Help

hidden users in 10.5

tlarkin
Honored Contributor

Posted on ‎06-13-2008 10:41 AM

Since we are migrating into 10.5 I want to set up a few local hidden
user accounts. 1 for local administration by the IT staff and the other
for all the casper stuff. Before I would just create the user, move it
to a different directory, change and apply ownerships and modify paths
in netinfo. Well, in 10.5 there is no longer any netinfo. How are you
all doing this? here are the commands I am using, perhaps my syntax is
off but I yield no errors when running it.

sudo dscl . create /Users/$USERNAME
sudo dscl . create /Users/$USERNAME PrimaryGroupID 450
sudo dscl . create /Users/$USERNAME UniqueID 450
sudo dscl . create /Users/$USERNAME UserShell /bin/bash
sudo dscl . passwd /Users/$USERNAME $PASSWORD
sudo dscl . append /Groups/admin GroupMembership $USERNAME
sudo dscl . create /Users/$USERNAME NFSHomeDirectory
/private/var/$USERNAME

Any advice?

I already edited the /Library/Preferences/com.apple.loginwindow.plist to
hide all users under UID 500 and that seems to work.

Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
cell: 913-449-7589
office: 913-627-0351

0 Kudos
4 REPLIES 4

Anonymous
Not applicable

Posted on ‎06-13-2008 12:25 AM

Thomas,

You could use the jamf command, which has a verb that rolls all the commands into one. ie:

sudo jamf createAccount -username netadmin -realname "Network Administrator" -password p at 55w0rd -home /var/netadmin -shell "/bin/bash" -hiddenUser -admin

This could be run as an @reboot script after imaging, or on your OS package by running it when building the OS (if you don't have the jamf binary on it, run it from a thumb drive or other parition).

Please let us know if that helps.

Thanks,

Josh

......................................................................................................................................................................................
Joshua Holland | Sr. Systems Engineer | JAMF Software 1011 Washington Ave S. #350 Minneapolis MN 55415

0 Kudos

ernstcs
Contributor III

Posted on ‎06-13-2008 12:39 AM

Tom,

Use this. The only thing that annoys me is that in things like the Sharing panel for Remote Login for example, that account still shows up in the GUI so it's not totally hidden.

Craig

0 Kudos

ernstcs
Contributor III

Posted on ‎06-13-2008 12:49 AM

To add to this some more...if you haven't done so already...you should totally exploit the capabilities of the jamf binary on your managed systems, particularly in your scripting.

To see all the options:
/usr/sbin/jamf help

To get specific help for one like the one mentioned below:
/usr/sbin/jamf help createAccount

Make sure you are really careful with the -hiddenUser portion and the case...I screwed that up a few times so it wasn't hidden. =)

Craig

0 Kudos

tlarkin
Honored Contributor

Posted on ‎06-17-2008 09:27 AM

I am using this command with the newest client and it isn't working. Any ideas? In fact no jamf commands seem to be working. However, if I
log into the web end of the JSS the machine is checking into inventory. Trying to build this into the image.

Any ideas? The only modification i did to your command was put the full
path of /var with /private/var

However, I think I just answered my own question. The local admin
account I am using to create the image did not have a password set at
all. Then I set a password and now the terminal commands are working. Where as before the blank password was not allowing the commands to
work. I assume this is normal behavior?

It is working once I put a password on that local admin account. So,
this is just an FYI to anyone who runs into this.

Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
cell: 913-449-7589
office: 913-627-0351

0 Kudos