Deleting User/Groups in Info/Sharing&Permissions

The wheel group, as far as I know, is a group that is only used for the "su" command in terminal, (substitute user), which is not used at all today by Mac OS X Users. All it does is impose certain restrictions that are completely irrelevant. Basically, wheel having "Read Access" on anything means nothing. So you shouldn't worry about it.

As for the "Unknown User" with R&W permissions, it's a weird problem. I wouldn't try to delete it in the "Get Info" section, though. It may crash Finder if you do that. Since you duplicated, some of the permissions may have transferred with errors...

On Apple's website, they say to try this:

Log into an Admin Account (which you probably already are)
Open Terminal (located in Macintosh HD > Applications > Utilities > Terminal)

type in the following two commands (copy and paste, and REPLACE "username" both times with YOUR USERNAME (short name, can be found in account preferences)):

sudo dscl . create /Groups/ username GroupMembership username
(press return)
sudo dscl . change /Groups/ username RecordName username _username
(press return)

It will ask for a password: type your password in, and although it doesn't show up, it will be typing.

The apple website I got this from is http://support.apple.com/kb/TA25100?viewlocale=en_US.

Also, you are still the only user on your computer. The wheel group and the Unknown User aren't actually users... they're just small trivial errors.

I have the same problem. There is an "unknown user" who is automatically added to every new folder I create in the permissions with read access. I can't change the access to write only nor delete the "unknown user". How do I get rid of the (unknown user) account or category as a whole at the system level? I have used Onyx or Tinkertool to enable seeing all the account / group names etc in System Preferences accounts window but I don't see it listed in there anywhere either. The Terminal commands posted by the previous user had no positive benefit that I can see for enabling me to delete that user from the file permissions or from the system as a whole. Any *nix experts out there know what to do with this?

I'm having trouble understanding exactly what the problem is.

In Mac OS X, any new file is created with read+write permissions for the creator, and read-only permissions for everyone else. This is how it has been since Mac OS X 10.0. If you want to deny read permissions to others, you can do one of two things:

1) Manually change the permissions of that file/folder to No Access for group and others, OR
2) Put the file/folder in an enclosing folder that is not accessible to any other users (such as your Documents, Pictures, Desktop, or other such folders in one's home folder)

Thats not how it works on my Mac... I can create a new folder anywhere on the machine or any new file and it has three default permissions:

username (me) +rwed
_username +read only
everyone +read only

I can't get rid of this _username account. Where is it stored (these defaults) that it contains the usergroup or username "_username" that shows up in every default file permission set and how can I change it? At one point, _username was called "unknown user" but I tried the suggestion above in terminal:

sudo dscl . create /Groups/username GroupMembership username
(press return)
sudo dscl . change /Groups/username RecordName username _username
(press return)

and now that account mimics my useraccount except for the _..

Message was edited by: Xapplimatic

OK, I think I have this figured out. My terminal skills aren't all that, but using man dscl I figured out how to manipulate this database to do what I want...

First used this to see what was in the database of usernames/groups:

sudo dscl . list /groups

Found offending entries not wanted (username, _unknown, etc) and removed like so:

sudo dscl . delete /groups/(name to remove)

Did same for user accounts:

sudo dscl . list /users
sudo dscl . delete /users/(names)

Seems to have worked to get rid of weird entries like _unknown and "nobody".. BUT Finder still includes this weird "(unknown)" with read permissions on every new file... What gives?

So what I see in the database for users right now is thus:
_amavisd
_appowner
_appserver
_ard
_atsserver
_calendar
_clamav
_cvs
_cyrus
_devdocs
_eppc
_installer
_jabber
_lp
_mailman
_mcxalr
_mdnsresponder
_mysql
_pcastagent
_pcastserver
_postfix
_qtss
_sandbox
_securityagent
_serialnumberd
_spotlight
_sshd
_svn
_teamsserver
_tokend
updatesharing
_uucp
_windowserver
_www
boinc_master
boinc_project
daemon
mattcarrell
root

and for groups is thus:
_amavisd
_appowner
_appserveradm
_appserverusr
_ard
_atsserver
_calendar
_clamav
_cvs
_devdocs
_guest
_installer
_jabber
_keytabusers
_lp
_lpadmin
_mailman
_mcxalr
_mdnsresponder
_mysql
_pcastagent
_pcastserver
_postdrop
_postfix
_qtss
_sandbox
_securityagent
_serialnumberd
_spotlight
_sshd
_svn
_teamsserver
_tokend
updatesharing
_uucp
_windowserver
_www
accessibility
admin
authedusers
bin
boinc_master
boinc_project
certusers
com.apple.access remoteae
com.apple.access_screensharing
com.apple.access_ssh
consoleusers
daemon
dialer
everyone
interactusers
kmem
localaccounts
mail
netaccounts
netusers
network
operator
owner
procmod
procview
smmsp
staff
sys
tty
utmp
wheel

Where is (nobody) coming from then and why can't I delete it in file permissions (or even change its permissions to "NoAccess")... This is really problematic for me. I definitely am not understanding something here about permissions and where they come from..

Xapplimatic wrote:
Thats not how it works on my Mac... I can create a new folder anywhere on the machine or any new file and it has three default permissions:

username (me) +rwed
_username +read only
everyone +read only

Yes, that is exactly what I said.

Exactly what are you trying to accomplish with all of this? Deny read access to others? Let me know the big picture of what you are trying to do and I will try be of more help. Because I don't understand what your goal is with all of this.

My goal is to eliminate all unknown / extraneous / non-default / non-me user and group accounts so that my system is more secure. Accounts that don't need to be there, that I didn't create and the system doesn't use for itself are just a liability IMHO.

I hear what you are saying about security. But I really think you are looking at this from the wrong angle.

Nearly all of the groups you listed in your previous post are system groups; used internally by OS X. Deleting those could cause system instability.

The OS X default is that files you create are writable by you and you alone, and are read-only for everyone else; including for any group specified. Even if you remove all the groups, users in those groups can still read, because the files are still read-only for everyone regardless of what group they may be in. Nobody else can write. Just you.

Inside your home folder, your Desktop, Documents, Downloads, Pictures, Movies, and Music folders are all set to deny access to users other than you. If you want to ensure your files cannot be read by anyone else, put them in one of these folders.

I realize most of those groups and users listed were system functions. I'm not talking about those. I'm worried about the ones that clearly aren't or questionably aren't. The one (unknown user) does not show up in the list but it shows up on files.. That means there's something wrong somewhere. This is my secondary concern. This is evidence of some kind of corruption or bad setting in the system itself that files are being (new files!) set to permissions for an account that doesn't exist hence the system labeling it (unknown user).. Where are the settings kept and how do I edit them for default permissions? How did this happen? I have had prior admin accounts on the system that became so corrupt I had to replace them with new accounts... is there some trace of them yet still even after wiping their user directories?

The group that is assigned to any new file/folder is the same as the group that is assigned to the file/folder's containing folder. So if some folder has the group "abc" assigned to it, any new item you create in that folder will also have group "abc" assigned to it.

Xapplimatic: Thanks for the commands you came up with. Was just having this problem of removing an "unknown account" and found this discussion. Totally works!

I have not experienced this.

I have a similar problem that I have described in detail at:
http://discussions.apple.com/message.jspa?messageID=9155116#9155116

Steve