Unknown User after reinstall

"Unknown" is a system assigned account and cannot be removed.

I had this same problem yesterday on one specific documents folder (a web site root folder), after my video card died on one MacBook Pro and I had to emergency migrate to another.

Although my migration (using Time Machine backups) had worked fine in every other aspect, I could not use Dreamweaver to synchronize this web site. It gave me permissions errors and I saw that there was an "Unknown User" in the folder and file properties.

Resetting the permissions from the File Info box did not work.

I first tried (in Terminal): *sudo chown -R eric:staff foldername* but this gave me *Permission Denied* errors.

So, after much trial and error I came up with this solution:

Rename the folder: (Need to keep the old name)
*sudo mv foldername foldername2*

Copy it back to its old name (applies user and permissions info of user doing the CP command)
*sudo cp -R foldername2 foldername*

Switch into the folder
*cd foldername*

Apply desired permissions
sudo chown -R eric:staff *

The idea being that the copy command will apply the user name and permissions of the user that executed the CP command to the affected files and folders.

CP will only retain old user name and permission info if specifically told to.

- Eric

Message was edited by: heliomedia

Wayne_N wrote:
I recently archived and installed OSX Leopard and pulled my accounts and apps back in.

As Kappy said, the "unknown" user is a normal, system-created one & by itself is no cause for concern.

However, your "pulled my accounts and apps back in" comment doesn't really explain what you did after the Archive & Install. The normal approach is to use the "preserve users & network settings" option, which does exactly what it says. There should be no need to "pull" any accounts or apps back into the new install if you used it, & rarely any need to move anything from the "Previous Systems" folders besides maybe a few application support files created by installer apps. This should be done with care, since it is problems with these files that sometimes create the need to do the OS reinstall in the first place.

Please explain in more detail what you did & where you are seeing any issues related to the unknown user.

I have a similar problem. I am trying to sort out all my permissions for all my folders. When I GET INFO for some folders there are two "unknown user" accounts which I cannot delete. One has CUSTOM access and the other is READ AND WRITE. How do I nuke them. They are not in my SYSTEM PREFERENCES>ACCOUNTS and they are not in DELETED USER folder.

As we have explained, the "unknown" user (UID 99) is one required by the OS. You cannot remove it, any more than you can remove the "root" or "nobody" user if you want your Mac to work correctly. Also, do not confuse a user permission with a group one in Finder 'Get Info' views.

I suggest that before you try to manually "sort out" permissions, you become familiar with at least the info in Troubleshooting permissions issues in Mac OS X; otherwise you will most likely do more harm than good. You might also want to check out the Official Google Mac Blog: User 99, Unknown entry for more info on the role of the unknown user.

..." As we have explained, the "unknown" user (UID 99) is one required by the OS."...

True, but that most likely isn't what is being referred to by the poster you are responding to.

"Get Info" won't identify items owned by "unknown" (' uid=99') unless running as "root". Anything the "Finder" lists as "(unknown)" is an item with a group or owner with a numerical value corresponding to a user that has not been defined in "Directory Services" or elsewhere. The command line (eg. ' ls', ' stat", etc.) would just list them numerically, but the GUI slaps the misleading "(unknown)" label on them.

For the most part, people finding items with owner or group "(unknown)" won't have to worry about them, unless they are unable to access the items, or if they have some sort of "group" based sharing system set up for users on the same machine.

However, those wanting to remove an "(unknown)" owner should be able, through "Get Info", to just add some rights for themselves, make themselves the owner from the "gear" menu, and remove "(unknown)" from the list.

Unfortunately, although I can't rule out the existence of some trick, Leopard's crippled version of "Get Info" doesn't seem to allow the "group" to be modified so changing an item's "group" from "(unknown)" to a configured group may require a trip to the command line...

biovizier wrote:
True, but that most likely isn't what is being referred to by the poster you are responding to.

The poster asked how to "nuke" the accounts. I wanted to make it clear that a) no system created user account should be deleted & that b) he or she should not try to manually "sort out" permissions without a good working knowledge of that subject. The two references I mentioned should provide that, including how user 99 is represented in the Finder & in Terminal.

Unfortunately, although I can't rule out the existence of some trick, Leopard's crippled version of "Get Info" doesn't seem to allow the "group" to be modified so changing an item's "group" from "(unknown)" to a configured group may require a trip to the command line...

FWIW, one trick that I devised to deal with this is to first determine the missing user or group ID, then by using the "Advanced Options" feature in the Accounts system preference add a user or group with the missing ID.

..." FWIW, one trick that I devised to deal with this is to first determine the missing user or group ID, then by using the "Advanced Options" feature in the Accounts system preference add a user or group with the missing ID."...

That will certainly prevent the unsightly and misleading "(unknown)" from appearing for items with that particular group, but it just creates a directory service group entry for that ' gid' -- it doesn't actually change the group of the item.

This is basic, basic owner / group stuff that "Get Info" handled just fine since the inception of OS X, but which Leopard's version fails miserably at, seemingly being limited to changing an item's group from a configured group (but not an unconfigured one) to wheel.

biovizier wrote:
That will certainly prevent the unsightly and misleading "(unknown)" from appearing for items with that particular group, but it just creates a directory service group entry for that ' gid' -- it doesn't actually change the group of the item.

It wasn't meant to change the group entry for the item. It was just another example of how the permissions seen in Finder views can be deceiving & one way to make them less so.

