Hide users from Mac OS X Snow Leopard logon screen
Solution 1
The easiest method for hiding system users (if their user ID is < 500) in the login window is to run the following command:
sudo defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool TRUE
Alternatively you can manually hide just the username by running
sudo defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array-add '_postgres'
To hide the 'Others...' item from the login window if need be:
sudo defaults write /Library/Preferences/com.apple.loginwindow SHOWOTHERUSERS_MANAGED -bool FALSE
Solution 2
dscl . create /Users/test
dscl . create /Users/test UniqueID 420
dscl . create /Users/test PrimaryGroupID 420
dscl . create /Users/test UserShell /bin/bash
dscl . create /Users/test NFSHomeDirectory /tmp
dscl . create /Users/test RealName Test
dscl . create /Users/test Password test
This creates a user that's visible in sysprefs/Accounts.
dscl . create /Users/test Password "*"
This hides the user. Make sure you quote the "*" or it won't work.
EDIT: I accidentally managed to recreate googletorp's situation of not being able to hide a user by setting his password to "*", and I discovered how to fix it. This time, I had created a user using dsimport, like this:
dsimport /dev/fd/0 /Local/Default I --template StandardUser << EOF
test:*:520:520:Test user:/Users/test:/bin/bash
EOF
But in that command, the * is taken to represent a literal one-character password of *
, and so dsimport creates an AuthenticationAuthority property for the user and sets the password property to the shadow hash of *
(which shows up as ********
in dscl, as for all passwords). After that, attempting to set the password to "*" using dscl just keeps setting the password to a literal *
, instead of disabling the password. The solution is to delete the unwanted property, and then disable the password:
sudo dscl . delete /Users/test AuthenticationAuthority
sudo dscl . create /Users/test Password "*"
This hides the user.
Solution 3
Just in case you haven't found a viable solution (or in case someone else finds this question from Google), setting the user's shell to /usr/bin/false
prevents him from logging in and hides it from the login screen and from the system preferences. To do so, use the following command line:
sudo dscl . -change /Users/[username] UserShell /bin/bash /usr/bin/false
And to revert the change:
sudo dscl . -change /Users/[username] UserShell /usr/bin/false /bin/bash
Where [username]
is the name of the user you want to hide (_postgres
in your case I assume). I don't know why dscl
wants the old value first, but that's what the manpage says, and it works quite well.
Related videos on Youtube
googletorp
I'm a senior Drupal developer, working as a consultant for Reveal IT. Over the past year I've spent a lot of time on Drupal and Drupal Commerce, created a lot of different sites with it and enjoyed it all the way. I maintain or co-maintain a host of modules on drupal.org and have contributed to a lot of other modules. Recently I've started contributing to Drupal core, making me in the top 5% of most contributions. When I'm not doing work or Drupal related stuff, I usually spend time with my beautiful wife and amazing son, play soccer, make grandiose cakes or some other fun stuff.
Updated on September 17, 2022Comments
-
googletorp over 1 year
Somehow, I managed to set a passwd for my _postgres user on my OS instead of setting it on the postgres role I have as my superuser / root. Anyways since this, I've been struggling with that user showing up in the account section and login screen, which I really would like to avoid. I've read through some docs about this, and setting the password to
*
should be all that is needed to fix this. But after several attempts doing this with and without dscl to no avail, I'm gotten to a point where I don't know what to do anymore.I didn't think it would be even hard doing this, but clearly I'm missing something, so how do you do this?
-
Hasaan Chop over 14 yearsHaving a password for your _postgres user isn't a particularly bad idea at all.
-
googletorp over 14 yearsThe postgres docs actually recommends the opposite, that way only system users can access postgres, and there is one less password to remember / security risk.
-
Chealion over 14 yearsHave you tried deleting and recreating the user?
-
googletorp over 14 yearsYeah, I've tried that a few times actually. You need to somehow set the passwd to disabled as not having a passwd is not enough. This is the pain point I haven't been able to overcome.
-
-
googletorp over 14 yearsThis is a somewhat hacky solution and doesn't actually "solve" the problem, it just hides the symptoms. I have a lot of different system users for stuff like mysql and whatnot, and they don't show up because their password is marked as '*'. This is what I'm trying to accomplish for my postgres user. Your solution would be bad if I had other users I did want to hide, but be able to login with using others. I would really like to go to the root and actually fix this instead of hiding the problem.
-
googletorp about 14 yearsThis solution is very poor as it disables the shell for that user, the very thing that I want to use it for. If I would want to restart the database etc.
-
zneak about 14 years@googletorp: You can still do
sudo -s -u _postgres
from an admin account to get a shell as_postgres
; this will work even if hisUserShell
is set to/usr/bin/false
. Besides, doesn't setting its password to "no password", as you tried to do, also disables the account? -
Eric3 almost 13 yearsInstead of the quotes, have you tried escaping the star?
dscl . -create /Users/test Password \*
-
LaC almost 13 yearsAs long as dscl sees a literal "*" after "Password", anything goes.
-
Antony over 12 yearsHide500Users flag doesn't seem to work under lion anymore. Only the remaining two commands work for Lion
-
James McMahon over 8 yearsNote that this will not hide the user on the initial boot screen if you have FileVault2 on.