Why do I have two users with uid 0 on my Mac? - macos

When I execute following code in terminal:
dscl . -list /Users UniqueID
The output shows two users with uid 0: one named root, the other named newuser.
But when I execute:
cat /etc/passwd
There is only one user with uid 0, i.e. root.
I want to know why the answers of above commands are different, and how I can delete the newuser.
I am using the newest version of Mac OS X.
I found this question when I failed to install parallels desktop trial edition. The error message is:
Cannot install Parallels Desktop because there is a non-root user account with the UID 0 in your system (http://kb.parallels.com/cn/122763)
I've already called apple support for help, but they had no solution.
Update:
It seems that newuser runs the processes which root should run. Furthermore, the ps command is also run by newuser, but my user name is xlnwel
What on earth is this newuser?
Update 2:
I have no idea what I have done yesterday (maybe just reboot the computer), but today these processes are run by root. but there are still two users with 0 when I run:
dscl . -list /Users UniqueID

Interesting.
There is no strict 1-1 mapping from user name to user id in most of *NIX systems, so technically it's all fine to have a few user names with same UID. The reason why you don't see it in /etc/passwd is that the file is used for legacy accounts, and directory services are expected to be the source of truth.
I guess you never created the newuser? You must understand that the user is effectively a root backdoor into your system, as anyone having the password can act as UID 0 and have full access to your machine.
I'd check for existence of "newuser" in Users & Groups preference pane. You surely should be able to just remove it with sudo /usr/bin/dscl . -delete "/Users/newuser". The important part is to figure how that user got into your machine in the first place.
Immediate solution: remove the user using the command above.
Actual fix: reinstall the machine clean and restore your data from backups.

I will answer your questions in turn:
1. "... why the answers of above commands are different?"
The reason the answers from the two commands are different is because they are looking at two different records sets.
The /etc/passwd file is only used by OSX in single user mode, as pointed out at the top of the file:
##
# User Database
#
# Note that this file is consulted directly only when the system is running
# in single-user mode. At other times this information is provided by
# Open Directory.
#
# See the opendirectoryd(8) man page for additional information about
# Open Directory.
##
As Directory Services is used for users and resources (printers, servers) you will most likely have more entries in a Directory Services listing than the number of entries in /etc/passwd file.
2. "... how I can delete the new user?"
To delete the user you can use dscl commands as pointed out by Farcaller above:
a) check the details for the user and group with:
dscacheutil -q user
And then:
dscacheutil -q group
I would also check to see what other users are in the same group that "newuser" is in, what files are in /Users/newuser, and then make decisions based on that information.
b) If all looks OK, delete the user with:
sudo dscl . delete /Users/newuser
This will delete everything under the specified directory. If you want to remove the user's home directory you will need to do this manually with:
rm -rf /Users/newuser
If the "newuser" was in its own group, I would also look at deleting the group with:
sudo dscl . delete /Groups/<<GROUP_NAME_OF_NEWUSER_FROM_A_ABOVE>>
Hope that helps.

I have a solution that helped me
Check list of IDs
dscl . -list /Users UniqueID
change the UID to a not used number with the phrase:
sudo dscl . -change /Users/newuser UniqueID 0 599
where 599 is unique ID and "newuser" is a second user with 0

Related

macOS terminal asking for password every time I run copy command

I'm running a bash command on mac that moves a file to private/etc/app_name/.
sudo cp my_file.cpp private/etc/app_name/
Every time the I want to run the bash file, the OS asks for my system password.
> ./run_copy.sh
Password: *******
Is there a way to by-pass this or configure in such way that I only have to enter the password once.
Apparently, on my Macbook, I see /etc directory having symlinks with the /private/etc directory which is owned by the wheel group & root is part of that group. So, you would need to use sudo to copy to that directory.
With that said on a Linux machine, you can work around this by adding your group to a new file in the /etc/sudoers.d/<group-name> path.
<grp-name> ALL=(ALL) NOPASSWD:ALL
I've just tried this on my mac, I could copy files onto /private/etc directory without entering the sudo password prompt.
Unfortunately, this comes up with some risks as users of your group get privileged access without entering any password prompt. You might accidentally delete important system files etc.,
A more niche approach could be to allow selectively like <group> ALL = (ALL) NOPASSWD: /usr/local/bin/copy-script. This way, they can't run all scripts/commands with sudo privileges.

How to use Terminal, launched from OSX setup screen, to create new user?

