Change a user's User ID on Mac OS X (10.6, 10.7, 10.8, 10.9, 10.10, 10,11)
I always wondered why I couldn't write and create folders (which is also, in fact, a write operation from the unix point of view) on my other Mac's AFP share. Finder always complained about insufficient rights - even when I was trying to write to the user's own home folder on the other Mac!
Ok, maybe it was too obvious: My users had the same name but different user IDs. I wouldn't have been surprised when that would've happened on my linux or BSD boxes - but with Apple products? No way, I thought. But I was wrong.
Now, my problem was: I couldn't imagine that it's possible to change the user ID (uid or UniqueID in Apple's terms) without any problems - taking into account that Mac OS X is still something like a heavily customized BSD (ok, no ranting here please, I know the differences). So, after some googling I found an article on lissot.net [the page seems to have changed since I wrote this guide] which covered changing the uid on Leopard. While most of the information is still true with Snow Leopard, the process (and some of the commands used) should be modified slightly.
There may be a problem with this procedure when FileVault 2 full disk encryption is enabled (according to javadoug's comment below). Be sure you have a proper backup and a second user you can log in with before changing the UID.
Ok, let's get going:
First of all, don't do this while you are logged in as the user whose uid you want to change. Seriously, don't do that.
The imho best way is to use "sudo". With sudo you have (at least) two options:
- You could prefix "sudo" to each of the commands given below (but read the comments below as you will have some problems).
- And you can – preferably – temporarily turn your shell into a "root shell" (which you have to do only once):
mybox:~ mydir$ sudo -s Password: bash-3.2#
(For some more information regarding sudo read the sudo man page (sudo man) and the comments.)
(Another clean way of doing this is as the root user. To work as root user, you have to enable the root user on your Mac OS X first. Afterwards, log in as root as decribed in Apple's article.)
1. Change UID
Read the uid (given Alice as the user's name, 501 as old and 1234 as the new uid):
# dscl . -read /Users/Alice UniqueID
# dscl . -change /Users/Alice UniqueID 501 1234
Verify that the uid has changed:
# dscl . -read /Users/Alice UniqueID
2. Change ownership of the user's files
As noted in the article I referred to earlier, the ownership of the user's files has to be changed on every filesystem the user had written to. So do (at least) the following (updated, thanks pir, Tomás & Creeture):
# find /Users/Alice -user 501 -print0 | xargs -0 chown -h 1234
# find /Library -user 501 -print0 | xargs -0 chown -h 1234
# find /Applications -user 501 -print0 | xargs -0 chown -h 1234
# find /usr -user 501 -print0 | xargs -0 chown -h 1234
# find /private/var/ -user 501 -print0 | xargs -0 chown -h 1234
If you want to be sure that you changed the ownership of all files of the root partition ("Macintosh HD" or whatever you named it), you could do the following (but be prepared that this takes considerably longer, especially if you have much data in /Users):
# find -xP / -user 501 -print0 | xargs -0 chown -h 1234
A simple test if there are files left that are owned by the old uid:
# find -xP / -user 501 -ls
Remember that you have to check the ownership of files on every filesystem that the user had written to.
3. Rename special files and folders
But that was not all. Mac OS X has some special files and folders that have the (old) uid as part of their names. These include (on my Mac, ymmv):
- and possibly some files in /private/var/folders/ud/(some ugly dir name)/-Caches-/
For every of the above you have to do something like (you may have a look at Guido's tip below - thanks Guido! -, but I haven't tested that and my Bash skills are inferior, apparently ;):
# mv /.Trashes/501 /.Trashes/1234
Finder creates folders like these on every (local) filesystem you move things to Trash from. Therefore, you have to check every filesystem for the existence of a folder named .Trashes/501 like, for example, /Volumes/My External Disk/.Trashes/501. If you don't do this, you may possibly end up in wasted space (but I haven't checked this).
If you want to check if there are remaining files or directories that have the old uid in their name, you can, again, use find (thanks Tim!):
# find -xL / -name "*501"
4. Finalize: reboot
As Thomas stated below, it's wise to reboot your machine after this procedure (you're absolutely right Thomas). Otherwise strange things happen if you try to log in with the changed user id.
For further information please consult the original article I took this information from.
This is still working on 10.9 "Mavericks", so I updated the article to reflect this.
I recently used this procedure on OS X 10.10 Yosemite. Worked as expected.