Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.5: Enable the root user System 10.5
Open Directory Utility located in Application » Utilities. You may have to unlock Directory Utility to make changes. Once it's unlocked, go to Edit » Enable Root User, and then type in a password for your root user.

Voila, you can now use the root user, and the 'Other Users' option now shows up on the login window.

[robg adds: Insert standard root user warning here -- it's dangerous, you can easily clobber your system, etc. I haven't ever really needed root in 10.4, though when I wanted to test root in 10.5, I had to "root around" for how to do it, so I thought a reference here was worthwhile.]
    •    
  • Currently 3.13 / 5
  You rated: 1 / 5 (8 votes cast)
 
[132,919 views]  

10.5: Enable the root user | 18 comments | Create New Account
Click here to return to the '10.5: Enable the root user' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: Enable the root user
Authored by: macavenger on Oct 29, '07 09:26:17AM

Enabling the root user is one of the first things I do after installing OS X on any machine-I fail to see why so many people say it's dangerous (sure you can mess stuff up- IF you don't know what you are doing), and having the ability to su to root makes so many things I do so much easier. Granted, I could get away with sudo -s, but I prefer root. Failing to find net info utility after installing 10.5, I just shrugged and typed "sudo password root" in the nearest terminal, accomplishing the same thing with no need to "root" around :)

---
Aluminum iMac 20" 2.4 GHz/3GB/300GB HD



[ Reply to This | # ]
10.5: Enable the root user
Authored by: GlowingApple on Oct 29, '07 11:05:37AM
Oops, should have read your comment first. I see you mentioned the same method.

As a Linux user (as well as Mac user), I have had my share of dealings with the root user. If used properly and with a little extra thought, it's not a problem. Used carelessly, it can be disastrous. As root, I once ran rm -rf * on my box to delete everything in a scripts folder, not realizing I switched to another tty whose $PWD was /. Ended up deleting my entire OS. It was a test box, so no worries, but could have been a tragedy had it been a more important system.

---
--
~Jayson


[ Reply to This | # ]

10.5: Enable the root user
Authored by: Fairly on Oct 29, '07 04:27:47PM

Why are you people only concerned about what YOU might do? Listen to Rob - don't listen to these people. Unless you're really super advanced you should never have root enabled and even the super advanced users enable it only to completely cripple it. So do NOT listen to them unless you want to be super-pwned. Listen to Rob.



[ Reply to This | # ]
10.5: Enable the root user
Authored by: Fairly on Oct 29, '07 04:24:27PM

Boy am I glad Rob was here first to warn people before you posted. I gotta frame that one. "I could get away with sudo -s but I prefer root." That's absolute genius. Anytime you want to publish your IP or reveal further details I'm sure there are a few thousand MacBlackhats who'd love to contact you.



[ Reply to This | # ]
10.5: Enable the root user
Authored by: junkie on Oct 30, '07 12:29:55AM

I am having a problem with one of my systems, I can't authenticate.

I can login but anytime I want to install or unlock something, I enter my user name and password but it fails. I am pretty sure the user is admin, at least it was, and I know the password is correct because I can log out and back in with it.

There was an Apple advisory with steps to fix login problems in single user mode, but that did not help.

Would getting root access make a difference?



[ Reply to This | # ]
10.5: Enable the root user
Authored by: dbs on Oct 29, '07 10:19:06AM

Make sure you explicitly disable root access for ssh if you enable the root account.

I don't see why you wouldn't just use "sudo su" if you want to "su" to root. The only benefit I can think of for having an enabled root user is that you could log into the GUI as root.



[ Reply to This | # ]
10.5: Enable the root user
Authored by: tom_b on Oct 29, '07 12:27:14PM

Or "sudo bash" etc.

I occasionally want a shell when I want to run a sequence of commands as root. I've set my sudoers to ask me for my password every time I do sudo (i.e. timeout is zero) which may be more secure for when I leave my box, but can sometimes be a real pain!

But I've never needed to enable root.



[ Reply to This | # ]
10.5: Enable the root user
Authored by: GlowingApple on Oct 29, '07 10:58:51AM
sudo passwd root
also works to enable the root user. The password isn't set to anything (or to some null equivalent) by default and so the user cannot be used. Setting the password to anything enables the user.

Not as simple as the method the hint shows, but if you're using the root user, you should be comfortable with the Terminal anyway! ;)

---
--
~Jayson


[ Reply to This | # ]

10.5: Enable the root user
Authored by: wreleven on Oct 29, '07 11:50:52AM

You can also manage the root user from the "Directory Utility" found in the Utilities folder.

