Hide user from login screen

Short version: I created a user account for system purposes, not for an actual user. I accidentally created it as a regular user with a home directory and everything. I have corrected this, but it still appears on the login screen (KDE Plasma on Fedora 34 if it matters). How can I remove it from there?


Long version:

I created a Samba share on my computer, following these instructions on the Fedora Docs:

Specifically, I created a new user (let’s call it sambaowner) to “own” the share, like so:

sudo groupadd sharing
sudo useradd -G sharing sambaowner
sudo smbpasswd -a sambaowner
sudo mkdir /home/shareme
sudo chown sambaowner:sharing /home/shareme
sudo chmod 770 /home/shareme

The only purpose of sambaowner is to hold the Samba credentials; the regular users have also been added to the sharing group.

However, useradd also gave it a home directory (/home/sambaowner), its own group, and all that. After some research, I was able to remove these appurtenances:

sudo usermod -g sharing -d /home/shareme -s /sbin/nologin --lock sambaowner
sudo groupdel sambaowner

I had also noticed that sambaowner showed up in System Settings → Users. After making these changes, it had disappeared from there. But the login screen still shows three accounts: alice, bob, and sambaowner. How can I remove sambaowner from there?

I’ve solved my own problem. The bit of information I was missing was that the login manager is sddm, the Simple Desktop Display Manager. Once I discovered that, it was easy to find the configuration options!

In fact I ended up finding and testing three different solutions, all of which worked. What can I say? I like to tinker…

  1. Hide the user in /etc/sddm.conf
    Open this file for editing (sudo nano /etc/sddm.conf) and find the HideUsers option. By default it should exist (in the [Users] section), but be commented out. Uncomment it and add the user to hide, e.g.

     [Users]
     # Comma-separated list of users that should not be listed
     HideUsers=sambaowner
    
  2. Hide all non-login users in /etc/sddm.conf (Recommended)
    Like the above, but find the HideShells option. Uncomment it and add the null shell /sbin/nologin, like so:

     [Users]
     # Comma-separated list of shells.
     # Users with these shells as their default won't be listed
     HideShells=/sbin/nologin
    

    Given that most system users already have /sbin/nologin as their shell, this seems like a sensible thing to do anyway, so this is what I recommend. If I create any future pseudo-users, I won’t have to repeat this process for them. (I assume it’s not done by default because it’s not necessary, so it saves one short check at each login session.)

  3. Change the UID to something below 1000
    This is probably the correct approach to take at the beginning, but if like me you’ve already created the user, it’s a bit of a sledgehammer approach! You’ll need to find an unused UID below 1000; in my case, 983 through 999 were all used, so I went with 982.

     sudo usermod -u 982 sambaowner
    

So there it is. If I were doing it all over, I would’ve created sambaowner with no home directory, no group, no login shell, and a UID below 1000 in the first place. But I didn’t, and here’s how I fixed that.

Maybe my next stop should be contributing some changes to the Fedora Docs… do they take suggestions from tinkering amateurs who only just learned a thing? :wink:

2 Likes

Postscript to the “sledgehammer” option, number 3: If you do change the UID of a Samba user, you need to also update their smbpasswd entry. Otherwise your Samba log (/var/log/samba/log.smbd) starts filling up with errors:

[2021/09/11 00:00:03.141593,  0] ../../source3/auth/token_util.c:565(add_local_groups)
  add_local_groups: SID S-1-5-21-12345678-9101112131-415161718-1000 -> getpwuid(1234) failed, is nsswitch configured?

…where 1234 is the old UID.

There’s probably some proper way to do this, but I just deleted and recreated the Samba user (not the login itself), and then reran the last few Samba setup steps to be sure:

sudo smbpasswd -x sambaowner
sudo smbpasswd -a sambaowner
sudo restorecon -R /home/shareme
sudo systemctl restart smb
1 Like