# I deleted the root user! Help!



## starboardman (Nov 2, 2005)

I'm using OSX 10.4.3.  I was trying to enable root, but somehow it got deleted.  I just added root again, but it's not working because I don't remember any of the properties or values that are supposed to be there.  Is there is a default set of properties and values for root on pretty much any system, if so what are they?  If not, what do I need to do??


----------



## BjarneDM (Nov 2, 2005)

Just how did you try to enable root ?
Please specify the steps you've taken much more detailed.


----------



## starboardman (Nov 2, 2005)

I used Netinfo Manager, I copied the password from another user to root, and saved it... then , I don't know, I was multitasking and I came back to Netinfo to find that the root user entry was gone!


----------



## BjarneDM (Nov 3, 2005)

So let me get this straight: because of some foolhardy manipulations in 'Netinfo Manager' you have inadvertently deleted the root user account entry.

1) you can't copy passwords around in 'Netinfo Manager'. If you want to change passwords for normal users use the 'Accounts' prefPane or the 'passwd' command in 'Terminal'

2) in 'Netinfo Mananger' you can en-/dis-able the root account and set/change the password for the root account. This is *all* done from the 'Security' menu

3) the root account entry is almost the same as for a normal user account - it's just lacking some un-neccessary entries. The root account has the following entries (when disabled):

```
[10:17:07@Utilities]$ nidump -r /users/root .
{
 "uid" = ( "0" );
  "expire" = ( "0" );
  "home" = ( "/var/root" );
  "shell" = ( "/bin/sh" );
  "gid" = ( "0" );
 "name" = ( "root" );
  "realname" = ( "System Administrator" );
  "change" = ( "0" );
  "_writers_passwd" = ( "root" );
}
```
4) to re-create the root user entry you can thus simply copy eg your admin acount and change/delete the entries in the copy to correspond to the above.


----------



## starboardman (Nov 3, 2005)

Thanks.  Now, whenever I use the command "su root", it works but the user becomes "nobody", it creates "nobody" even if I delete it.  How can I actually switch to root?


----------



## fryke (Nov 3, 2005)

Why even _activate_ the root user in the first place? *sigh* ... You shouldn't login graphically as root, anyway, so...

```
Last login: Wed Nov  2 22:08:21 on console
Welcome to Darwin!
frykes-Computer:~ fryke$ sudo -s
Password:
frykes-Computer:~ root# whoami
root
frykes-Computer:~ root#
```


----------



## BjarneDM (Nov 3, 2005)

I'm assuming the following:
i) when you use 'su root' you get a prompt somewhat like this:
[computername]:~ nobody#
ii) you've used 'Netinfo Manager' to delete the 'nobody' user.

0) !Please! provide much more detailed problem descriptions. I'm having to make educated guesses as to what you are actually meaning, guesses that might lead me to provide bad, incomplete or falty advise:
a) describe in as much detail as possible the steps you have taken that has led you into trouble
b) if you are seing something abnormal or unexpected, please provide an example of the abnormal behaviour as well as an example of what you expected to see.

1) !!!DON'T!!! delete the special users created by and used by the system. That's the straight way to eventually getting serious problems with your OS - finally leading you to having to reinstall everything from scratch. Look, 'Netinfo Manager' is a program you !!!ONLY!!! mess around with if you are at least 200% sure of what you are doing - or are willing to the the consequenses. To be blunt and frank, you seem to understand neither the special user accounts nor the 'Netinfo Manager'. Normal Mac OS X system administration *doesn't* require *any* interaction with 'Netinfo Manager' at all !!! It's for serious and very, very advanced administration of the system. Normally, you only ever use it to enable the root account - and even that seldomly.

2) nobody has to look like this:
[10:22:33@Utilities]$ nidump -r /users/nobody .

```
{
  "name" = ( "nobody" );
  "passwd" = ( "*" );
  "uid" = ( "-2" );
  "gid" = ( "-2" );
  "change" = ( "0" );
  "expire" = ( "0" );
  "realname" = ( "Unprivileged User" );
  "home" = ( "/var/empty" );
  "shell" = ( "/usr/bin/false" );
  "_writers_passwd" = ( "nobody" );
}
```
!Please! make sure that it does so.

3) under normal circumstances you don't need to switch to the root user. 'sudo' is more than enough and isolates you from most serious mistakes. !Don't! use the root account for normal administration - it's for very serious emergencies only.

4) actually switching fully to root is accomplished with this command:
sudo su - root

5) if the reason for you to want to switch to root is that you are tired of being prompted for the admin password a much better solution is to do as described here: http://fink.sourceforge.net/faq/usage-fink.php?phpLang=en#sudo


----------



## nixgeek (Nov 3, 2005)

ACtually, sudo should already be installed with Mac OS X by default.  And using the sudo command will alow you to do anything root can do without actually becoming root. The only reason you might need to activate root is if an application (like nmap) needs exclusive root access.  There are ports now of nmap for OS X that don't even require you to manually enable to root user...it takes care of that for you.


----------



## starboardman (Nov 3, 2005)

I'm just trying to install gimp2.2 using darwinports... and I have to run "./configure" for the darwinports installation, I keep getting permission denied. ./configure: line 90: conf626.sh: Permission denied
./configure: line 91: conf626.sh: Permission denied
chmod: conf626.sh: No such file or directory
./configure: line 203: conf626.file: Permission denied
./configure: line 993: config.log: Permission denied

That was after using "sudo ./configure".  I also tried the ./configure after I used "sudo su - root".  I keep getting permission denied.


----------



## BjarneDM (Nov 3, 2005)

OK - so you are trying to install DarwinPort by compiling it yourself.
They've actually got a *.dmg you can download (even though I haven't tried it since I'm compling DarwinPorts from source myself too because I'm making changes to the default installation)

1) ./configure should *not* require root permission in any of the variations thereof. I don't use it.

2) I want you to state *explicitly* the steps you have taken from the moment of you starting download of the *tar.gz file.

3) steps to successfully get Dawinports installed in '/darwinports' instead of '/opt/local' (it doesn't matter which one you use, but I like '/darwinports' better)


```
mkdir -p ~/WebServer/DarwinPorts
cd ~/WebServer/Darwinports
```

Now save the following in a file called 'darwinports.bash' in the above folder:

```
#!/bin/bash

if [ ! -e DarwinPorts-${1}.tar.gz ]
then
    curl -O http://darwinports.opendarwin.org/downloads/DarwinPorts-${1}.tar.gz
fi

export PATH=/Developer/Tools:/bin:/sbin:/usr/bin:/usr/local/bin:/usr/sbin

sudo rm -rf ./DarwinPorts
tar -zxf DarwinPorts-${1}.tar.gz

cd DarwinPorts-${1}
./configure --prefix=/darwinports
make
sudo make install
```
While still being in the directory above execute the following commands:

```
chmod +x darwinports.bash
./darwinports.bash 1.1
export PATH=/darwinports/bin:/darwinports/sbin:${PATH}
sudo port selfupdate
sudo port install gimp2
```
Modify the above to suit your own needs.


