Is there anything unique/special/magic about that first 501 account?

Due to some glitch in my Tiger Migration my Admin user account was frozen but I had a Backup master Account in which I could use Leopard. So my Account is not 501 and I deleted my 501. Can't tell you for sure if it causes problems, I do have issues but I can't confirm or deny it's associated with this event.

Jason Kulas wrote:
Is there anything unique/special/magic about that first 501 account (that is, the first account that is created when you run Setup upon boot-up)?

As long as you have other admin accounts, is it ok to remove admin priv from the 501 account (using System Preferences)? Is it ok to delete it completely?

From what I gather, there's nothing particularly special about the 501 account.

When you use the terminal and need a password for sudo, it's usually the password for that first user's account.
Why would you want to remove it?
If your system is backed up with TM, will you be able to get anything back if you delete the primary account?
Your computer name is associated with that user's name. Lots of little things like your network name etc.
What will happen if you do need to restore files from a backup?
I don't have the answers but I would never even consider removing the primary account.

If you have some strong desire to remove it, I would suggest a clone bootable backup before doing so. Removing something is much easier than replacing it. That's entropy at work.

Message was edited by: nerowolfe

There is nothing wrong with experimenting. But I still would suggest a clone bootable backup so that permissions don't matter when you restore it.
Why don't you go into System Preferences/Accounts and be sure that you have two admin accounts. Then disable the primary one and see what happens. Or change the main user's id to something other than 501.
You need to first unlock the padlock and then right-click the user name. You can then change many things that were unchangeable in earlier OSs.
Read the warnings. For example, if you remove the original account, will the padlock open with the new account? If not, then you need to get into the terminal and fix things.
If you simply disable autologin and only use the second admin account, why do you care what number the other one is?

A few other thoughts:
Do you have a .mac account or any other online accounts that are accessed by the 501 account holder? They may not be accessible any more. Not sure about email accounts or other things which may have to be reset to the new admin.
All the things that you setup as the original administrator under 501 are subject to change. Even your access to some files that are now tagged as belonging to 501. You would not have access to them until you changed them to your new uid.
It is worth it? Not to me.

Message was edited by: nerowolfe

There is nothing special about that account or the 501 UID. The password requested when you use sudo is that of the currently logged in account; non-admin accounts will be denied access unless the configuration of sudo has been changed. Other items, such as the computer's name, can be changed independently of that or any other account.

(26847)

My $.02:

1. The computer name is irrelevant. It is easily changed by going to System Preferences > Sharing, and does not have to be associated with user 501.

2. sudo is irrelevant. All that matters for sudo is that the user invoking it is a member of the sudoers list ( man sudo, man visudo, man sudoers) and types his/her own password. The password for user 501 is only relevant if 501 is an administrator and is the user executing sudo.

3. For security reasons, your regular user should NOT be a member of the admin group. The admin user should be invoked only when needed for administrative tasks.

4. On Tiger, after setting up the computer and discovering to my horror that I was an administrator, I created a new user to be the administrator and then removed the administrative privileges from my regular, 501, user, as per point #3. I also noticed the odd glitch here and there, which may or may not have been imagined, may or may not have been unrelated, but also may or may not be due to application installers setting permissions assuming that 501 has administrative power.

Therefore, I recommend setting up your computer to make 501 be a NON-day-to-day administrative account, and create a new account for your day-to-day purposes. If that means changing the computer's name from the default named after your administrator, so be it. But don't fear deleting the 501 account, if you so desire.

Nothing special about the 501 account. 501 is just a number. I have six user accounts on my Mac, and the only admin account is UID 505. I turned off admin privileges on my everyday account (UID 501) a long, long time ago and have not noticed any adverse effects.