Ticket Options
Question Details
TICKET ARCHIVE -> Hidden User Account Appears In Startup Login Box
urban_kanonkod.se - Jun 10, 2005 - 4:14 am
In my attempts to install PostgreSQL on my G4/OSX10.4.1 I am experiencing an annoying problem.
A vital part of the installation is to create a unique user dubbed postgres. I started by creating a new user using the Accounts panel in System Preferences. However I then realized that when doing so the new account would appear as an ordinary user and I would see it every time I log onto my Mac. Thus after some investigation, i found out that if the uid is low enough the user account should be invisible. Someone suggested counting down from 500 so I assigned the account uid 497.
The account now is invisible from the Accounts panel in the System Preferences but still appears as a valid login name. Not what I wanted. After a while I gave up, deleted the account and tried to use the NetInfo manager instead.
In the NetInfo manager I copied the MySQL user, altered the uid but with the exact same result. That is, the account is invisible from the Accounts panel in the System Preferences but still appears as a valid login name.
What should I do?
A vital part of the installation is to create a unique user dubbed postgres. I started by creating a new user using the Accounts panel in System Preferences. However I then realized that when doing so the new account would appear as an ordinary user and I would see it every time I log onto my Mac. Thus after some investigation, i found out that if the uid is low enough the user account should be invisible. Someone suggested counting down from 500 so I assigned the account uid 497.
The account now is invisible from the Accounts panel in the System Preferences but still appears as a valid login name. Not what I wanted. After a while I gave up, deleted the account and tried to use the NetInfo manager instead.
In the NetInfo manager I copied the MySQL user, altered the uid but with the exact same result. That is, the account is invisible from the Accounts panel in the System Preferences but still appears as a valid login name.
What should I do?
tubajensen - Jun 10, 2005 - 5:50 am
Urban,
in the Accounts preference pane you could try changing "Display Login Window as: List of users" to "Name and password" in the "Login Options". This doesn't give you a user list at login but on the other hand it doesn't show the postgres user.
-------
Allan
in the Accounts preference pane you could try changing "Display Login Window as: List of users" to "Name and password" in the "Login Options". This doesn't give you a user list at login but on the other hand it doesn't show the postgres user.
-------
Allan
urban_kanonkod.se - Jun 10, 2005 - 8:46 am
Thanks Allan.
You're right, this is better albeit not perfect. It would be really nice to know exactly what makes the OS show certain users at the login and not others. The uid may have impact but it is not the full story am afraid.
I will use your suggested approach then until I solve it completely.
Regards
Urban
You're right, this is better albeit not perfect. It would be really nice to know exactly what makes the OS show certain users at the login and not others. The uid may have impact but it is not the full story am afraid.
I will use your suggested approach then until I solve it completely.
Regards
Urban
tubajensen - Jun 11, 2005 - 5:09 am
Urban,
Brian S. sent me the comment above. I tried this for my ntop user account but it didn't work for me. If you want I can send your question back to the open pool for other techs to view.
-------
Allan
Brian S. sent me the comment above. I tried this for my ntop user account but it didn't work for me. If you want I can send your question back to the open pool for other techs to view.
-------
Allan
urban_kanonkod.se - Jun 11, 2005 - 6:53 pm
Yes, sure. Please do.
Urban
Urban
macbri - Jun 13, 2005 - 2:55 pm
Hi Urban -
Did you try assigning a shell of /usr/bin/false for your postgres user in NetInfo manager? You would have to test that by logging out and back in again to see if there's any difference.
If that doesn't help, try this: in Netinfo Manager select a user who you know doesn't show up in your login window (or fast-user switch menu if you have that enabled). For example try "daemon" or "sshd" - then duplicate it and rename it as "postgres", making sure you change the user ID (uid) value and nothing else. Also make sure the UID isn't alreadu assigned to another account. See if that helps, and then let us know. (I have done this successfully on 10.3.9 but not 10.4.1).
--------
Brian S. -- MacOSX.com Technical Support
Did you try assigning a shell of /usr/bin/false for your postgres user in NetInfo manager? You would have to test that by logging out and back in again to see if there's any difference.
If that doesn't help, try this: in Netinfo Manager select a user who you know doesn't show up in your login window (or fast-user switch menu if you have that enabled). For example try "daemon" or "sshd" - then duplicate it and rename it as "postgres", making sure you change the user ID (uid) value and nothing else. Also make sure the UID isn't alreadu assigned to another account. See if that helps, and then let us know. (I have done this successfully on 10.3.9 but not 10.4.1).
--------
Brian S. -- MacOSX.com Technical Support
urban_kanonkod.se - Jun 14, 2005 - 5:12 am
Hi Brian,
Thanks a lot for taking the time to look into this.
- You are right that if I set the shell to /usr/bin/false for my postgres user in NetInfo manager then it won't show up in the fast-user switch. However I need to be able to su to the postgres user when working with the sql stuff so unfortunately that it not a viable solution in this case.
- The way I set up the account initially was actually to copy the MySQL user and edit the UID and (can't be avoided) the shell to bash. And yes the UID for my postgres user is unique as well as less the 500.
Note: I didn't have this problem in Panther. It appeared when I upgraded to Tiger. Maybe the rules for which accounts that are shown in the fast-user switch has changed between 10.3 and 10.4. To sum things up: In Tiger it seems like all accounts with a valid shell are shown but in Panther a low enough UID seems to hide the account from being shown by the fast-user switch.
Kind Regards
Urban
Thanks a lot for taking the time to look into this.
- You are right that if I set the shell to /usr/bin/false for my postgres user in NetInfo manager then it won't show up in the fast-user switch. However I need to be able to su to the postgres user when working with the sql stuff so unfortunately that it not a viable solution in this case.