----------



## starboardman (Nov 3, 2005)

sudo: port: command not found  ???


----------



## BjarneDM (Nov 3, 2005)

Read my comment 0 in http://www.macosx.com/forums/showpost.php?p=1244789&postcount=7 on how to report problems. !PLEASE! follow those guidelines. If you don't do that I won't help you any further.


----------



## starboardman (Nov 3, 2005)

Ok, I typed every command in your tutorial up through "sudo port selfupdate".      Here's the error I got when I typed that command: 
"sudo: port: command not found"


----------



## BjarneDM (Nov 3, 2005)

1) did DarwinPorts get installed (it would have been nice if you had told whether it had or not)(you've !still! got at lot to learn about reporting pertinent and helpful facts)
2) what does this command yield : ls -al / | grep da.*
3) what does this command yield : echo -e ${PATH//:/\\n} | grep da.*
3) what does this command yield : echo ${SHELL}


----------



## starboardman (Nov 3, 2005)

1) I have no idea if darwinports is installed, I would tell you if i knew. 
2)-rw-rw-rw-    1 jordan  staff    12292 Nov  3 15:52 .DS_Store
3) /Applications/darwinports/bin
/Applications/darwinports/sbin
3) /bin/bash


----------



## BjarneDM (Nov 3, 2005)

1) the './darwinports 1.1' should hopefully have written a lot of stuff on the screen and taken about half an hour to finish
2) I'm puzzled as to how you get that result. Are you sure you entered that command *exactly* as written and that you didn't forget the '/'.
3) why is there a '/Applications' before '/darwinports' in the output?. I didn't write that there should be a '/Applications' before them.
2nd 3) that looks right

Now, lets try to troubleshoot it again
0) did you make any modifcations to my procedure on how to install Darwinports ?
1) close the Terminal window you have open and open a new one. that'll reset everything.
2) what does this command yield : ls -al / | grep darwin*
3) execute this command:
export PATH=/darwinports/bin:/darwinports/sbin:${PATH}
4) what does this command yield : which port


----------



## g/re/p (Nov 4, 2005)

BjarneDM said:
			
		

> 4) actually switching fully to root is accomplished with this command:
> sudo su - root



sudo= *super user do* and requires an admin level password 
or your username must be in the sudoers file.

It gives you limited root priviledges, but does not fully log  
you in as the root user.

su= *switch user* and allows you to login to any account you 
have a password for.


sudo su -root is not proper syntax and will not work - if the root user is enabled, 
you type in *su root* or just *su* and then enter the root password when prompted.


----------



## g/re/p (Nov 4, 2005)

starboardman said:
			
		

> 1) I have no idea if darwinports is installed, I would tell you if i knew.
> 2)-rw-rw-rw-    1 jordan  staff    12292 Nov  3 15:52 .DS_Store
> 3) /Applications/darwinports/bin
> /Applications/darwinports/sbin
> 3) /bin/bash



At this point you know that errors you made in netinfo possibly deleted necessary entries for the root account and possibly the nobody account as well - and you do not know what else may be affected as a result.


An easy way to fix this would be to backup any data you do not want to lose and do an archive and install.


----------



## BjarneDM (Nov 4, 2005)

g/re/p said:
			
		

> sudo su -root is not proper syntax and will not work - if the root user is enabled,  you type in *su root* or just *su* and then enter the root password when prompted.


You are just so wrong.
1) There's nothing wrong with prefixing with 'sudo'; I might be going a little bit far, but it's working. And there is a difference: If you use just 'su' you'll be prompted for the password of the user you want to switch to; if you use 'sudo su' you'll be prompted for your own admin password and *not* the password of the user. And as I've implemented the 'sudo' trick from the fink page I gave the link to, I'm *never ever* prompted for my admin password. Thus, for me it's actually an advantage to prefix 'su' with 'sudo'.
2) Try reading the man pages for 'su' and look at the '-l' (or just '-') option. There is a major difference between 'sudo su root' and 'sudo su - root' that you ought to be aware of. And I did write switching *fully* !


----------



## BjarneDM (Nov 4, 2005)

g/re/p said:
			
		

> At this point you know that errors you made in netinfo possibly deleted necessary entries for the root account and possibly the nobody account as well - and you do not know what else may be affected as a result.


The major problems are that he is blundering around in the system like an elephant in an antiques store; and is very bad at giving feed-back; and very bad at following instructions to the letter.

I do think that I've rescued his 'root' and 'nobody' accounts, *BUT* it would have been very nice to have been told whether or not he has actually done as he has been advised to do. It p*ss*s me off to a certain degree.


----------



## simbalala (Nov 4, 2005)

BjarneDM said:
			
		

> The major problems are that he is blundering around in the system like an elephant in an antiques store; and is very bad at giving feed-back; and very bad at following instructions to the letter.


 

The lesson for any other "elephants" that may be following this thread is... 

Get another hard drive and create a bootable clone of your main drive. "Elephant" your way around on that one when you want to try something new and complicated.

I've learned a whole lot watching this thread.


----------



## BjarneDM (Nov 4, 2005)

simbalala said:
			
		

> I've learned a whole lot watching this thread.


Thanks for the feed-back  ::love:: I'm glad that some are taking my effort to heart


----------



## simbalala (Nov 4, 2005)

There is an easier way to use BBEdit for modding the conf file than you described.

Just use BBEdit as normal but select "Open Hidden...". Then in the Open dialog box set All Files, not Readable files in the top drop menu.

You can browse to any file, anywhere. Once it's open you can click on the Pencil Icon (on the very left, it will have a slash though it at first). Clicking it alllows one to save the file. 

You'll get a warning that the file is owned by root but you'll be able to save after clearing the slash mark (you'll have to supply your password).

I think TextWrangler works exactly the same way. It's from BBEdit too, it's a free, limited version of BBEdit.


----------



## lurk (Nov 4, 2005)

g/re/p said:
			
		

> sudo= *super user do* and requires an admin level password
> or your username must be in the sudoers file.
> 
> It gives you limited root priviledges, but does not fully log
> you in as the root user.



The whole "sudo su" dance is a bit too convoluted, sure it get you the results you want but there is a Better Way(tm).  Just use "sudo -s" which just runs a shell as root.  That is as "logged in" as root as the other rout and you never have to enable the root user.