I need to create a new user account on a system drive (10.10.1) because I am unable to log in to the only existing one. I can however get into the OSX setup from a prepared USB flash drive, and launch Terminal there.
I guess it would be possible to add the user account "testuser" with the following method:
dscl . create /Users/testuser
dscl . create /Users/testuser UserShell /bin/bash
dscl . create /Users/testuser RealName "Test User"
dscl . create /Users/testuser UniqueID 503
dscl . create /Users/testuser PrimaryGroupID 1000
dscl . create /Users/testuser NFSHomeDirectory /Local/Users/testuser
dscl . passwd /Users/testuser PASSWORD
dscl . append /Groups/admin GroupMembership testuser
Now entering
-bash-3.2# dscl . create /Users/testuser
what I get from Terminal is this:
-bash: dscl: command not found
I am not the most experienced with command line tools, and am clueless on how to get it to work.
Any help is greatly appreciated.
I'm not sure how you prepared the USB drive, but it looks like it doesn't include dscl. You can use the copy of dscl from the regular startup volume, but it'd still be trying to create a user on the USB disk. To fix that, you'd need to use dscl's -f option to point it to the user database you actually wanted to edit (see here for something similar).
"/Volumes/Macintosh HD/usr/bin/dscl" -f "/Volumes/Macintosh HD/var/db/dslocal/nodes/Default" localonly -create /Local/Target/Users/testuser
...etc. But even then, I'm not sure it'll handle setting the user's password correctly (there used to be a bug relating to that, but I think it got fixed).
There's a much easier way. Just delete the file /var/db/.AppleSetupDone from your regular volume (not the USB disk):
rm "/Volumes/Macintosh HD/var/db/.AppleSetupDone"
... then reboot normally and it'll run through the Setup Assistant, including letting you create a new admin account (note that existing accounts will be preserved). You can use the new admin to clean up whatever needs to be fixed (reset PW on old admin account?), then delete it when everything is back to normal.

Usernames in /etc/passwd

I'm new to linux operating system and I've explored today the /etc/passwd file and to my surprise I found that it contains many other user names like proxy,daemon..etc.What are all these users?Can I login using these users?
Here the cat command i performed on /etc/passwd.
root:x:0:0:root:/root:/bin/bash
daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
bin:x:2:2:bin:/bin:/usr/sbin/nologin
sys:x:3:3:sys:/dev:/usr/sbin/nologin
sync:x:4:65534:sync:/bin:/bin/sync
games:x:5:60:games:/usr/games:/usr/sbin/nologin
man:x:6:12:man:/var/cache/man:/usr/sbin/nologin
lp:x:7:7:lp:/var/spool/lpd:/usr/sbin/nologin
mail:x:8:8:mail:/var/mail:/usr/sbin/nologin
news:x:9:9:news:/var/spool/news:/usr/sbin/nologin
uucp:x:10:10:uucp:/var/spool/uucp:/usr/sbin/nologin
proxy:x:13:13:proxy:/bin:/usr/sbin/nologin
www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin
backup:x:34:34:backup:/var/backups:/usr/sbin/nologin
list:x:38:38:Mailing List Manager:/var/list:/usr/sbin/nologin
irc:x:39:39:ircd:/var/run/ircd:/usr/sbin/nologin
gnats:x:41:41:Gnats Bug-Reporting System (admin):/var/lib/gnats:/usr/sbin/nologin
nobody:x:65534:65534:nobody:/nonexistent:/usr/sbin/nologin
libuuid:x:100:101::/var/lib/libuuid:
syslog:x:101:104::/home/syslog:/bin/false
messagebus:x:102:106::/var/run/dbus:/bin/false
usbmux:x:103:46:usbmux daemon,,,:/home/usbmux:/bin/false
dnsmasq:x:104:65534:dnsmasq,,,:/var/lib/misc:/bin/false
avahi-autoipd:x:105:113:Avahi autoip daemon,,,:/var/lib/avahi-autoipd:/bin/false
kernoops:x:106:65534:Kernel Oops Tracking Daemon,,,:/:/bin/false
rtkit:x:107:114:RealtimeKit,,,:/proc:/bin/false
saned:x:108:115::/home/saned:/bin/false
whoopsie:x:109:116::/nonexistent:/bin/false
speech-dispatcher:x:110:29:Speech Dispatcher,,,:/var/run/speech-dispatcher:/bin/sh
avahi:x:111:117:Avahi mDNS daemon,,,:/var/run/avahi-daemon:/bin/false
lightdm:x:112:118:Light Display Manager:/var/lib/lightdm:/bin/false
colord:x:113:121:colord colour management
daemon,,,:/var/lib/colord:/bin/false
hplip:x:114:7:HPLIP system user,,,:/var/run/hplip:/bin/false
pulse:x:115:122:PulseAudio daemon,,,:/var/run/pulse:/bin/false
brucewilson:x:1000:1000:brucewilson,,,:/home/brucewilson:/bin/bash
mysql:x:116:125:MySQL Server,,,:/nonexistent:/bin/false
bharghav:x:1001:1001:bharghav,,,:/home/bharghav:/bin/bash
sshd:x:117:65534::/var/run/sshd:/usr/sbin/nologin
statd:x:118:65534::/var/lib/nfs:/bin/false
snmp:x:119:126::/var/lib/snmp:/bin/false
guest-MSvo95:x:120:127:Guest,,,:/tmp/guest-MSvo95:/bin/bash
Can anyone please explain what are these?
Most of those users are required by the OS processes to work. You can't login as one of those users because:
a. They don't have a shell as regular users does. For example, brucewilson has /bin/bash as shell, but pulse (Audio Controller ) has /bin/false.
b. There are not passwords for those users, so when the system asks for a password, no matter what you type you will never get in. You can check who has a password in /etc/shadow.
Actually, you can login as any user listed in /etc/passwd as of your choice.
for example, if you want to login as proxy, type the following command:
sudo -u proxy /bin/bash
It will asks password to authenticate the access, you can give your password only if your user account is added in sudoers list.
You can use the same command to login as any user in the /etc/passwd file.
For example, again if you want to log in as daemon, type the following command:
sudo -u daemon /bin/bash
and so on...
Hope this will help you.

