PDA

View Full Version : [HOWTO] - Enable Root Login to Mac OSX



alito
December 21st, 2001, 05:53 PM
Can someone tell me how can i login as a root administrator?
thanxs

simX
December 21st, 2001, 06:30 PM
You need to enable it first, for obvious security reasons. I would recommend against this -- if you need to do something that can be done via the Terminal, you can get temporary root access by using the "sudo" command.

But if you REALLY want to login as root, here's how to enable it and login as root:

1. Open the NetInfo Manager application in the /Applications/Utilities folder.

2. Go to the Domain menu, then drag down to the Security submenu, and choose "Authenticate...". Put in an administrator login and password and press return or the "OK" button.

3. Go again to the Domain menu, again to the Security submenu, and then drag down to the "Enable Root User..." menu item.

4. You probably won't have put in a root user password yet. It will prompt you to provide a root user password and verify it. Do so.

5. Root user is now enabled. Now just logout from the Apple menu, and then at the login screen, use the login name "root" and provide the password you just set.

This will log you in as the root user. Note that you can do ANYTHING when logged in as root, including deleting essential files. Proceed with caution.

onan
December 21st, 2001, 06:45 PM
Or, if you're into hot hot Terminal action, just:

sudo passwd root

Which basically ends up doing the same thing. Use whichever is more comfortable for you.

simX
December 21st, 2001, 08:40 PM
(See title -- 'nuf said. What's with the "passwd" entry, though? I thought you could just do "sudo whateveryouwanttodohere" and you could get temporary root access.)

Captain Code
December 21st, 2001, 08:48 PM
You can either do:
sudo mycommand
and it will prompt you for your password
password:

or you can do
sudo mycommand password

simX
December 21st, 2001, 10:09 PM
I just tried the command format "sudo mycommand password" and it still asks for the password and interprets 'password' as the target or option for mycommand. I don't believe UNIX would allow the password to be shown in full text, anyway.

Captain Code
December 21st, 2001, 11:49 PM
Oh, well, maybe I was wrong, I thought that would work.

alito
December 22nd, 2001, 01:23 AM
Thanxs to allllllll

houchin
December 22nd, 2001, 08:18 AM
Or just do what almost everyone, includding Apple, recommends: Don't enable the root password. sudo can do everything you need.

use "sudo <cmd>" to just execute single commands, or "sudo -s" to start a new command line shell with root privledges.

By enabling root, you open up a whole lot of security issues, especially for network connected systems (almost all of the sendmail and such hacks rely on the attacker having root access). If you don't enable root access, then all of these attacks are cut off.

alito
December 22nd, 2001, 08:58 AM
what is sudo command?
i have to type sudo?

houchin
December 22nd, 2001, 07:52 PM
sudo stands for "superuser do"

It allows you to execute other commands as if you were logged in as root.
You log into the system and open terminal as normal. Just put "sudo"
before the command you want to execute as root (or superuser).
For example, to edit the inet config file, you would enter:

sudo vi /etc/inetd.conf

It will then ask you for your password, and you give it your normal password
(as long as you're an admin user). If you "sudo" another command within
a few minutes, it remembers that you've already proved your an admin and you don't have to type your password.

If you have a lot of stuff to do as root, type "sudo -s" as a command all by itself and it starts a new shell as root. Type "exit" when you're done to return to non-root status.

You do not want to enable the root password, because thsi will prevent a lot of security problems which rely on someone logging on as root (like through sendmail)

ZeroAltitude
December 23rd, 2001, 02:25 AM
Hi,

The thing I have not yet figured out (just 3 weeks in, forgive me!) is how you'd launch GUI apps from the command line with sudo <command>. I enabled root partly because there were some apps that 'won't run in console mode' but needed to be root to do some of the things I wanted.

I know how to tell X apps how to launch in a running X display, but how do you run Aqua apps from the command line in mac OSX?

-ZeroAltitude

houchin
December 23rd, 2001, 07:50 AM
You can try:

sudo open -a <app>

For example, to launch BBEdit 6.5 as root, you could enter

sudo open -a "BBEdit 6.5"

(The quotes are only required if there's a space in the application name)

This is the equivalent of double clicking on a file in the finder.

You can also get the shareware app "Pseudo" which does it with a GUI
interface.

xoot
March 12th, 2002, 05:46 PM
2 steps to make enabling root EASIER (via Terminal)

1) Type "sudo passwd root" and type in the root password

2) Root user is enabled! Now you can just select the "other user" checkbox in System Preferences and logout. Then, click on other user and type in:

"root" for the login field

Your password for the password field

;)

rezba
March 12th, 2002, 06:12 PM
yes, but you're log as root for the all session. sudo allows you to temporarily act as root, just for what you need. wich is more secure.

xoot
March 12th, 2002, 08:37 PM
I meant logging into the GUI, not into Terminal.