----------



## starboardman (Nov 4, 2005)

1)That didn't happen! 
2)Yes, I typed the commands exactly as you gave them
3)That's where I decided to install it, should I install it to /darwinports?  I don't like installing programs in the root dir. 
----------------------------------------------------
0) The only thing I changed was "export PATH=/darwinports/bin:/darwinports/sbin:${PATH}" to "export PATH=/Applications/darwinports/bin:/Applications/darwinports/sbin:${PATH}"  I wasn't sure about changing anything in the .bash file. 
1) done
2) nothing
3) done
4) no port in /darwinports/bin /darwinports/sbin /bin /sbin /usr/bin /usr/sbin

About the sudo stuff, if I type "su root" it still logs in as "nobody", it will do that for any su or sudo command I try.  I'm sorry I'm an elephant or whatever I really don't want to go blundering around my hard drive, I just want to install gimp!


----------



## simbalala (Nov 4, 2005)

starboardman said:
			
		

> About the sudo stuff, if I type "su root" it still logs in as "nobody", it will do that for any su or sudo command I try.  I'm sorry I'm an elephant or whatever I really don't want to go blundering around my hard drive, I just want to install gimp!



Did you try sudo -s ?

What happens?


----------



## starboardman (Nov 4, 2005)

simbalala said:
			
		

> Did you try sudo -s ?
> 
> What happens?



" sudo -s
Password:
cpe-65-189-144-14:~ nobody$ "


----------



## BjarneDM (Nov 4, 2005)

1)   When making modification to very clear instuctions it's bl**dy important to tell the one having given the instructions that you've done so. You've mangled the process and left me trying to find out what has gone wrong with my instructions even though the bl**dy fault is all yours  As I've told you before: you *MUST* learn to give proper feed-back  

2) the line you've made the change to has nothing at all to do with where DarwinPorts has been installed. I would *still* be installed in '/darwinports' as that's controlled by the script in the './configure' command.

3) if all you really want is to run Gimp, then I'ld really recommend an nice *.dmg instead to you: http://www.versiontracker.com/dyn/moreinfo/macosx/22990 . You are much better off with that than trying to get DarwinPorts to work for you.

4) from what you are reporting, DarwinPorts hasn't been installed, so let's leave it at that. And go look at that nice *.dmg. That's the one I'm using to my great satisfaction.

5) as to you still having 'nobody' in the command prompt that is possibly due to you not having corrected the 'nobody' or 'root' user accounts correctly in 'Netinfo Manager'. Go back in the thread and look at the commands I've used to generate dumps from 'Netinfo Manager'. Execute these commands - they are hamless and you can't make any damage to anything by using them. Then very carefully compare the output I've posted with the output you get. Then and only then can you start 'Netinfo Manager' and correct the entries in the 'nobody' and 'root' account. Double- and triple-check your changes very, very carefully before committing them. There's a way to check that you've actually logged in as root:

```
[22:42:53@~]$ sudo su - root
[22:43:00@root]# pwd
/var/root
```
/var/root is the home directory for 'root'. If you get *anything* else something is still wrong in 'Netinfo Manager'.


----------



## BjarneDM (Nov 4, 2005)

.


----------



## g/re/p (Nov 4, 2005)

BjarneDM said:
			
		

> You are just so wrong.
> 1) There's nothing wrong with prefixing with 'sudo'; I might be going a little bit far, but it's working. And there is a difference: If you use just 'su' you'll be prompted for the password of the user you want to switch to; if you use 'sudo su' you'll be prompted for your own admin password and *not* the password of the user. And as I've implemented the 'sudo' trick from the fink page I gave the link to, I'm *never ever* prompted for my admin password. Thus, for me it's actually an advantage to prefix 'su' with 'sudo'.
> 2) Try reading the man pages for 'su' and look at the '-l' (or just '-') option. There is a major difference between 'sudo su root' and 'sudo su - root' that you ought to be aware of. And I did write switching *fully* !



Actually no, i am not wrong about sudo su -root not working - it does not work.

I misread what you wrote: sudo su - root, which does work.

Honest mistake  


Also - implementing the 'sudo' trick from fink so that you are never ever prompted for an admin password may be convenient, but it leaves your computer in a insecure state - making it easier for malicious programs or anyone with physical (or remote) access to gain root level control of your computer.


----------



## starboardman (Nov 4, 2005)

I'm sorry man, I am trying to tell you exactly what I'm doing, and I'm thankful for all your help.  I have installed gimp and darwinports before using the .dmg files, but they don't seem to work.  I don't know if it has to do with the X11 stuff, but when I load gimp.app here's what happens:
{A prompt comes up that's titled "Welcome to XFree86".
"The X11 environment can display windows on a separate virtual screen or rootless on the Mac OS X desktop. Choose the display mode to use:"
Then I have to choose between Full Screen or Rootless. I've tried both options, it doesn't make any difference.  After I pick an option, Gimp is loaded but all I can do with it is Quit, that's the only menu option.}

I agree it would be much easier for both of us to just get it working from the .dmg installation I did.  So do I need to change some X11 settings or what?


----------



## BjarneDM (Nov 5, 2005)

Forget about using DarwinPorts and installing Gimp through there. Install Gimp from the link I posted. I doesn't require anything else than what you've already available in Mac OS X.


----------



## starboardman (Nov 5, 2005)

The same thing happens, comes up with the Xfree86 screen and then Gimp loads after I pick an option but the only menu option is to quit.  what's up with that? ?


----------



## sinclair_tm (Nov 5, 2005)

having just read this thread, i have to ask this.  was apple's x11 installed from the cd/dvd?  also in order to do any kind on compiling, he has to have the devloper sw installed and all the sdk's.  without having do this, fink will not work and he'll get the errors like he has been getting, like the missing directories and unknown commands.  just food for thought, having been there myself when learning to use fink.
as far as ni and root, the first thing i have always done with a new os install is to go and enable the root to set a password to plug that sercurity hole and then dissable.  then i never use ni again, unless i need to put a user account on a different hd.  hosing my system is just something i don't like doing, so i don't tempt fate by playing in ni.


----------



## starboardman (Nov 5, 2005)

sinclair_tm said:
			
		

> having just read this thread, i have to ask this.  was apple's x11 installed from the cd/dvd?  also in order to do any kind on compiling, he has to have the devloper sw installed and all the sdk's.  without having do this, fink will not work and he'll get the errors like he has been getting, like the missing directories and unknown commands.  just food for thought, having been there myself when learning to use fink.
> as far as ni and root, the first thing i have always done with a new os install is to go and enable the root to set a password to plug that sercurity hole and then dissable.  then i never use ni again, unless i need to put a user account on a different hd.  hosing my system is just something i don't like doing, so i don't tempt fate by playing in ni.




Yeah, I don't want to play around with root I just want to install some unix programs.  I was about to download Fink at one point, but I think at that time I was about ready to give up on trying to install gimp, AGAIN, trying to find all the different developer's tools.  I have installed XCode Tools, and I downloaded and installed some kind of X11 system, even though OSX 10.4 comes with the XDarwin, which most websites said would work for installing gimp or whatever.  So, do I need to install fink, or a different X11 server ?  What's the deal?