Forcing usermod with running program

I've been looking for a way to force usermod to modify the password/group/... files despite the user being in use.
What I do get now is this:
!! Failed to execute 'usermod --home '...' --password '...' --shell '/bin/false' 'zabbix' 2>&1':
usermod: user zabbix is currently used by process 518
I know that for being secure I need to restart the service. But this is done within a setup script. I am restarting all services at the end.
Is there any way to say --force? (well, except for modifying all necessary files.)
Thanks
If you can get root rights via sudo and are confident enough to change system files using vi then I would change the files manually.
Only a few things need to be changed in
- /etc/passwd
here you could change UID, GID, Homedirectory, Shell ...
- /etc/group
here you might need to change UID/GID as well for the username if there was a change
The File /etc/shadow will be changed automatically when using passwd to set a new password. This you can directly perform if you are root: "passwd username"
You can run usermod in a separate user namespace (with a recent enough linux), but you need to map the root user to root (otherwise you won't have permissions to modify /etc/passwd).
I.e. something like this:
unshare --user --map-root-user usermod ...
Now usermod won't find the processes running with the uid of user you are modifying.
You probably won't be able to modify the root user itself with this.

Run loginhook but get UID of current logged in user

I hope I'm not asking something that will upset the great minds of stack overflow users; I believe I have done my homework but have come up empty handed.
In OS X, I'm trying to create a loginhook that will check to see if a file exists in the /usr/share folder, and if it does not exists, it should create an empty file with a title of the UID of the user who is logging in.
For example, if my UID is 501, while logging in, the script should check if a file called "501" exists in /usr/share. If it does not exist, it should create it.
The issue I'm running into is that all loginhooks are run as root, so if a file is created, it's file name is simply "0".
The only thing I have come up with thus far is:
#!/bin/bash
userID=$(id -u)
if [ ! /usr/share/$userID ]
touch /usr/share/$userID
fi
With the help and direction of vego, I've found my answer. Vego was mostly correct in that
sudo userID=$(id -u $(logname))
will produce 501 (because my UID is 501) versus producing 0, which is the UID of root.
The thing about Login Hooks, however it appears, is that the account that runs the script is mDNSResponder. I came to this conclusion because after running my script, I got a file with the title of "65"; a little digging around and I found out which account has the UID of 65 on my machine.
So, the solution is this:
userID=$(id -u $1)
and the reason why this works is because accruing to an Apple KB article, "In the login hook script, the variable $1 returns the short name of the user who is logging in."
Try adding man 1 logname.
userID=$(id -u $(logname))
# compare
sudo id -u
sudo id -u $(logname)

Resources