All geek questions in one place

Why do I have two users with uid 0 on my Mac?

When I execute the following code in the terminal:

dscl . -list /Users UniqueID

The output shows two users with uid 0 : one with the name root , the other with the name newuser .

But when I do:

 cat /etc/passwd

There is only one user with uid 0 , i.e. root.

I want to know why the answers of the above commands are different and how I can remove newuser.

I am using the latest version of Mac OS X.

I found this question when I was unable to install a trial version of parallels desktop trial. Error message:

  1. Unable to install Parallels Desktop because your system has a non-root user account ( http://kb.parallels.com/cn/122763 )

I already called apple support for help, but they had no solution.

Update:

it se ! [enter image description here

It seems that newuser is starting processes that must be run by root. In addition, the ps command also starts newuser, but my username is xlnwel

What is this newuser ?

Update 2:

enter image description here

I have no idea what I did yesterday (maybe just restart the computer), but today these processes are executed by root . but there are two more users with 0 when I run:

dscl . -list /Users UniqueID

+5
source share
2 answers

Interesting.

On most * NIX systems, there is no strict mapping 1-1 from user name to user ID, so everything is technically fine to have multiple usernames with the same UID. The reason you don't see it in /etc/passwd is because the file is used for legacy accounts, and directory services are expected to be a source of truth.

Think you never created newuser ? You must understand that the user is actually the root backdoor on your system, since anyone with a password can act as UID 0 and have full access to your machine.

I would check for the presence of "newuser" in the "Users and Groups" preference panel. You should probably be able to simply delete it with sudo /usr/bin/dscl . -delete "/Users/newuser" sudo /usr/bin/dscl . -delete "/Users/newuser" . The important part is to understand how this user got into your car in the first place.

Immediate solution: delete the user using the command above.

Actual correction: reinstall the machine and restore the data from the backups.

+7
source

I will answer your questions in turn:

1. "... why are the answers to the above commands different?"

The reason the answers of the two teams are different is because they look at two different sets of records.

The / etc / passwd file is used only by OSX in single-user mode, as indicated at the top of the file:

 ## # User Database # # Note that this file is consulted directly only when the system is running # in single-user mode. At other times this information is provided by # Open Directory. # # See the opendirectoryd(8) man page for additional information about # Open Directory. ##

Since directory services are used for users and resources (printers, servers), you will most likely have more entries in the directory services list than the number of entries in the / etc / passwd file.

2. "... how can I delete a new user?"

To remove a user, you can use the dscl commands, as indicated by Farcaller above:

a) check the information for the user and group with:

 dscacheutil -q user

And then:

 dscacheutil -q group

I would also check which other users are in the same group as "newuser", which files are in / Users / newuser, and then make decisions based on this information.

b) If everything looks fine, delete the user with

 sudo dscl . delete /Users/newuser

This will delete everything in the specified directory. If you want to delete the user's home directory, you will need to do this manually:

 rm -rf /Users/newuser

If "newuser" was in its group, I would also look at deleting the group:

 sudo dscl . delete /Groups/<<GROUP_NAME_OF_NEWUSER_FROM_A_ABOVE>>

Hope this helps.

+1
source

Source: https://habr.com/ru/post/1246666/

More articles:


All Articles