This is basic, basic owner / group stuff that "Get Info" handled just fine since the inception of OS X, but which Leopard's version fails miserably at, seemingly being limited to changing an item's group from a configured group (but not an unconfigured one) to wheel.

Frankly, I don't think any Finder version has been very good at manipulating or displaying permissions info.

..." Frankly, I don't think any Finder version has been very good at manipulating or displaying permissions info."...

Permissions are another facet, but distinct from owner and group. Apart from the fact that the "Enclosed Items" aspect could be problematic, and the same bad terminology "(unknown)" was used, I find it hard to find fault with earlier "Get Info" versions when it came to basic owner / group settings on individual items. It was possible to change owner or group by choosing from a list any that were configured on the system (the list contained them all), or configure the "Finder" so that you could manually type a numerical value for those that weren't. With respect to owner / group settings for an individual item, I can't think of anything that you could do from the command line that you couldn't do from "Get Info".

Compare this to Leopard's where the list doesn't even include all users / groups (eg. try to manually set a system file to "root:wheel" from Leopard's "Get Info"), and as far as I know, there is no way to input values manually. Plus the almost complete inability to change the "group" at all.

In previous OS X versions, the "solution" to the questions posed in this thread would likely have been a simple case of telling the poster to "use Get Info, authenticating if necessary, to change the owner and group from '(unknown)' to something else".

Leopard's implementation is inadequate, not by any unreasonably high standards that I might have, but even in comparison to the capabilities of Apple's own previous versions. It can't be viewed as anything other than a functional downgrade which users have arbitrarily been subjected to.

biovizier wrote:
It was possible to change owner or group by choosing from a list any that were configured on the system (the list contained them all) ...

That isn't necessarily a good thing. Users could & sometimes did change ownership to something they could not subsequently easily undo because they then lacked ownership privileges to make changes. In this respect it is much like the 'apply to enclosed items' feature.

In previous OS X versions, the "solution" to the questions posed in this thread would likely have been a simple case of telling the poster to "use Get Info, authenticating if necessary, to change the owner and group from '(unknown)' to something else".

Assuming that would work, the security implications should be obvious -- & not in a good way....

..." Users could & sometimes did change ownership to something they could not subsequently easily undo because they then lacked ownership privileges to make changes."...

That makes absolutely no sense.

Whether using ' chown' on the command line, or "Get Info" in the "Finder", changing ownership requires "root" privileges - eg. ' sudo' would ask for a password, and "Get Info" would throw up an authentication dialogue. For groups, ' chgrp' doesn't ask for a password for switching between groups to which the user belongs, but otherwise would require authentication as well. As such, in prior OS X versions, if a user had sufficient privileges to change something in the first place, they most certainly would be able to change it back. On the contrary, it is Leopard's implementation in which the "Get Info" will allow a change (i.e. some other group to "wheel") but not allow a user to change it back. But that's a GUI limitiation and has nothing to do with privileges.

..." Assuming that would work, the security implications should be obvious -- & not in a good way"...

If the person is an "admin" of their system, and they have items (eg. imported from elsewhere) on their system with owner or group settings that "Get Info" displays as "(unknown)" because those IDs are unconfigured on their system, there is nothing wrong with them taking ownership of those items on their own system.

Since you seem to be making things up just for the sake of arguing, I will bow out of this discussion.

biovizier wrote:
Since you seem to be making things up just for the sake of arguing, I will bow out of this discussion.

I'm not making things up. The history of bugs in the Tiger Finder's 'Get Info' options for changing privileges are fairly well known, including not taking effect immediately if at all, sometimes not requiring authentication when it should or not accepting what should be sufficient authentication, crashing or hanging on privilege changes, & in particular unpredictable behavior when trying to change an item's owner to one pre-defined by the OS. Some of this seems related to the partial implementation of ACL's in Tiger; some to a bug in how the Tiger Finder retrieved file metadata (possibly finally fixed in 10.4.11), & some to causes unknown.

The point of all this is something you seem determined to draw the discussion away from: Users should not attempt to "nuke" any accounts or otherwise change ownership privileges (a.k.a. "permissions" in some users' understanding of the subject) unless they know exactly what they are doing & the full consequences of doing so. This applies to any method of change, including both the command line & the GUI, & to any version of the OS.

If you can agree with that much, then there is nothing to argue about.

"As we have explained, the "unknown" user (UID 99) is one required by the OS. You cannot remove it, any more than you can remove the "root" or "nobody" user if you want your Mac to work correctly."

Not true, I axed mine since 10.5.1. Never had a "unknown" problem since. "I know what I know if
you no what I mean." Leopard runs happily under the "Tiger" format.
Simple, axe UID 99 with dscl or workgroup manager, Leave GID 99, change your user GID to 501,
change next user GID to 502, etc, etc. Runs like a charm. 😉

If you are using Terminal.app command line:
dscl . -list /Users UniqueID
You should see "Guests 99" listed in the lineup
to remove:
sudo dscl . -delete /Users/Guests UniqueID 99

using work group manager, change to group name (icon), go to group GID 99 (unknown),
select "members", add root ( group 0 ).

add new group name ID to match User name ID
for example:
if you have user john UID 501, then create new group john GID 501
repeat for each user.
with each user name UID be sure enroll each user in each group they belong in.
Quite easily done with work group manager.

you can check your results with the id command:
Betsy7:~ john$ id john
uid=501(john) gid=501(john) groups=501(john),101(com.apple.sharepoint.group.1),
98( lpadmin),12(everyone),60(sandbox),503(jill),80(admin),20(staff)

Kj