Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Keep UID above 501 for login window account display' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Keep UID above 501 for login window account display
Authored by: Cap'n Hector on Aug 29, '03 11:06:02AM
This is a feature...it's used on some education computers to hide an administrator account...

[ Reply to This | # ]
Keep UID above 501 for login window account display
Authored by: wgscott on Aug 29, '03 11:21:37AM

pick something larger, random and with more digits. The problem with 501 is that it is everyone's default uid and it therefore presents a security hole when used with NFS.

After you change to another uid number, you will lose access to your directory unless you do this:

sudo chown -R yourname /Users/yourname

This resets the uid on all your files, restoring your permissions.

All of this works much better if you are doing it while logged in as root, or at least as a different admin user.



[ Reply to This | # ]
Keep UID above 501 for login window account display
Authored by: kcamera on Aug 29, '03 03:59:38PM

I didn't mean to imply that the UID *should* be 501, only that numbers less than 501 are filtered out. I agree that you should be careful using any values in the low 500's, but all you have to do is dump the user database from NetInfo and make sure you're not using an existing value. I did NOT try seeing if the OS checks for collisions when creating new accounts -- for example, if you use 503 and then create a third user account using System Preferences, I don't know if OSX will skip that value or cause a problem...

As far as permissions, those issues are covered in the link I included with the hint. Be aware that the user directory is by far the most critical, as you mention in your comment. But there are also some files in /Library, /Applications, and /usr which may be owned by your old UID. Those should be changed as well using a careful script or find command (see the link for an example).



[ Reply to This | # ]
Keep UID above 501 for login window account display
Authored by: kcamera on Aug 29, '03 03:52:45PM

I'm well aware it's a feature to hide administrative accounts from the user list. No one wants to see root, daemon, sshd, ftp, etc. in the list...

My only reason for the slightly sarcastic quotes was the *way* in which they did it, by filtering all UIDs under 501. I would have expected something more robust, like marking an account as hidden in the NetInfo key for the user. Or having an internal list of hidden accounts, much like how the root of the filesystem hides the UNIX/kernel files but not new ones you create.

Sorry for overacting... didn't mean any offense.



[ Reply to This | # ]