1 Admin Account w/UID 502

MacMajor01 wrote:
I could be wrong, but I would think that my only one admin account on my computer should have the UID as 501, and not 502.

The computer was setup when I received it and I followed Apple's instructions ( http://support.apple.com/kb/HT1428?viewlocale=en_US) on how to change the user name.

if you followed those instructions then you created a new user in the process and that user would have UID 502 by default. this is completely normal.

Now I am having networking problems and wondering if this is the case.

doubtful but make a new user and see if the network problems persist there.

Another thing I did was delete the 'unknown' user that began showing up on 'get info' permissions.

this might be the old user you deleted when renaming your user. not a problem in itself.

I have two hard drives on this one computer. When logged in to the backup drive, networking seems to work fine incoming/outgoing. When logged into my primary drive, web sharing doesn't even work when enabled. I can access the webserver but not the Sites folder, but only remotely. This computer can't even be pinged by another computer on the network. But at the same time, it can access all the other computers. Everything is set the same on all computers.?

MacMajor01 wrote:
I could be wrong, but I would think that my only one admin account on my computer should have the UID as 501, and not 502.

Not necessarily. The first account that is set up has UID 501. The first account is also an admin account by default. Admin rights can be removed from that account at a later time, but the UID remains.

I have six accounts on my Mac, only one is admin, and that account's UID is 505. No problems at all.

I'm not sure, but I'd start a new thread in the Getting Online & Networking forum about this. A new thread with a descriptive title will attract more attention from knowledgeable users than this thread will.

I'd also suggest starting a new thread. Two points:

1 - Nothing to do with users & groups has anything to do with networking. They're completely different services.

Probably there is some subtle difference between your network setup and you've just not noticed it.

The three things you can check are your IP address & subnet mask; your routing table; and your name service (typically DNS). Likely one of them is different when you boot from your old disk vs. your new disk.

2 - The "unknown" user is a bit misunderstood.

If you do a "Get Info" and check the Sharing & Permissions settings of the window, you should see three entries in the list. You can add more, but if you haven't done anything then you'll see three entries by default. The first entry -- assuming you picked a file in YOUR home folder, should be your own short-name and probably says you can "read & write" the file. The next entry is the group permissions (and this is the one that might say "(unknown)") and probably has permissions of "read only". The last entry is for "others" (everyone else on the system who is not the owner nor a member of the owning group) -- it'll say "everyone" and it probably has permissions set to "read only".

If you see "(unknown)" in the 2nd entry, what it really means is that your Mac used to have OS X 10.4 (or earlier) installed when you created your user account and you upgraded to Leopard (OS X 10.5). If you created a brand new user account sometime after upgrading to Leopard and you check the permissions of a file created on that user account you'll notice it doesn't say "(unknown)" when you inspect permissions... instead it will say "staff".

In Unix, every file has an "owning user" and "owning group" and will have permissions for the owner, the owning group, and "others" (everyone else who is not either the owner or a member of that group.)

On Unix systems, though you see users as groups as names, they are actually represented in the filesystem as numbers. The user's number is called a UID and their group is called a GID. Permissions are enforced based on the numbers matching. If a 2nd user is in the same group (based on the GID number) as the 1st user, then they are members of the same group.

However, in OS X 10.4 and prior, when a new user account was created, Apple also created a new group to go with it. To make it easy, they made the group name match the user's short-name and they made the GID value match the UID value for that user. In other words, if my "short name" in OS X is "tim" and my UID is 501, then they'd create a group whose name was also "tim" and the GID would also be 501 (by the way, there's no rule of Unix security that says they had to match the names & numbers... they just did this so it would be easy to realize that the group named "tim" was created to go with the user named "tim".

In 10.5 they no longer do that. There's a group named "staff" and it's GID is 20. Every new user created under Leopard gets assigned to the "staff" group.

If you upgraded to Leopard, they simply replaced all of Tiger's groups with Leopard's groups... and in doing so they erased the existence of those groups created for each user account. This isn't a problem for Unix since the names are purely cosmetic... the actual security is enforced by checking the GID number. So while no security was broken, it wasn't very tidy house-keeping on Apple's part when they did the upgrade.

If your UID & GID were 501 & 501 back on Tiger, then it's still 501 & 501 on Leopard, except that OS X (and Finder) can't find a cosmetic name to go with this group '501' -- *so instead it displays "(unknown)" where the groups name should be displayed.*

If this drives you nuts, it is possible to fix it. But the bottom line is there's no reason to fear that someone has hacked your system and you have an "unknown" user ... you don't. You're just seeing an untidy artifact left over from the upgrade process.

