudo chown -R 499 /private/var/.SecretUser

--> Testing transport of user:
log in by going to the login window
- arrow down
- hit "option-return" en log in

--> if it all works remove the old SecretUser folder (Terminal):
sudo rm -rf /Users/SecretUser

This all works great for me!
Good luck!



[ Reply to This | # ]