- The way I set up the account initially was actually to copy the MySQL user and edit the UID and (can't be avoided) the shell to bash. And yes the UID for my postgres user is unique as well as less the 500.
Note: I didn't have this problem in Panther. It appeared when I upgraded to Tiger. Maybe the rules for which accounts that are shown in the fast-user switch has changed between 10.3 and 10.4. To sum things up: In Tiger it seems like all accounts with a valid shell are shown but in Panther a low enough UID seems to hide the account from being shown by the fast-user switch.
Kind Regards
Urban
macbri - Jun 14, 2005 - 11:16 am
Hi Urban -
No problem, that's why we're here! Now unfortunately I don't yet have my copy of tiger, but I'd like to keep this question active in the meantime. I suppose you've already done this, but are all the accounts in Netinfo Manager (which are hidden to your login window) hidden in the same way? In other words apart from your user accounts are they all set up to use /usr/bin/false as a shell?
Another forum I've looked at has indicated that adding a "HiddenUserList" key to /Library/Preferences/com.apple.loginwindow.plist achieves what we're looking for. If you're feeling adventurous! Now again I must state that I don't have Tiger yet and therefore *cannot verify* if this works. But in the interests of providing you with as much info. as possible, here it is...
And credit to a poster called "Guillaume O." whom I shall now be paraphrasing.
First make a backup copy of /Library/Preferences/com.appple.loginwindow.plist. Safety first!!! Then, open /Library/Preferences/com.apple.loginwindow.plist with Property List Editor. Add a new child called "HiddenUsersList" (no quotes of course) and change it's type to array. Then add a new child to this array with the name "postgres". Then logout and see if it worked!
The forum in which I found this information by the way also indicates a nice trick where you can convert the binary plist files which Apple moved to with Tiger, into the handy (and easily editable for us 'vi' folks!!!!) XML format of earlier releases with the "plutil" command:
cd /Library/Preferences
sudo plutil -convert xml1 -o /tmp/login.plist com.apple.loginwindow.plist
sudo plutil -convert binary1 -o com.apple.loginwindow.plist /tmp/login.plist
Finally, if you'd like to read the full thread of the forum where I got this information, here's the link:
http://forums.macosxhints.com/printt...8&page=2&pp=20
--------
Brian S. -- MacOSX.com Technical Support
No problem, that's why we're here! Now unfortunately I don't yet have my copy of tiger, but I'd like to keep this question active in the meantime. I suppose you've already done this, but are all the accounts in Netinfo Manager (which are hidden to your login window) hidden in the same way? In other words apart from your user accounts are they all set up to use /usr/bin/false as a shell?
Another forum I've looked at has indicated that adding a "HiddenUserList" key to /Library/Preferences/com.apple.loginwindow.plist achieves what we're looking for. If you're feeling adventurous! Now again I must state that I don't have Tiger yet and therefore *cannot verify* if this works. But in the interests of providing you with as much info. as possible, here it is...
And credit to a poster called "Guillaume O." whom I shall now be paraphrasing.First make a backup copy of /Library/Preferences/com.appple.loginwindow.plist. Safety first!!! Then, open /Library/Preferences/com.apple.loginwindow.plist with Property List Editor. Add a new child called "HiddenUsersList" (no quotes of course) and change it's type to array. Then add a new child to this array with the name "postgres". Then logout and see if it worked!
The forum in which I found this information by the way also indicates a nice trick where you can convert the binary plist files which Apple moved to with Tiger, into the handy (and easily editable for us 'vi' folks!!!!) XML format of earlier releases with the "plutil" command:
cd /Library/Preferences
sudo plutil -convert xml1 -o /tmp/login.plist com.apple.loginwindow.plist
sudo plutil -convert binary1 -o com.apple.loginwindow.plist /tmp/login.plist
Finally, if you'd like to read the full thread of the forum where I got this information, here's the link:
http://forums.macosxhints.com/printt...8&page=2&pp=20
--------
Brian S. -- MacOSX.com Technical Support
urban_kanonkod.se - Jun 15, 2005 - 8:15 am
Hi again Brian,
Thanks. I've added the account to the list of users to be hidden as instructed in your mail. And... it works but with a slight side-effect.
That is, after performing the update of com.apple.login-window.plist the actual postgres user doesn't appear in the login window anymore. But instead, below my personal account in the login window I get an additional icon labeled "Other accounts...". If I click on that button I get the standard text login box were I should provide both user-name and password.
I'll try to find some time this weekend to try some other stuff such as looking into the generateduid settings mentioned in the thread you gave me.
Cheers
Urban
Thanks. I've added the account to the list of users to be hidden as instructed in your mail. And... it works but with a slight side-effect.
That is, after performing the update of com.apple.login-window.plist the actual postgres user doesn't appear in the login window anymore. But instead, below my personal account in the login window I get an additional icon labeled "Other accounts...". If I click on that button I get the standard text login box were I should provide both user-name and password.
I'll try to find some time this weekend to try some other stuff such as looking into the generateduid settings mentioned in the thread you gave me.
Cheers
Urban
macbri - Jun 16, 2005 - 6:31 pm
Urban -
In the meantime, I'm getting my hands on OS X Tiger myself tomorrow, so I'll also be able to check into this first-hand. I'll let you know when/if I get any further with this!
--------
Brian S. -- MacOSX.com Technical Support
In the meantime, I'm getting my hands on OS X Tiger myself tomorrow, so I'll also be able to check into this first-hand. I'll let you know when/if I get any further with this!
--------
Brian S. -- MacOSX.com Technical Support
IF THIS IS YOUR QUESTION AND YOU WISH TO RESPOND, LOGIN HERE FIRST.