----------



## BjarneDM (Nov 6, 2005)

1) If you have the Apple X11 installed you'll find it in /Applications/Utilities. If there's no X11.app there, you can post-install it from the Tiger DVD.

2) something seems to have gone wrong with your X11 preferences. They are in ~/Library/Preferences and are called com.apple.x11.plist and com.apple.x11.plist.TMP . Delete these two files.

3) Tiger doesn't come with XDarwin. That's another 3rd party project from when Apple didn't have an X11. XDarwin and OroborOSX were X11 clients at that time. Forget about them. They are completely dated and haven't been updated since Apple got their X11 act together. If you've got either XDarwin or OroborOSX installed, get rid of them and use the Apple X11 instead.

4) fink doesn't actually install an X11 but uses the Apple X11.

5) if fixing the above doesn't help, I'll want to see the output of this command: ls -al ~/\.*

6) if you originally installed the Apple X11 but have since installed either XDarwin or OroborOSX we'll have to re-install Apple X11.
In Finder delete these:
/Applications/Utilities/X11.app
/Library/Receipts/X11User.pkg
From Terminal delete these:
/usr/X11R6
/private/etc/X11/rstart/commands/x11r6
Then re-install Apple X11 from the Tiger DVD


----------



## starboardman (Nov 6, 2005)

1) It wasn't installed, or at least not in applications/utilities/
2) the plist files weren't there, but there is one now that I installed x11
3) ok
4) so I don't need to do anything with fink? 
5) that command just displayed my trash, which is mostly a bunch of mp3s, what are you looking for? 
6) I never installed XDarwin, xdarwin was already installed on my system, but I re-installed x11 now

So here's what's happening now, X11 actually loads with an xterm and file menus, and Gimp still does the same thing, it loads but the only menu option is to quit.  Do I need to open gimp from xterm?


----------



## starboardman (Nov 6, 2005)

I just closed X11, and then re-opened it and then when I loaded Gimp, it started installing and it works!!!!!!! YAY!!!!!!!!!!!! THANK YOU!!!!!!!!!!!!!!!!!


----------



## starboardman (Nov 6, 2005)

where's a good place to get more .dmg files with unix programs that have been ported to mac for x11?


----------



## simbalala (Nov 6, 2005)

starboardman said:
			
		

> where's a good place to get more .dmg files with unix programs that have been ported to mac for x11?



If I were you the next thing I'd be doing is getting your machine's root and nobody accounts sorted out.

I'd be leery of installing more and more stuff onto a machine with a wonky O/S.


----------



## starboardman (Nov 6, 2005)

simbalala said:
			
		

> If I were you the next thing I'd be doing is getting your machine's root and nobody accounts sorted out.
> 
> I'd be leery of installing more and more stuff onto a machine with a wonky O/S.



According to BjarneDM, there should be no passwd entry for root? 
The nobody user looks just like Bjarne told me it should. 
What happens now when I switch to root is this:  there's no user name at all

:~ jordan$ sudo -s
Password:
:~ # whoami

:~ #

what's a good way to test if I have root?


----------



## g/re/p (Nov 6, 2005)

Something is obviously messed up - not to be rude, but it appears that your tinkering with netinfo and then trying to fix the resulting error has adversely effected your computer in some way. 

It may be fine for now, but you cannot be sure that some future security update or OS update will not cause your OS to "crash and burn". 

If i were in your situation, i would seriously consider backing up any data i did not want to lose and doing an archive and install.


----------



## BjarneDM (Nov 6, 2005)

You seem to log in as root, as you get the '#' in the prompt

A way to check is to use: sudo su - root ; and after having logged in to use: pwd
The result of the last ought to be '/var/root'

Double-check the root-settings. It looks as if you've got no name entry in the root account. The behaviour you are reporting is consistent with what happens when I delete the 'name' entry for my root account.

Try to check the results of this command:
nidump -r /users . | sed -nE '/(\{|"uid"|"name"|"realname"|"home"|\})/p'
and look for something looking like this:

```
{
      "uid" = ( "0" );
      "home" = ( "/var/root" );
      "name" = ( "root" );
      "realname" = ( "System Administrator" );
    },
```
I've got a nasty suspicion that you might have more than one group of lines that looks like the above, so be very careful when you go through the output and !don't! stop at the first match, but make very sure you've been the whole list through - and possibly more than once just to make sure.

If the root account has no name, you'll not be able to find it in the list of users in 'Netinfo Manager'. Instead, the root account will have some strange name like 'dir:12'

Let's take it from there when you've analyzed your situation


----------



## starboardman (Nov 6, 2005)

I have that entry, it looks exactly the same, and there aren't any duplicates. 
/var/root is the home
so, I'm good to go? 
I might as well back up anyway, what's the best program or method for backing up?  and where's the best place to find applications for x11?


----------



## BjarneDM (Nov 6, 2005)

starboardman said:
			
		

> I have that entry, it looks exactly the same, and there aren't any duplicates.
> /var/root is the home
> so, I'm good to go?


Apparently, but I'm still wondering about the missing 'whoami' information ! I definitely don't like that you don't get any response; it definitely means that !something! isn't as it should be 


			
				starboardman said:
			
		

> I might as well back up anyway, what's the best program or method for backing up?


Depends on what you want to back up.


			
				starboardman said:
			
		

> and where's the best place to find applications for x11?


There are several way you can install X11 software:
1) DarwinPorts ( http://www.apple.com/downloads/macosx/unix_open_source/portauthority.html )
2) fink ( http://finkcommander.sourceforge.net/about/ )
3) Standalone installers requiring just Apple X11
4) Partly to Mac OS X ported applications; meaning that the GUI is a Mac OS X program, but that you'll have to install the backend through fink/darwinports ( http://www.apple.com/downloads/macosx/networking_security/aquaethereal.html )
5) Fully to Mac OS X ported applications ( http://www.apple.com/downloads/macosx/math_science/rformacosx.html )

Take a look here:  http://www.apple.com/downloads/macosx/unix_open_source/ . You'll also find X11 or other traditional Unix application in some of the other categories (which should be obvious by looking at the URLs above).


----------



## simbalala (Nov 6, 2005)

starboardman said:
			
		

> I have that entry, it looks exactly the same, and there aren't any duplicates.
> /var/root is the home
> so, I'm good to go?
> I might as well back up anyway, what's the best program or method for backing up?  and where's the best place to find applications for x11?