Gwailo
March 15th, 2002, 02:11 AM
Once you're logged into the terminal as yourself, on the command line just type

su root

it will then prompt for root password. This way you can login as root remotely (or lcoally) without enabling root. Also unlike sudo you can perform commands at the shell, without just passing commands as argument (which is my understanding of sudo).

Gwailo
March 16th, 2002, 09:53 AM
:)

96.9
March 16th, 2002, 05:38 PM
sudo passwd root

Then there is a prompt for a new password . The root account is setup at factory install without a password so all you have to do is type one in to enable it .

su root

Then enter the password you choose .

You can check your commands if you forget them , just type :

history

You can add new users from the terminal .

Check out the darwinfo faq

http://www.darwinfo.org/faq.shtml

Scroll down to User Management on the faq .

You just have to use 000 for uid and gid to make the new user have root privilages.

MDLarson
March 28th, 2002, 08:28 AM
OK, totally new Mac OS X guy here;

I created two users initially, and now I just want to have one user. So I deleted the second user and assigned it to "Administrator", not "Matt Larson". So the user is deleted, but the folder is now labeled "username Deleted", and the root is the owner.

As a total newbie, could somebody post very explicit instructions for getting rid of this folder? Sounds like messing with the root access is a little dangerous.

-Matt
edit: red text added!

Gwailo
March 29th, 2002, 11:35 AM
Hey Matt,

I had the same problem when I messed up my installation of MySQL.

type the following in terminai:

cd /Users
ls {you should now see the folder "username Deleted"}
rm -r "username Deleted"

You need the quotations marks around he "username Deleted" because it's more than one word (argument) for the rm command. If you don't it'll just look for the folder called 'username' and won't find it.

Now it's gone. BTW now it's GONE, not in the trash...no way to undelete that I know of without special utilities.

HTH

96.9
March 29th, 2002, 03:25 PM
To do all the heavy stuff you need root access .

Get used to using su root and then su back to your regular user name .

Do the heavy stuff when you aernt online , wait until you are finsihed and everything works well than you can go back to regular user and surf safe .

You need root access to chmod and such and thats how you get lots of OS X true power , file permissions for making shell scripts executable and such .

Just get used to using terminal , get a bunch of info off the web , copy to your dektop the webpages you like and study the unix filesystem basics . University used bookstores have some great sales on quality unix and C programming books . It's easy to learn but it takes time to get used to remebering how it all works .

I use terminal for everything now , when you get to an intermediate level you will figure out how to config X 11 and a windows manager of your choice . OS X is a true BSD in the fact its hard to figure out . If you have an old PPC computer or an X86 IBM clone try out suse linux . A basic suse linux user can setup X 11 and a windows manager . I am finding with Aqua and the funky way apple setup OS X it is just like learning a whole new operating system . Its as hard as Open BSD is to learn , free BSD is s simple setup to get er rocking ( just gotta read the manual and copy website info to your box for further reading ) .

Have fun :

96.9

MDLarson
March 29th, 2002, 11:00 PM
Here's an interesting message:
_________________________
Welcome to Darwin!
[localhost:~] mdlarson% cd /Users
[localhost:/Users] mdlarson% sudo rm -r "rjlarson Deleted"

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these two things:

#1) Respect the privacy of others.
#2) Think before you type.

Password:
_________________________

I tried typing in a password, but the cursor didn't move.

blb
March 29th, 2002, 11:05 PM
Originally posted by MDLarson
...
I tried typing in a password, but the cursor didn't move.
That's normal, and done for security reasons (so nobody can look over your shoulder to get your password). Be sure to use your password, and not root's (if root is enabled).

bossa nova
May 9th, 2002, 01:23 PM
Originally posted by houchin

You do not want to enable the root password, because thsi will prevent a lot of security problems which rely on someone logging on as root (like through sendmail)

I think i may have enabled it. Is there a way I can check? If I have enalbed it, How can I disable root so that i can just temporily use the sudo command instead?
Thanks!

nkuvu
May 9th, 2002, 01:31 PM
An easy way to check if root login is enabled. From the Terminal, type login. Enter root and the root password. If you get in, it's enabled. ;)

Alternatively, use these slightly modified instructions:

simX said:
1. Open the NetInfo Manager application in the /Applications/Utilities folder.

