Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.6: Enable root user on Snow Leopard' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.6: Enable root user on Snow Leopard
Authored by: lukeandrews on Sep 28, '09 07:53:16AM
There's no reason I'm aware of to enable the root user. If you need to do things as root, simply type sudo -s in the Terminal to start a shell with root access and proceed from there.

[ Reply to This | # ]
10.6: Enable root user on Snow Leopard
Authored by: wildmac on Sep 28, '09 08:30:14AM
Or use sudo su - which makes sure that you keep the same shell settings as you had in you administrator settings

[ Reply to This | # ]
10.6: Enable root user on Snow Leopard
Authored by: leamanc on Sep 28, '09 09:14:15AM

Actually the "-" runs login scripts for the user you are su'ing as.

For example, create an alias in root's .bash_profile. Something useful like:

alias ll='ls -l'

If you do a "sudo su" and type "ll", you will get a "command not found." If you do a "sudo su -", the alias will work.

Long story short and back around to the point: using the "-" reads in the login scripts for the user your are su'ing as, not YOUR login scripts.

[ Reply to This | # ]

10.6: Enable root user on Snow Leopard
Authored by: bankshot on Sep 28, '09 10:32:43AM
sudo -i is an even quicker way to do this. Just remember, -s gets a root shell with your settings, and -i gets a root shell with root's settings.

[ Reply to This | # ]
10.6: Enable root user on Snow Leopard
Authored by: andrew112358 on Sep 28, '09 01:53:38PM

You can also do 'sudo sh', or 'sudo bash' or 'sudo zsh', etc, etc. This is why the whole argument about not enabling root is silly. If you have unlimited sudo, which all admin users have by default on OS X, you have for all practical purposes already enabled the root account. I can guarantee you that any hacker that you need to worry about already knows this and won't even be slightly inconvenienced by the root account not being enabled. Just about the only thing you can't do is get a GUI login as root. The single advantage of forcing admin users to use the sudo command is that it makes it a little bit harder to make stupid mistakes as root, but if you're the type of person that is likely to make a stupid mistake (either through inexperience or carelessness) you are still going to do it eventually.



[ Reply to This | # ]
10.6: Enable root user on Snow Leopard
Authored by: cran on Sep 29, '09 12:54:48AM

Well said, I second this. sudo should be written as "pseudo" as in "pseudo-security" :)



[ Reply to This | # ]
10.6: Enable root user on Snow Leopard
Authored by: corienti on Sep 30, '09 02:23:24PM

Glad to see such a refreshing (and correct!) summary.
As long as sudo is configured as it is by default, it's functionally equivalent to having the root account "enabled".

The only other reason worth mentioning to not have root enabled is that if it's enabled and ssh is enabled and the root password is brute-forceable (ie able to be guessed) then a remote attacker is straight in.
Whereas if root is not enabled, even if you have a weak password, the remote attacker first needs to correctly guess or determine your account username, before even having a hope of bruteforcing/guessing the password.

NB, technically the root account is never disabled at all; you merely cannot log into it with a password, as no password is set.
Using "sudo bash" you are running as root. The account is not disabled at all. There is really no such thing as disabling an account on a unix system; just disabling login-by-password.



[ Reply to This | # ]
10.6: Enable root user on Snow Leopard
Authored by: simonpie on Sep 28, '09 01:11:41PM

Here is a good reason.

When I go back to the login window, the system would start the flurry screen saver which basically transform my mac in a small heater. The only way I know (I am not saying the only way known to man kind), or at least a rather simple way, is to login as root and then switch off that screen saver in the preference then deactivate root. It takes a minute, far less time then googling for some other way.



[ Reply to This | # ]
sudo -s is so "un-Mac"
Authored by: iamacat on Sep 29, '09 12:58:07AM

Don't you want to do your administrative tasks graphically? Like maybe running an Automator workflow on *ALL* users' items? Or be able to launch applications in privileged mode graphically rather than sudo the bundle's executable from the Terminal? How do you propose to achieve these things without running Finder, Dock and status bar items as root?

I didn't yet see a reason to enable root account on my machines, but I can easily see how IT professionals may find it handy. As for security, how exactly is this different from a regular administrative user. You might want to yank Safari from the Dock to resist the temptation of downloading/installing apps from random websites as root.



[ Reply to This | # ]