Why not post the complete report from this command?

nidump -r /users . | sed -nE '/(\{|"uid"|"name"|"realname"|"home"|\})/p'

It's not all that long on my machine. Or just post enough to show us the first special users, like so:

{
  "name" = ( "users" );
    {
      "name" = ( "nobody" );
      "uid" = ( "-2" );
      "realname" = ( "Unprivileged User" );
      "home" = ( "/var/empty" );
    },
    {
      "name" = ( "root" );
      "uid" = ( "0" );
      "realname" = ( "System Administrator" );
      "home" = ( "/var/root" );
    },
    {
      "name" = ( "daemon" );
      "uid" = ( "1" );
      "realname" = ( "System Services" );
      "home" = ( "/var/root" );
    },
    {
      "name" = ( "unknown" );
      "uid" = ( "99" );
      "realname" = ( "Unknown User" );
      "home" = ( "/var/empty" );
    },
    {
      "name" = ( "lp" );
      "uid" = ( "26" );
      "realname" = ( "Printing Services" );
      "home" = ( "/var/spool/cups" );
    },
    {
      "name" = ( "postfix" );
      "uid" = ( "27" );
      "realname" = ( "Postfix User" );
      "home" = ( "/var/spool/postfix" );
    },


----------



## BjarneDM (Nov 6, 2005)

well, to shorten the output at bit we can get each user on separate lines by treating the output from 'nidump' a bit more:

```
echo -e $( nidump -r /users . | \
           sed -nE -e '/(\{|"uid"|"name"|"realname"|"home"|\})/p' |\
           tr -d '\n' | tr -s ' ' | sed -E 's/ \{/\\n\{/g' \
         )
```
Copy and Paste the !whole! code-block as a single entity into Terminal. It's been broken into lines in order to improve readability, but it's actually a single command line


----------



## simbalala (Nov 6, 2005)

hehe, this is like a little lesson in command line basics, here's mine

{ "name" = ( "users" );
{ "name" = ( "nobody" ); "uid" = ( "-2" ); "realname" = ( "Unprivileged User" ); "home" = ( "/var/empty" ); },
{ "name" = ( "root" ); "uid" = ( "0" ); "realname" = ( "System Administrator" ); "home" = ( "/var/root" ); },
{ "name" = ( "daemon" ); "uid" = ( "1" ); "realname" = ( "System Services" ); "home" = ( "/var/root" ); },
{ "name" = ( "unknown" ); "uid" = ( "99" ); "realname" = ( "Unknown User" ); "home" = ( "/var/empty" ); },
{ "name" = ( "lp" ); "uid" = ( "26" ); "realname" = ( "Printing Services" ); "home" = ( "/var/spool/cups" ); },
{ "name" = ( "postfix" ); "uid" = ( "27" ); "realname" = ( "Postfix User" ); "home" = ( "/var/spool/postfix" ); },
{ "name" = ( "www" ); "uid" = ( "70" ); "realname" = ( "World Wide Web Server" ); "home" = ( "/Library/WebServer" ); },
{ "name" = ( "eppc" ); "uid" = ( "71" ); "realname" = ( "Apple Events User" ); "home" = ( "/var/empty" ); },
{ "name" = ( "mysql" ); "uid" = ( "74" ); "realname" = ( "MySQL Server" ); "home" = ( "/var/empty" ); },
{ "name" = ( "sshd" ); "uid" = ( "75" ); "realname" = ( "sshd Privilege separation" ); "home" = ( "/var/empty" ); },
{ "name" = ( "qtss" ); "uid" = ( "76" ); "realname" = ( "QuickTime Streaming Server" ); "home" = ( "/var/empty" ); },
{ "name" = ( "cyrusimap" ); "uid" = ( "77" ); "realname" = ( "Cyrus IMAP User" ); "home" = ( "/var/imap" ); },
{ "name" = ( "mailman" ); "uid" = ( "78" ); "realname" = ( "Mailman user" ); "home" = ( "/var/empty" ); },
{ "name" = ( "appserver" ); "uid" = ( "79" ); "realname" = ( "Application Server" ); "home" = ( "/var/empty" ); },
{ "name" = ( "clamav" ); "uid" = ( "82" ); "realname" = ( "Clamav User" ); "home" = ( "/var/virusmails" ); },
{ "name" = ( "amavisd" ); "uid" = ( "83" ); "realname" = ( "Amavisd User" ); "home" = ( "/var/virusmails" ); },
{ "name" = ( "jabber" ); "uid" = ( "84" ); "realname" = ( "Jabber User" ); "home" = ( "/var/empty" ); },
{ "name" = ( "xgridcontroller" ); "uid" = ( "85" ); "realname" = ( "Xgrid Controller" ); "home" = ( "/var/xgrid/controller" ); },
{ "name" = ( "xgridagent" ); "uid" = ( "86" ); "realname" = ( "Xgrid Agent" ); "home" = ( "/var/xgrid/agent" ); },
{ "name" = ( "appowner" ); "uid" = ( "87" ); "realname" = ( "Application Owner" ); "home" = ( "/var/empty" ); },
{ "name" = ( "windowserver" ); "uid" = ( "88" ); "realname" = ( "WindowServer" ); "home" = ( "/var/empty" ); },
{ "name" = ( "tokend" ); "uid" = ( "91" ); "realname" = ( "Token Daemon" ); "home" = ( "/var/empty" ); },
{ "name" = ( "securityagent" ); "uid" = ( "92" ); "realname" = ( "SecurityAgent" ); "home" = ( "/var/empty" ); },


----------



## starboardman (Nov 7, 2005)

here ya go: 