Both of these menu options are available to manage the root user account.

  1. Edit menu > Enable Root User
  2. Edit menu > Change Root Password


[ Reply to This | # ]
10.5: Enable the root user
Authored by: wreleven on Oct 29, '07 12:03:44PM

heh, so I see that the main article says exactly what I said... should probably read it rather than the comments :)



[ Reply to This | # ]
10.5: Enable the root user
Authored by: allanmarcus on Oct 29, '07 01:09:31PM

Not a good idea. Even in the unix/linux world is rarely a good idea to log in as root when you don't have to. Many of the linux admin I know are using "sudo su -" to elevate to root. In the Mac world, it's rarely, if ever, required to actually be the root user.

In a multi user environment, using sudo is logged. Logging is as root is logged, but you don't know who logged in.

The simplest way to to elevate your privileges is to use the

sudo -s

command. This will give an admin use a root shell. Yes, not all the ENV vars are set as if you logged in a root, but most people, even a seasons system admin, will need that (or even know what the ramifications are).

Why not enable root? If you leave root disabled you don't have to worry about a hacker trying to ssh or log into your machine as root. Simply knowing the name of a privileged user is half the battle for a hacker.

Basically, there is no good reason to enable root and I challenge anyone to give me a reason where logging is an root is needed (as opposed to using sudo -s). Even if you did need to actually be the root user, you can with

sudo su -

which will even give you root's ENV.



[ Reply to This | # ]
10.5: Enable the root user
Authored by: regulus on Oct 30, '07 02:48:21AM
I'll accept your challenge... I have an empty admin password and 10.5 will not allow me to use sudo with an empty password, so therefore using the root account is the only way I can do administrative tasks!

Please don't lecture me about empty passwords. See my thread here for my reasons... http://forums.macosxhints.com/showthread.php?p=419428&posted=1#post419428

[ Reply to This | # ]
10.5: Enable the root user
Authored by: wibbble on Dec 01, '07 04:26:42PM

Oh, I know this is massively past now, but I spend all day working in SSH onto dozens of customer machines, and we make extensive use of the root user.

Why? The user that our software runs under (and which we log into in order to avoid permissions headaches) is not in /etc/sudoers. It's not insane to require an extra - different - password to authenticate for root access. You might argue that it /is/ insane, if you're being this paranoid about security, to allow the user which is most likely to be exploited to be in /etc/sudoers.

There's good reasons why even unix admins use root instead of sudo, and while it's entirely appropriate to warn the majority of Mac OS X users to not enable root this attitude that anyone who does is a moron and will instantly be compromised is stupid and wrong.



[ Reply to This | # ]
10.5: Enable the root user
Authored by: sunwolf48 on Oct 29, '07 10:57:44PM

From the command line use dsenableroot...which is in Tiger so not Leopard specific but handy for those of us who like the command line. Note that it can easily disable the root user too.



[ Reply to This | # ]
10.5: Enable the root user
Authored by: d0ktorbuzz0 on Oct 30, '07 05:21:48AM

I always enable the root user and set a secure password as one of the first configuration stages on any new system. Then I immediately disable the root account. That way there's a non-default password required for any root account use, and with the account disabled by default it is the most secure possible arrangement. If any non-root account is compromised, the intruder would still have to guess or subvert a secure root password, instead of finding a password-less root account.



[ Reply to This | # ]
10.5: Enable the root user
Authored by: Tiny Clanger on Oct 30, '07 01:23:22PM

I'm fairly sure OS X uses the standard Unix method of setting the encrypted password to something that can never be produced by crypt(), so that no password can ever match. If that's so, you don't need to bother...

While I'm here, does anyone know how to change root's shell? chsh lets me change it to /bin/zsh, but when I run sudo -s, I still get bash. I hate bash :(



[ Reply to This | # ]
10.5: Enable the root user
Authored by: philb1701 on Nov 13, '07 04:57:50AM

I can see a big reason for wanting to know where the Root is. That being the problem with Leopard not always retaining Admin accounts when it is installed.
While you can easily put a password on the SA account then reboot to change the "Standard" user back to Admin, you might not want to leave Root accessable.

Now I know how to turn off the Root user access without having to muck about with Terminal.

---
No matter where you go,
There you are.



[ Reply to This | # ]
10.5: Enable the root user
Authored by: thvv on Jan 22, '08 09:10:28AM

In the past, I found that sudo was not enough to correctly update CPAN.
becoming root worked. Perhaps this is no longer needed.



[ Reply to This | # ]