Saturday, April 16, 2016

Why do I have two users with uid 0 on my Mac?

Leave a Comment

When I execute following code in terminal:

dscl . -list /Users UniqueID 

The output shows two users with uid 0: one named root, the other named newuser.

But when I execute:

cat /etc/passwd 

There is only one user with uid 0, i.e. root.

I want to know why the answers of above commands are different, and how I can delete the newuser.

I am using the newest version of Mac OS X.

I found this question when I failed to install parallels desktop trial edition. The error message is:

  1. Cannot install Parallels Desktop because there is a non-root user account with the UID 0 in your system (http://kb.parallels.com/cn/122763)

I've already called apple support for help, but they had no solution.

Update:

it se ![enter image description here

It seems that newuser runs the processes which root should run. Furthermore, the ps command is also run by newuser, but my user name is xlnwel

What on earth is this newuser?

Update 2:

enter image description here

I have no idea what I have done yesterday (maybe just reboot the computer), but today these processes are run by root. but there are still two users with 0 when I run:

dscl . -list /Users UniqueID

2 Answers

Answers 1

Interesting.

There is no strict 1-1 mapping from user name to user id in most of *NIX systems, so technically it's all fine to have a few user names with same UID. The reason why you don't see it in /etc/passwd is that the file is used for legacy accounts, and directory services are expected to be the source of truth.

I guess you never created the newuser? You must understand that the user is effectively a root backdoor into your system, as anyone having the password can act as UID 0 and have full access to your machine.

I'd check for existence of "newuser" in Users & Groups preference pane. You surely should be able to just remove it with sudo /usr/bin/dscl . -delete "/Users/newuser". The important part is to figure how that user got into your machine in the first place.

Immediate solution: remove the user using the command above.

Actual fix: reinstall the machine clean and restore your data from backups.

Answers 2

I will try to answer your questions in turn:

  1. "... why the answers of above commands are different?"

The reason the answers from the two commands are different is because they are looking at two different records sets.

The /etc/passwd file is only used by OSX in single user mode, as pointed out at the top of the file:

## # User Database #  # Note that this file is consulted directly only when the system is running # in single-user mode.  At other times this information is provided by # Open Directory. # # See the opendirectoryd(8) man page for additional information about # Open Directory. ## 

As Directory Services is used for users and resources (printers, servers) you will most likely have more entries in a Directory Services listing than the number of entries in /etc/passwd file.

  1. "... how I can delete the new user?"

To delete the user you can use dscl commands as pointed out by Farcaller above:

a) check the details for the user and group with:

dscacheutil -q user 

And then:

dscacheutil -q group 

I would also check to see what other users are in the same group that "newuser" is in, what files are in /Users/newuser, and then make decisions based on that information.

b) If all looks OK, delete the user with:

sudo dscl . delete /Users/newuser 

This will delete everything under the specified directory. If you want to remove the user's home directory you will need to do this manually with:

rm -rf /Users/newuser 

If the "newuser" was in its own group, I would also look at deleting the group with:

sudo dscl . delete /Groups/<<GROUP_NAME_OF_NEWUSER_FROM_A_ABOVE>> 

Hope that helps.

If You Enjoyed This, Take 5 Seconds To Share It

0 comments:

Post a Comment