{ "name" = ( "users" );
{ "name" = ( "nobody" ); "uid" = ( "-2" ); "realname" = ( "Unprivileged User" ); "home" = ( "/var/empty" ); },
{ "uid" = ( "0" ); "home" = ( "/var/root" ); "realname" = ( "System Administrator" ); },
{ "name" = ( "daemon" ); "uid" = ( "1" ); "realname" = ( "System Services" ); "home" = ( "/var/root" ); },
{ "name" = ( "unknown" ); "uid" = ( "99" ); "realname" = ( "Unknown User" ); "home" = ( "/var/empty" ); },
{ "name" = ( "lp" ); "uid" = ( "26" ); "realname" = ( "Printing Services" ); "home" = ( "/var/spool/cups" ); },
{ "name" = ( "postfix" ); "uid" = ( "27" ); "realname" = ( "Postfix User" ); "home" = ( "/var/spool/postfix" ); },
{ "name" = ( "www" ); "uid" = ( "70" ); "realname" = ( "World Wide Web Server" ); "home" = ( "/Library/WebServer" ); },
{ "name" = ( "eppc" ); "uid" = ( "71" ); "realname" = ( "Apple Events User" ); "home" = ( "/var/empty" ); },
{ "name" = ( "mysql" ); "uid" = ( "74" ); "realname" = ( "MySQL Server" ); "home" = ( "/var/empty" ); },
{ "name" = ( "sshd" ); "uid" = ( "75" ); "realname" = ( "sshd Privilege separation" ); "home" = ( "/var/empty" ); },
{ "name" = ( "qtss" ); "uid" = ( "76" ); "realname" = ( "QuickTime Streaming Server" ); "home" = ( "/var/empty" ); },
{ "name" = ( "cyrusimap" ); "uid" = ( "77" ); "realname" = ( "Cyrus IMAP User" ); "home" = ( "/var/imap" ); },
{ "name" = ( "mailman" ); "uid" = ( "78" ); "realname" = ( "Mailman user" ); "home" = ( "/var/empty" ); },
{ "name" = ( "appserver" ); "uid" = ( "79" ); "realname" = ( "Application Server" ); "home" = ( "/var/empty" ); },
{ "name" = ( "clamav" ); "uid" = ( "82" ); "realname" = ( "Clamav User" ); "home" = ( "/var/virusmails" ); },
{ "name" = ( "amavisd" ); "uid" = ( "83" ); "realname" = ( "Amavisd User" ); "home" = ( "/var/virusmails" ); },
{ "name" = ( "jabber" ); "uid" = ( "84" ); "realname" = ( "Jabber User" ); "home" = ( "/var/empty" ); },
{ "name" = ( "xgridcontroller" ); "uid" = ( "85" ); "realname" = ( "Xgrid Controller" ); "home" = ( "/var/xgrid/controller" ); },
{ "name" = ( "xgridagent" ); "uid" = ( "86" ); "realname" = ( "Xgrid Agent" ); "home" = ( "/var/xgrid/agent" ); },
{ "name" = ( "appowner" ); "uid" = ( "87" ); "realname" = ( "Application Owner" ); "home" = ( "/var/empty" ); },
{ "name" = ( "windowserver" ); "uid" = ( "88" ); "realname" = ( "WindowServer" ); "home" = ( "/var/empty" ); },
{ "name" = ( "tokend" ); "uid" = ( "91" ); "realname" = ( "Token Daemon" ); "home" = ( "/var/empty" ); },
{ "name" = ( "securityagent" ); "uid" = ( "92" ); "realname" = ( "SecurityAgent" ); "home" = ( "/var/empty" ); },
{ "name" = ( "jordan" ); "home" = ( "/Users/jordan" ); "uid" = ( "501" ); "realname" = ( "Jordan" ); },
{ },
{ "uid" = ( "0" ); "home" = ( "/var/root" ); "name" = ( "********" ); "realname" = ( "System Administrator" ); },
{ "uid" = ( "0" ); "home" = ( "/var/root" ); "name" = ( "root" ); "realname" = ( "System Administrator" ); }}


there are 3 different entries that have the sys admin realname


----------



## simbalala (Nov 7, 2005)

starboardman said:
			
		

> here ya go:
> 
> there are 3 different entries that have the sys admin realname



oops...

Maybe Bjarne can save yer ass.


----------



## starboardman (Nov 7, 2005)

simbalala said:
			
		

> oops...
> 
> Maybe Bjarne can save yer ass.


 i believe he can


----------



## lurk (Nov 7, 2005)

sinclair_tm said:
			
		

> as far as ni and root, the first thing i have always done with a new os install is to go and enable the root to set a password to plug that sercurity hole and then dissable.  then i never use ni again, unless i need to put a user account on a different hd.



What security hole are you addressing by enabling root?  I wonder what I might be missing...


----------



## simbalala (Nov 7, 2005)

lurk said:
			
		

> What security hole are you addressing by enabling root?  I wonder what I might be missing...



That argument was countered earlier in the thread. I think the response was - how can *any* password be more secure than no password?

In any case he says that he enables it, sets a password, then disables it. It's probably best to leave it alone.


----------



## BjarneDM (Nov 7, 2005)

Lets start by taking a backup of the users just in case. If everything goes completely bonkers then we'll have the option of getting back to our starting point:
nidump -r /users . > users.txt

Next, we'll need to identify the id's of the problematic users. We can get the id's of every user with this command:
niutil -list . /users
This will output a list of id's and the corresponding short name of the user. What we are looking for here are the two entries with
1) no name at all - just the id number
2) a name consisting of '*'s

We get rid of these two one-by-one by issuing this command:
sudo niutil -destroy . [id]

Example:
Part of my list looks like this:
26       children
27       bjarne
28       gaest
29       postgres
30       novo
If i want to remove the 'postgres' user, I'll issue this command:
sudo niutil -destroy . 29

Now, each time you've removed one of them, run the command to get the list of users and make sure you've destroyed the right one. If you mess up, we'll re-create your original status and take it from there again.

Please note: this id we are talking about here is !NOT! the normal user-id !!!


----------



## starboardman (Nov 7, 2005)

% sudo niutil -destroy 12
niutil: insufficient number of arguments for -destroy

usage:
        niutil -create      [opts] <domain> <path>
        niutil -destroy     [opts] <domain> <path>
        niutil -createprop  [opts] <domain> <path> <propkey> [<val>...]
        niutil -appendprop  [opts] <domain> <path> <propkey> <val>...
        niutil -mergeprop   [opts] <domain> <path> <propkey> <val>...
        niutil -insertval   [opts] <domain> <path> <propkey> <val> <index>
        niutil -destroyprop [opts] <domain> <path> <propkey>...
        niutil -destroyval  [opts] <domain> <path> <propkey> <val>...
        niutil -renameprop  [opts] <domain> <path> <oldkey> <newkey>
        niutil -read        [opts] <domain> <path>
        niutil -list        [opts] <domain> <path> [<propkey>]
        niutil -readprop    [opts] <domain> <path> <propkey>
        niutil -readval     [opts] <domain> <path> <propkey> <index>
        niutil -rparent     [opts] <domain>
        niutil -resync      [opts] <domain>
        niutil -statistics  [opts] <domain>
        niutil -domainname  [opts] <domain>
opts:
        -t              domain specified by <hostname>/<tag>
        -p              prompt for password
        -u <user>       authenticate as another user (implies -p)
        -P <password>   password supplied on command line (overrides -p)
        -T <timeout>    read & write timeout in seconds (default 30)
        -n              numeric output for -rparent
        -R              Retry operation if master is busy


Do I need to put the path... and domain??


----------



## simbalala (Nov 7, 2005)

starboardman said:
			
		

> % sudo niutil -destroy 12
> niutil: insufficient number of arguments for -destroy
> 
> Do I need to put the path... and domain??



Careful... don't get ahead of the game, yer gonna make him mad    again. 

