Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Isn't this the default?' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Isn't this the default?
Authored by: Anonymous on Apr 15, '01 12:08:20PM

Could someone more experienced in unix than I answer this question: Doesn't Apple deny root access by default?

If not, they REALLY REALLY SHOULD BE.



[ Reply to This | # ]
Isn't this the default?
Authored by: reverend on Apr 15, '01 04:49:35PM

You're moving into a very Microsoft-ish area by having the producer of the OS restrict means of access rather than putting it in the hands of the user. This is not DOS with XP running on top, where you have to ask MS for permission to install a new soundcard. This is UNIX, you are in control with Apple offering you suggestions but not telling you what you can and cannot do. This is the linux way of doing things. :) So, if you want root access for some strange reason, then you can have root access via SSH. This could be a viable situation be it on a machine behind a good firewall.



[ Reply to This | # ]
No root by default
Authored by: Anonymous on Apr 16, '01 02:04:51PM

By default, there is no root account activated in the first place.
So it wouldn't matter.

As an aside, it's a bit of a shock that people started telling everyone to enable root so quickly, since the general rule is if you know what root is, then you should also know the issues enabling root creates. Almost all of the tricks posted could have been done using sudo, which wouldn't have required enabling root at all... Mac OS X growing pains, I suppose.



[ Reply to This | # ]
Isn't this the default?
Authored by: romulis on Feb 11, '05 04:31:11AM

This is where marketing and reality don't quite coincide the way they should.

Marketing: Apple delivers OS-X with the root account disabled.
Reality: The root account ALWAYS exists on every unix machine.

The difference is that Apple is talking about login in directly as root (ie: when you sit down at your mac and login in as root from the login window, or at the shell's login prompt)

Unix, however, relies heavily on the root account. The root account is there, but the password has been set such that it can't be typed. Since root access is required to do anything with the system, the admin user has access to root via "sudo" (see the manpage for details). This makes the system fairly secure because you can't log in as root directly from anywhere, in short, apple has done it right.

The PermitRootLogin setting in ssh is really "yet another check" - even if someone could guess your root password, ssh would simply prevent that login from taking place - ignoring passwords, public keys etc.

The only "problem" is that if someone can guess YOUR password, they can log in as you, then they can run sudo, and then they have root access. Of course if you change root's password, then the ssh option might be of some help.

In short, if you're using a default setup, and YOUR password is relatively secure, you should have nothing to worry about... at least in this regard ;-)

Cheers,

Steve



[ Reply to This | # ]