Regards,
Tim

No problem with UID 502. If at some point you made a new admin account, and then deleted the original one, UID 502 on the new account would be completely normal.

PS It is a security risk to use an admin account for everyday use. Apple even advises to never check email or browse the internet while logged in to an admin account. I'd make a new admin account, and change your current account to standard.

Tim, EXCELLENT explaination of user and groups. I fully understand how it works now.

I was struggling with a permissions problem on my /Applications folder. Poking around on the command line, I found that somehow the UID of the owner got changed from root (0) to 502 - a nonexistent UID on my computer - so (unknown) showed up in finder's Get Info window as the owner. Your reply explained why I was seeing this behavior.

What I don't get, (and I don't mean to hijack the thread!) is how a UID of 502 got assigned as owner of the /Applications folder.

Users/groups and unix are something I'm still learning, but networking is easy...
MacMajor:
Tim is right - a network problem is dealt with via IP, subnet and DNS settings. Now if you couldn't read or write to a network volume or folder, then there could be permissions problems, which wil be independent of networking. The network setup needs to be addressed first, and the first step is to be able to ping your computer, which you said you could not do.
If you can't ping your computer, then something's up with the physical connection or the IP addressing. Since you don't have network problems when booting on the other drive, it's not a physical connection problem.

Do you know how to check your network setup via system preferences?

typical home network settings with common consumer routers will assign an IP via DHCP in one of the following ranges:
192.168.0.x
192.168.1.x
10.0.0.x

Post a synopsis of your network setup and the depth of your knowledge of networking and I'll see if I can help.

kevinro wrote:
What I don't get, (and I don't mean to hijack the thread!) is how a UID of 502 got assigned as owner of the /Applications folder.

I have had this happen a few times. Each time it has been caused by a rogue installer script. The developer of an app bundled his app up in a .pkg file that used OS X's Installer to process and install it. The (boneheaded) developer's installer script changed the ownership of my /Applications folder to something else.

It has happened to me at least twice; both years ago in the 10.2 days. This very reason is why many still recommend using Disk Utility to repair permissions after installing third party software.

Nowadays developers tend to know better, and don't usually make such security mistakes. I haven't seen this in a long time, but I suspect it is what happened to you.

I agree entirely - in fact, it's what I figured happened once I saw a UID of 502 assigned as the owner of /Applications. In Finder's 'get info' window, owner was listed as (unknown). I uncovered this while trying to troubleshoot why I lost write permissions to the apps folder. It's happened to me before, and permissions repair wouldn't fix it. and it always seemed to resolve itself in the past.

Here's the mysterious part - and I know you're all going to think I'm nuts here and you'll probably think I inadvertently changed something via the command line, but I'm pretty sure I haven't. I even looked back in the buffer to see.

I started out with /Applications being owned by the errant (nonexistent) UID 502. This is a fresh install of leopard with only one admin user set up. My UID is 501 confirmed by using id. Using +id 502+ returns: +id: 502: no such user+

Here's exactly what I did at the command line:
listed permission of /Applications using ls -ld /Applications
drwxrwxr-x+ 64 502 admin - 2176 Aug 17 18:06 /Applications

confirms it's owned by 502, so who is user 502?

looked at the contents of etc/passwd using more
looked at the contents of etc/group using more
(not realizing these files aren't used by OS X anymore)
checked to see what group I was part of using +id -gn+ (staff, as it should be)
then I listed the apps directory using +ls -ladeO /Applications+

and got:
drwxrwxr-x+ 64 root admin - 2176 Aug 17 18:06 /Applications
0: group:everyone deny delete

Huh? The permissions were all back the way they're supposed to be! Confirmed by my sudden ability to write to my apps folder via Finder again. And the unknown user listed in Finder's 'get info' is now changed back to "system".

I know what the l, a, d & e switches do, but I have no idea what the O switch was for - can't find any reference to it. I ran across a thread here for someone with a similar problem and the person helping him told him to use that particular ls command to see what the permissions were on a folder, so I used the same command thinking I might see more detailed information.

no idea how it got changed back, but it happened seemingly without my interference.

I saw some references while googling to MS Office 2008 installing using 502, but that doesn't look like it's happening in my case as they fixed this with an update, that problem doesn't sound like it touches permissions on the /Applications folder, and the permissions on my office folders/files are all correct.

weirdness. anyone else experienced this?

back to googling!

Thought I'd follow up - maybe it'll help someone else. Looks like it's Microsoft Office that's at fault. A security bug in their installer sets all the files it installs with UID of 502 with execute permissions and changes the UID of the apps folder to 502 as well. They fixed this in an update, but they apperently overlooked fixing the UID of the applications folder itself.