Just post the results of

niutil -list . /users


----------



## starboardman (Nov 7, 2005)

simbalala said:
			
		

> Careful... don't get ahead of the game, yer gonna make him mad    again.
> 
> Just post the results of
> 
> niutil -list . /users


 I see which ones to "destroy" but the command doesn't work, there are two blank users and one with "*"s


----------



## simbalala (Nov 7, 2005)

Instead of this:

sudo niutil -destroy 12 

try

sudo niutil -destroy 12 -P <password>

Where <password> is your password

- or - 

sudo niutil -destroy 12 -p

and it should prompt you for your password


----------



## sinclair_tm (Nov 7, 2005)

well lurk, there is no pw requested when you enable root for the first time, so the first one to do it gets to pick the pw.  so if some one sits down to your machine or some how gets in remotely and you havn't done this, they can and then have more power over your mac then you.  maybe its just me being parinoid, but i had a friend that was the admin at a company that adopted os x very early and when i first got os x on my 7500, he came over and that was the first thing he had me do, enable root and set the pw to protect me from hackers over the net, then he showed me all the other cool things os x does.  so i have always done it sence.


----------



## simbalala (Nov 8, 2005)

sinclair_tm said:
			
		

> well lurk, there is no pw requested when you enable root for the first time, so the first one to do it gets to pick the pw.  so if some one sits down to your machine or some how gets in remotely and you havn't done this, they can and then have more power over your mac then you.



Well, that makes sense. If you lend or someone learns your (admin) account/password and they're malicious they could set the root password and you then would not be able to change it in the future. They could hijack the machine at any time.


----------



## BjarneDM (Nov 8, 2005)

You've forgotten to specify the domain. Please note the lowly '.' in the command. That's actually the domain (even though I forgot it in my example which thus properly should have been : sudo niutil -destroy . 29

There's no harm done as the command simply refused to run.
It's strange how the lowly '.' can have such consequenses  

And one of you ought to have spotted the difference between the two instances I had given of the command  ::angel:: 

And simbalala : you are putting the opts in the wrong place   . Correct would have been
sudo niutil -destroy -P <password> . 12 -or- sudo niutil -destroy -p . 12


----------



## simbalala (Nov 8, 2005)

Dumb question time.

The man page says

niutil -destroy [ opts ] domain path

It's not clear to me why the domain is '.' . 

Is it localhost?


----------



## BjarneDM (Nov 8, 2005)

simbalala said:
			
		

> Dumb question time.
> 
> The man page says
> 
> ...


1) there are no dumb questions (unless it's something I've already answered ::angel:: )
2) the '.' is more correctly the current domain. The local computer is '/' . So if you haven't changed domain in some way '.' and '/' are the same.

The whole niutil and 'Netinfo Manager' is so bloody complicated when we are talking about the domain situation. I must confess that I've only ever messed around with the local domain and I'm not at all sure about how to use other domains.


----------



## lurk (Nov 8, 2005)

sinclair_tm said:
			
		

> well lurk, there is no pw requested when you enable root for the first time, so the first one to do it gets to pick the pw.  so if some one sits down to your machine or some how gets in remotely and you havn't done this, they can and then have more power over your mac then you.



OK I see your reasoning, but unfortunately it is wrong.  The fact that passwd asks you for the old password when run by root is irrelevant, I was not aware that it did so under Os X and it certainly does not when run by root on other *nix versions I have used.  

The reason that this provides no security whatsoever is that once I have access to an admin account with that account's password (the necessary condition for both cases) I can just directly edit the password file and set it to whatever I want.  If I set that field to the original "*" then I suspect if I ran the passwd program it would not prompt me.  But who cares since I already can edit the password file!

This is a text book example of cargo culting if I ever saw one.

ObHumility: I don't know how this interacts with NetInfo but I strongly suspect that it is a direct parallel to "who cares since you can directly edit the database".


----------



## BjarneDM (Nov 8, 2005)

If you can 'sudo' you aren't prompted for the old password of the account:

```
[16:26:40@System]$ sudo passwd root
Changing password for root.
New password:
Retype new password:
[16:28:12@System]$ passwd
Changing password for bjarne.
Old password:
New password:
Retype new password:
[16:28:53@System]$ sudo passwd bjarne
Changing password for bjarne.
New password:
Retype new password:
[16:29:04@System]$
```


----------



## starboardman (Nov 8, 2005)

alright, well I was able to get rid of the user named with *'s but the two blank users I can't destroy.   the first time I ran the destroy command on a blank user it acted like it destroyed it but then i list the users and they still show up... so I try to destroy again and this time it says something:
% sudo niutil -destroy . 12
niutil: can't destroy directory 12: No such directory

so they still show up, but they've been destroyed??


----------



## BjarneDM (Nov 8, 2005)

what result do you get now when running the command from http://www.macosx.com/forums/showpost.php?p=1248379&postcount=47 ?

Let me see your output from : niutil -list . /users


----------



## lurk (Nov 8, 2005)

little-ol-me said:
			
		

> The fact that passwd asks you for the old password when run by root is irrelevant, I was not aware that it did so under Os X and it certainly does not when run by root on other *nix versions I have used.


To wit the reply came...


			
				BjarneDM said:
			
		

> If you can 'sudo' you aren't prompted for the old password of the account:



Thank you, sir, for verifying that OS X is like every other unix in this regard.  I will be able to sleep better now that my world view is back in alignment.


----------



## simbalala (Nov 8, 2005)

lurk said:
			
		

> To wit the reply came...
> 
> 
> Thank you, sir, for verifying that OS X is like every other unix in this regard.  I will be able to sleep better now that my world view is back in alignment.



If you use the NetInfo menu bar menu to change the password it requires the old password. _Making the world safer for newbies..._

But down below, in the main options field it appears that you can change the password there as well. I haven't tried that.


----------



## starboardman (Nov 8, 2005)

BjarneDM said:
			
		

> what result do you get now when running the command from http://www.macosx.com/forums/showpost.php?p=1248379&postcount=47 ?
> 
> Let me see your output from : niutil -list . /users


Now, root is the only "System Administrator"

$ niutil -list . /users
11       nobody
12
13       daemon
14       unknown
15       lp
16       postfix
17       www
18       eppc
19       mysql
20       sshd
21       qtss
22       cyrusimap
23       mailman
24       appserver
25       clamav
26       amavisd
27       jabber
28       xgridcontroller
29       xgridagent
30       appowner
31       windowserver
32       tokend
33       securityagent
92       jordan
94
93       root



