How can I temporarily suspend some users, hiding them from the login screen?

macos command-line login-screen user-account

I have to manage a shared OSX workstation that is used by a rotating cast of characters throughout the year. The login screen quickly becomes cumbersome when users that aren't even around for a while are listed and cluttering up the clumsy horizontal scroll.

How can I clean up the login screen without nuking accounts that would need to get re-created at a later time?

Additionally, when somebody is gone for an extended period I would like their account to be locked so it can't be used locally or remotely, but I don't want to nuke users passwords, when they come back a quick admin action should get them back into the system again?


This can be accomplished using a feature of the unix based login system that assigns a program to run on successfully login. Normally users in OSX have their shell defined as /bin/bash. The OS login window will actually make sure people have a usable shell before showing them on the login screen.

You can disable a user — revoking both their ability to login and their appearance in the login window user list — by changing the shell to /usr/bin/false.

The settings is found in System Preferences -> Users & Groups -> (Unlock the settings if necessary) -> Right click on a user -> Advanced options -> Login Shell.

Re-enabling the user is as simple as setting this back to /bin/bash.

Addendum: In later versions of OS-X, restoring users deactivated like this gets slightly more complicated.

  • Starting in 10.7, the users don't show up in the admin panel by default either. You can restore them manually by using the setting their shell using the standard Unix chsh command in a terminal:

    sudo chsh <username> /bin/bash

  • Starting in 10.9, the chsh utility is also not available, but you can set the shell using the an OSX special utility in the terminal:

    sudo chpass -s /bin/bash <username>

Caleb's answer is correct and hides these users from the login window.

However, at least on my installation of OSX 10.9 Mavericks, those users also vanish from the system admin panel, making it impossible to click them back to life. Futhermore, using chsh as a workaround does not help either, since it is not available on 10.9.

I was able to bring them back using:

sudo chpass -s /bin/bash <username>

on the command line.

Related

A word that means beneficial for the individual or few but bad for everyone if everyone is doing it?
Is there a word to describe one who brags by complaining?
What does the word, “truth-up” mean?
Meaning of "take down" in "I met her at some dinner and took her down."
What is the correct spelling of "buyer* remorse"?
“will have seen yesterday”
What is a word that describes both adding and editing data? [closed]
"Recommend you to [do something]" or "Recommend to you to [do something]"?
Is "I'm screwed" a rude expression?
Meaning of "watch your six"
Is there a common word for floor and ceiling?
Usage of YMMV: Can I use it in day-to-day conversation?