2. Go to the Domain menu, then drag down to the Security submenu, and choose "Authenticate...". Put in an administrator login and password and press return or the "OK" button.

3. Go again to the Domain menu, again to the Security submenu, and then drag down to the "Disable Root User..." menu item.

At least, that's what my memory is telling me....

I guess I should stop giving advice when I'm not on a Mac to verify the steps. :rolleyes: Unless, of course, it's right. Then it's "Of course! I knew it all along!" ;)

bossa nova
May 9th, 2002, 02:00 PM
I think that's got it. I tried to "login" to root and got the message "root login refused on this terminal." So I suppose I can assume root access is not enable.

nkuvu
May 9th, 2002, 02:05 PM
To be sure, check the Netinfo Manager. Do the authentication bit, as described above, then see if you have "Enable Root User" available. The menu item changes (IIRC, of course) when root login is enabled.

bossa nova
May 9th, 2002, 02:08 PM
Yes I did and "enable root user" was in the menu. And to safe I am not gonna enable that puppy! I can use 'sudo' for the rare occassions that I need super user access.

XnetZero
May 13th, 2002, 02:09 AM
As many others have pointed out there is no need to enable the root user. Just another security risk...

FYI--

There's a great utility that will tell you how to use the many different commands found in /bin, /sbin et all... It's called man. To use it type

man command_you_want_to_learn_about

and example would look like this:

man ls

You can even man man. In the cases no man file exists try this at the command line:

command_you_want_to_learn_about --help

Any how... enabling root is unecessary...

apaquette
May 13th, 2002, 07:58 AM
Every body are taking about how to enable root. Maybe I miss that info but how can we disable root user by the terminal? I know the way to do it by netinfo.

How can we login in root user with aqua without enabling root?

efoivx
May 19th, 2002, 05:05 AM
Simple - Short answer

Open Terminal type the following.

sudo passwd root

it will first ask for your password to authenticate you are an admin
then it will ask for a password for root and then ask to verify the password you just entered.

The password is blind so you won't see it yped on the CLI

That being said... there is NO reason to need to enable root. ANything you might need to do as root can be done by using sudo before the command you are trying to use.

Cheers

suthep
June 18th, 2002, 12:30 PM
so, perhaps you can assist me ...

i have some root system files (duplicated ones) in my Trash, and i cannot get rid of them and they are using much-needed space

how would i use sudo in terminal mode to force an emptying (deletion) of the Trash?

thanx mucho



suthep

suthep
June 18th, 2002, 12:32 PM
oh yes -

and howdo i know what the factory setting passwrod is for the root?


thanx

suthep

Dehuti
July 26th, 2002, 05:59 AM
Or to have pernament root' session - just type sudo bash , that will start another bash process... as a superuser. :D

wiz
July 26th, 2002, 02:35 PM
Actually enabling the root account and giving it a PASSWORD is more --secure--

specially if ur connected to a public network, or there are number of users using ur computer

this way no one knows the root password except you;)

anykey
April 12th, 2005, 10:43 AM
A couple of people have said " "sudo -s" to start a new command line shell with root privledges" ... but su switches current shell into su mode and is fewer keystrokes ...

FlashMac
April 15th, 2005, 06:53 AM
'sudo root' doesnt work for me.

'sudo -s' works, but doesnt ask for a password, just changes the prompt to'machinename:~ root#' - I think I might have set it up with no password! Ca anyone tell me if I'm right, and how to change it.

I have not, and don't want to, enable root user permanently, Sudo's good enough for me.

FlashMac
April 15th, 2005, 06:56 AM
Sorry, I engaged my brain and read the few posts above, did this:

lons007:~ admin$ sudo passwd root
Changing password for root.
New password:
Retype new password:
lons007:~ admin$

...all ok now by the looks of it - and root is still not enabled, hopefully.

lurk
April 15th, 2005, 10:23 AM
Actually enabling the root account and giving it a PASSWORD is more --secure--

specially if ur connected to a public network, or there are number of users using ur computer

this way no one knows the root password except you;)

This statement is 100% false. Not having any password to guess is infinitely more secure than having one that only you know!

michaelsanford
May 24th, 2005, 02:29 PM
Best thing to do: Don't enable root.

If you have to:
1. Enable the root user in NetInfo
2. Log in as YOU over SSH and then enter `su` this will start a new shell as EUID 0.
3. Then go into /etc/sshd_config and add "AllowRootLogin no" uncommented. This will prevent root logging in over ssh directly.