$ echo -e $( nidump -r /users . | \
>            sed -nE -e '/(\{|"uid"|"name"|"realname"|"home"|\})/p' |\
>            tr -d '\n' | tr -s ' ' | sed -E 's/ \{/\\n\{/g' \
>          )
{ "name" = ( "users" );
{ "name" = ( "nobody" ); "uid" = ( "-2" ); "realname" = ( "Unprivileged User" ); "home" = ( "/var/empty" ); },
{ "name" = ( "daemon" ); "uid" = ( "1" ); "realname" = ( "System Services" ); "home" = ( "/var/root" ); },
{ "name" = ( "unknown" ); "uid" = ( "99" ); "realname" = ( "Unknown User" ); "home" = ( "/var/empty" ); },
{ "name" = ( "lp" ); "uid" = ( "26" ); "realname" = ( "Printing Services" ); "home" = ( "/var/spool/cups" ); },
{ "name" = ( "postfix" ); "uid" = ( "27" ); "realname" = ( "Postfix User" ); "home" = ( "/var/spool/postfix" ); },
{ "name" = ( "www" ); "uid" = ( "70" ); "realname" = ( "World Wide Web Server" ); "home" = ( "/Library/WebServer" ); },
{ "name" = ( "eppc" ); "uid" = ( "71" ); "realname" = ( "Apple Events User" ); "home" = ( "/var/empty" ); },
{ "name" = ( "mysql" ); "uid" = ( "74" ); "realname" = ( "MySQL Server" ); "home" = ( "/var/empty" ); },
{ "name" = ( "sshd" ); "uid" = ( "75" ); "realname" = ( "sshd Privilege separation" ); "home" = ( "/var/empty" ); },
{ "name" = ( "qtss" ); "uid" = ( "76" ); "realname" = ( "QuickTime Streaming Server" ); "home" = ( "/var/empty" ); },
{ "name" = ( "cyrusimap" ); "uid" = ( "77" ); "realname" = ( "Cyrus IMAP User" ); "home" = ( "/var/imap" ); },
{ "name" = ( "mailman" ); "uid" = ( "78" ); "realname" = ( "Mailman user" ); "home" = ( "/var/empty" ); },
{ "name" = ( "appserver" ); "uid" = ( "79" ); "realname" = ( "Application Server" ); "home" = ( "/var/empty" ); },
{ "name" = ( "clamav" ); "uid" = ( "82" ); "realname" = ( "Clamav User" ); "home" = ( "/var/virusmails" ); },
{ "name" = ( "amavisd" ); "uid" = ( "83" ); "realname" = ( "Amavisd User" ); "home" = ( "/var/virusmails" ); },
{ "name" = ( "jabber" ); "uid" = ( "84" ); "realname" = ( "Jabber User" ); "home" = ( "/var/empty" ); },
{ "name" = ( "xgridcontroller" ); "uid" = ( "85" ); "realname" = ( "Xgrid Controller" ); "home" = ( "/var/xgrid/controller" ); },
{ "name" = ( "xgridagent" ); "uid" = ( "86" ); "realname" = ( "Xgrid Agent" ); "home" = ( "/var/xgrid/agent" ); },
{ "name" = ( "appowner" ); "uid" = ( "87" ); "realname" = ( "Application Owner" ); "home" = ( "/var/empty" ); },
{ "name" = ( "windowserver" ); "uid" = ( "88" ); "realname" = ( "WindowServer" ); "home" = ( "/var/empty" ); },
{ "name" = ( "tokend" ); "uid" = ( "91" ); "realname" = ( "Token Daemon" ); "home" = ( "/var/empty" ); },
{ "name" = ( "securityagent" ); "uid" = ( "92" ); "realname" = ( "SecurityAgent" ); "home" = ( "/var/empty" ); },
{ "name" = ( "jordan" ); "home" = ( "/Users/jordan" ); "uid" = ( "501" ); "realname" = ( "Jordan" ); },
{ "uid" = ( "0" ); "home" = ( "/var/root" ); "name" = ( "root" ); "realname" = ( "System Administrator" ); }}


----------



## BjarneDM (Nov 8, 2005)

Well it's not so simple to change the password of any user in 'Netinfo Manager' as Mac OS X is using shadowed passwords. There is a way, but it's rather convoluted, and if you can use 'Netinfo Manager' you can also use 'sudo passwd' in 'Terminal' which is *way* simpler   

Having said that, if you replace the 'generateduid' of one user with the 'generateduid' of another, they get the same password. I suppose this could be used as a way of setting up several users with the exact same password (change one and all are changed - it's working), but it seems to give problems: in the 'Fast User Switching' menu you'll still have all the users present, but in the login window only one of these users will be present.


----------



## BjarneDM (Nov 8, 2005)

hmmm ... 

I must confess I don't understand why you are still getting those two empty names. They might or might not disappear after a reboot, but if you get the message that they don't exist, I guess they don't hurt !

But it seems as if you've successfully gotten rid of your duplicate "System Administrator"s, so congratulations. So, are you back at getting the correct prompt when 'sudo -s' ?


----------



## starboardman (Nov 8, 2005)

BjarneDM said:
			
		

> hmmm ...
> 
> I must confess I don't understand why you are still getting those two empty names. They might or might not disappear after a reboot, but if you get the message that they don't exist, I guess they don't hurt !
> 
> But it seems as if you've successfully gotten rid of your duplicate "System Administrator"s, so congratulations. So, are you back at getting the correct prompt when 'sudo -s' ?



that works now too! 
% sudo -s
Password:
:~ root# whoami
root
:~ root#


----------



## BjarneDM (Nov 8, 2005)

Phew ... finally ::ha:: 

Now (putting on my best imitation of A Stern School Master), I do hope, my dear Sir, that you've learned something from this whole sordid tale  ::evil:: Otherwise, you'll have to read the whole thread ten times in a row and do a written disposition in front of the class tomorrow ::evil:: 

Now, go to the blackboard and write 100 times:
I will never ever again try to modify my root account in 'Netinfo Manager' - I do so solemny promise !!!


----------



## starboardman (Nov 8, 2005)

BjarneDM said:
			
		

> Phew ... finally ::ha::
> 
> Now (putting on my best imitation of A Stern School Master), I do hope, my dear Sir, that you've learned something from this whole sordid tale  ::evil:: Otherwise, you'll have to read the whole thread ten times in a row and do a written disposition in front of the class tomorrow ::evil::
> 
> ...



lol, thanks man, this is the best help i've ever gotten when it comes to anything related to unix


----------



## simbalala (Nov 8, 2005)

starboardman said:
			
		

> lol, thanks man, this is the best help i've ever gotten when it comes to anything related to unix



I'm waiting for the next person to come along with a difficult problem so we can have another lesson. I've never had a Unix box to play on before so I kind of follow along on my own machine. I don't think I'll do something dumb though and break the system on purpose, I'll leave that to others.


----------



## g/re/p (Nov 8, 2005)

BjarneDM said:
			
		

> Phew ... finally ::ha::
> 
> Now (putting on my best imitation of A Stern School Master), I do hope, my dear Sir, that you've learned something from this whole sordid tale  ::evil:: Otherwise, you'll have to read the whole thread ten times in a row and do a written disposition in front of the class tomorrow ::evil::
> 
> ...



Glad to see that you were able to solve his problem.


----------



## BjarneDM (Nov 8, 2005)

simbalala said:
			
		

> I'm waiting for the next person to come along with a difficult problem so we can have another lesson. I've never had a Unix box to play on before so I kind of follow along on my own machine.


Well, if you are interested in that kind of thing then you might be interested in the three threads I've started


----------

