Tuesday, September 20, 2005

Special Logins in Mac OS X

The login window application (/System/Library/CoreServices/ is what runs the login window (hey, something actually logical here). It has a few "special" accounts which start with the greater-than sign (>) and need no password. These have been documented in various locations, practically since 10.0, so this article will also show how to try and find new ones whenever is updated.

Using These Accounts
First, these are only usable if you have the login window display as Name and password instead of the default List of users. This setting is available in System Preferences, under Accounts then Login Options (bottom of the pane on the left list where accounts are shown). You'll need to be an admin and use the lock at the bottom to authenticate prior to changing this setting.

The Accounts
As of 10.4.2, there are four special accounts and one that may or may not be one. Their function can usually be inferred from the name:

  • >power
    Does a power-down of the system

  • >restart
    Simply restarts the OS

  • >exit
    Exits which then respawns, so acts like a "restart"

  • >console
    Switch to command-line interface console; useful if you like that kind of thing or need to do work outside the Aqua interface (changing some configuration information, removing cache files, etc).

  • >switch-user
    This is the one for which I have yet to find an actual function, if it is in fact a special account at all. It acts like a normal user account from the main window, and judging from context of where it's located in (see below), I thought maybe the screensaver username/password window, but no go there either.

Finding These Special Accounts
While the list of special accounts hasn't really changed since 10.0 or perhaps 10.1 (console, exit, restart, and power were there since at least 10.1) there's always the possibility of new accounts in the future. This is a description of how I've found these in the past and how to (possibly) infer functionality, or at least where they are used.

First, these accounts don't really exist anywhere (eg, in NetInfo where accounts usually live on Mac OS X), but are hardcoded into To find them, first fire up Terminal, then run

strings /System/Library/CoreServices/ | more

What this does is pull out the interesting strings from the binary then send it to more so we can easily scroll through it.

What we're looking for is anything which starts with the greater-than sign, so (using more's search facility) we'll look for a greater-than sign at the beginning of a line. Typing


then Return will do it (that's / search for, ^ at the beginning of the line, a >; see any handy reference on regular expressions for more information, man re_format if you're still in Terminal and either comfortable with *nix technical manpages or are a masochist).

If you're following this in Terminal, the result will be at the top of the window, and should show the four well-known special logins: power, restart, console, and exit (greater-than sign removed for easy HTML editing here). If you use the k or up-arrow key to scroll up a few lines, you'll note there's nothing too interesting around them, suggesting a global use for these (we're assuming).

The n key will go to the next match, so hit it until you get just past exit, which should show (on 10.4.2) the unknown switch-user string. Again, using the k or up-arrow key, you'll note this one is around some stuff referring to the screen saver. Since the switch-user account doesn't work in the main login window window (that sounds funny), perhaps it works for the screen saver since it seems to live in code relating to it. Note there's even a button Switch User... on that window, so perhaps we're on to something. However, it doesn't seem to work here either. There's a good chance this is just a coincidence, and switch-user isn't a special login user at all.

Using the n key again to get past switch-user will show that this is the final match, ending our search.

What Happened?
Basically, what we've just done is look for interesting data in what's actually a binary, non-human-readable file ('s actual executable). In this case, we found four known special logins and one that may or may not be one (it doesn't work on the main login window, nor the screen saver one). If others are added in the future, this procedure should help in quickly discovering what they are called, and actually trying them should determine what they do.


Post a Comment

<< Home