Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Being root without enabling root UNIX
Even if you did not enable the root user in NetInfo, it is very simple to become the root superuser with unlimited privileges. You need to have an admin account and start a Terminal session. In the Terminal, you type this:
 % sudo su
Then enter your own password and presto uid 0 is yours...
 % id 
 uid=0(root) gid=0(wheel) groups=0(wheel), 1(daemon), 2(kmem),
 3(sys), 4(tty), 5(operator), 20(staff), 31(guest), 80(admin)
[robg adds: I find it much safer to just use sudo followed by the specific command to be run; the above command sets you as the root user until you type exit. One little simple mistake (rm -rf ... in the wrong directory, for instance!), and you'll soon regret your all-encompassing root privileges. sudo some_command times out after a couple minutes, requiring your admin password again to activate the next time you run it.]
    •    
  • Currently 1.25 / 5
  You rated: 1 / 5 (4 votes cast)
 
[7,669 views]  

Being root without enabling root | 10 comments | Create New Account
Click here to return to the 'Being root without enabling root' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Being root without enabling root
Authored by: reh on Dec 01, '03 11:37:42AM
When I'm doing a lot of stuff as root, I prefer to run
sudo <shell>
In my case, the shell is zsh. This preserves all of my shell configuration files so that all of my preferences and aliases still work when using root.

---
12" iBook ~ 800MHz G3 ~ 640MB ~ 30GB ~ Combo drive ~ Panther

[ Reply to This | # ]

Being root without enabling root
Authored by: mzs on Dec 01, '03 11:41:32AM

I just use 'sudo -s'



[ Reply to This | # ]
Being root without enabling root
Authored by: shneusk on Dec 01, '03 02:38:35PM

I noticed this before. Isn't it a gaping security hole? enabled or not, any admin can become root using this method, whereas in *NIXs, there's usually a list of users who are allowed to sudo and what commands they're allowed to run.



[ Reply to This | # ]
Being root without enabling root
Authored by: beauh on Dec 01, '03 03:11:40PM

This isn't really a security hole, as all users with sudo access can be easily configured in /etc/sudoers. By default all users in group admin have full access to the sudo command, but quite a bit of configuration can be done here to customize what you want people to be able to do.

- b-



[ Reply to This | # ]
Being root without enabling root
Authored by: stetner on Dec 01, '03 07:13:20PM

You should view any admin user as a root user. In the current security model an admin user can become root without sudo.



[ Reply to This | # ]
Being root without enabling root
Authored by: cilly on Dec 02, '03 11:30:32AM

What? Become root without sudo?

Explain!

---
cilly @ http://www.cilly.dyndns.org/

[ Reply to This | # ]

Being root without enabling root
Authored by: stetner on Dec 03, '03 07:02:54AM
The finder allows any admin user to authenticate to replace root owned files and change ownership etc. Therefore it is a simple exercise to put a hook in to, say the boot rc file, to create a file that will give the admin person the ability to become root. It is NOT a security flaw, but a design decision. As I said, an admin users is the equivalent of root. There is a discussion of it here
http://forums.macosxhints.com/showthread.php?s=&threadid=17727&perpage=20&highlight=root&pagenumber=1


[ Reply to This | # ]
Also...
Authored by: discordantus on Dec 12, '03 04:25:47AM

Additionally, any admin user can enable the root user and supply a root password...

er, don't let anyone you don't trust be an admin user!



[ Reply to This | # ]
Being root without enabling root
Authored by: Crawdad on Dec 11, '03 04:38:27PM

If you want to let non-admins do a few selected actions as root, study and then carefully edit /etc/sudoers.



[ Reply to This | # ]
Being root without enabling root
Authored by: stetner on Dec 22, '03 06:29:18PM

study very carefully....

If you allow any command that allows the creation of files or shell escapes (vi etc) it is easy to get root access.



[ Reply to This | # ]