Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Click here to return to the '10.5: Enable the root user' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: Enable the root user
Authored by: allanmarcus on Oct 29, '07 01:09:31PM

Not a good idea. Even in the unix/linux world is rarely a good idea to log in as root when you don't have to. Many of the linux admin I know are using "sudo su -" to elevate to root. In the Mac world, it's rarely, if ever, required to actually be the root user.

In a multi user environment, using sudo is logged. Logging is as root is logged, but you don't know who logged in.

The simplest way to to elevate your privileges is to use the

sudo -s

command. This will give an admin use a root shell. Yes, not all the ENV vars are set as if you logged in a root, but most people, even a seasons system admin, will need that (or even know what the ramifications are).

Why not enable root? If you leave root disabled you don't have to worry about a hacker trying to ssh or log into your machine as root. Simply knowing the name of a privileged user is half the battle for a hacker.

Basically, there is no good reason to enable root and I challenge anyone to give me a reason where logging is an root is needed (as opposed to using sudo -s). Even if you did need to actually be the root user, you can with

sudo su -

which will even give you root's ENV.

[ Reply to This | # ]
10.5: Enable the root user
Authored by: regulus on Oct 30, '07 02:48:21AM
I'll accept your challenge... I have an empty admin password and 10.5 will not allow me to use sudo with an empty password, so therefore using the root account is the only way I can do administrative tasks!

Please don't lecture me about empty passwords. See my thread here for my reasons...

[ Reply to This | # ]
10.5: Enable the root user
Authored by: wibbble on Dec 01, '07 04:26:42PM

Oh, I know this is massively past now, but I spend all day working in SSH onto dozens of customer machines, and we make extensive use of the root user.

Why? The user that our software runs under (and which we log into in order to avoid permissions headaches) is not in /etc/sudoers. It's not insane to require an extra - different - password to authenticate for root access. You might argue that it /is/ insane, if you're being this paranoid about security, to allow the user which is most likely to be exploited to be in /etc/sudoers.

There's good reasons why even unix admins use root instead of sudo, and while it's entirely appropriate to warn the majority of Mac OS X users to not enable root this attitude that anyone who does is a moron and will instantly be compromised is stupid and wrong.

[ Reply to This | # ]