I have to manage a shared OSX workstation that is used by a rotating cast of characters throughout the year. The login screen quickly becomes cumbersome when users that aren't even around for a while are listed and cluttering up the clumsy horizontal scroll.
How can I clean up the login screen without nuking accounts that would need to get re-created at a later time?
Additionally, when somebody is gone for an extended period I would like their account to be locked so it can't be used locally or remotely, but I don't want to nuke users passwords, when they come back a quick admin action should get them back into the system again?
Best Answer
This can be accomplished using a feature of the unix based login system that assigns a program to run on successfully login. Normally users in OSX have their shell defined as
/bin/bash
. The OS login window will actually make sure people have a usable shell before showing them on the login screen.You can disable a user — revoking both their ability to login and their appearance in the login window user list — by changing the shell to
/usr/bin/false
.The settings is found in System Preferences -> Users & Groups -> (Unlock the settings if necessary) -> Right click on a user -> Advanced options -> Login Shell.
Re-enabling the user is as simple as setting this back to
/bin/bash
.Addendum: In later versions of OS-X, restoring users deactivated like this gets slightly more complicated.
Starting in 10.7, the users don't show up in the admin panel by default either. You can restore them manually by using the setting their shell using the standard Unix
chsh
command in a terminal:Starting in 10.9, the
chsh
utility is also not available, but you can set the shell using the an OSX special utility in the terminal: