Issue #19783 has been updated by Jesse Endahl.
To be clear, that command is for hiding users below UID 500, not for explicitly calling out and hiding a single username (which I am pretty sure does NOT work back to 10.5). Here's the documentation for Hide500Users: If you don't want the user name to appear in the login window of a computer, assign a user ID of less than 500 and enter the following command in a Terminal window: sudo defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool YES Source: Leopard Security Config, pg. 61: https://www.secure-computing.net/wiki/images/e/ef/Leopard_Security_Config.pdf So it should work all the way from 10.5 to 10.8. I've personally tested and confirmed it to work on 10.8 and 10.7 and it hides the account from both system prefs and the login window. Don't have 10.6 or 10.5 handy to test at the moment, but if you need me to I can do that. ---------------------------------------- Bug #19783: Puppet package for OS X creates puppet user in reserved UID range https://projects.puppetlabs.com/issues/19783#change-87251 * Author: Jesse Endahl * Status: Unreviewed * Priority: Normal * Assignee: * Category: OSX * Target version: * Affected Puppet version: 3.1.1 * Keywords: puppet users group os x mac package post postflight script * Branch: ---------------------------------------- Apple reserves the 0-100 range for their own system services, and putting stuff there is risky because they could decide to start using any ID in that range at any time (in a future OS update). There is evidence that they reserve all the way up to 400. For documentation of the 0-100 reservation, see page 69 of the 10.6 Server PDF: http://manuals.info.apple.com/en_US/UserMgmt_v10.6.pdf “User IDs between 0 and 100 are reserved for system use and should not be deleted or modified except to change the password of the root user. Accounts with user IDs below 100 aren’t listed in the login window.” As for the theory about up to 400 being reserved—the evidence for that is that Apple’s support document on how to create hidden users uses the example of UID 401. See the section under “Lower the user’s UID and enable the Hide500Users option (advanced) ” on this page: http://support.apple.com/kb/ht5017?viewlocale=en_us On a related note, I do think it’s a positive thing that as it stands now, the puppet account that gets created at UID 52 is hidden from the UI, and I think if the change is made to use a UID in the 401-499 range, you should consider adding this line to the postflight script to enable hiding of sub-500 users, which I am pretty sure works all the way from 10.6 to 10.8: sudo defaults write /Library/Preferences/com.apple.loginwindow Hide500Users -bool YES -- You have received this notification because you have either subscribed to it, or are involved in it. To change your notification preferences, please click here: http://projects.puppetlabs.com/my/account -- You received this message because you are subscribed to the Google Groups "Puppet Bugs" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To post to this group, send email to [email protected]. Visit this group at http://groups.google.com/group/puppet-bugs?hl=en. For more options, visit https://groups.google.com/groups/opt_out.
