# User Root Exposed



## sagegreenimac (Dec 14, 2000)

All right guys, this might be old news to some but has been a personal fight for me having no experience in Linux or Unix. I have just figured out how to access the ROOT account in OS X PB. Alright here it goes. Go into NetInfo to the Users subdirectory. Click the user "Root". Copy in some way the settings of the user and then delete the user "root". Yes I said delete him. Close the NetInfo window and watch the fun start. When you try to access the menu it tells you that the computer "/" has no root user changes cannot be made. Quit NetInfo using Cmd-Q. Now go into "Multiple Users" in the utils folder and make a new user..."Root".  Make the Real name System and the short "root" makes sure to make it an admin. Close Multiple users and go back into NetInfo Manager. You will notice right away that the error is gone but the process isn't done yet. Now copy all the settings except for password settings back over to make sure that the system still functions properly. You know have unrestricted access of your computer and can reek havoc from anywhere. Advantages that I love I can log in with telnet and using the SU command become the root and do whatever I want from anywhere. Be careful to not mess anything up.


----------



## MasonMcD (Dec 14, 2000)

My jaw is on the ground. I don't know if you are joking, or are sincere and just a moron. Don't do what you did again. Or let anyone think that has *anything* to do with su'ing to root, or gaining access to root privileges.


----------



## zpincus (Dec 14, 2000)

Um, yes, I second that.
I am able to SU from a ssh login just fine, thank you, and I really really recommend against any such munging around and deleting root. 
sagegreenimac, what was the point of this exercise? If there is a valid reason to do such a thing, I would really be interested in finding that out, because that's a thing Apple needs to fix.

Zach

* to all others *
Do not do this thing.


----------



## billbaloney (Dec 14, 2000)

Wow.  I'm afraid that Apple owes its OS X users a thorough explanation of the root account, its functions, and (most importantly) its dangers.

People, if you need to make changes as root, just open up a shell and use the "su" command.  And make sure to "exit" as soon as you're done with your root-related activities.

There's no need at all to mess around in NetInfo -- the root account is necessary to any UNIX-derived OS, and as such is made by default.

Be careful!


----------



## rinse (Dec 14, 2000)

The real point... is the fact that you shouldn't be able to do that.

Another thing is the fact that there is no way to differentiate the "root" user as having a different password than the system installer's password... 


dunno, just think about all the new iMac owners updgrading to osx and accidentally su'ing to root via the command "su" with no parameter's... then being prompted for a password, and typing in the password for the installer's account because they didn't know they were su'ing to root. ... then they go crazy and do something very easy rm /library, whatever...

GAH!

apple needs to carlify this whole *nix thing for the newbie.


----------



## sagegreenimac (Dec 14, 2000)

I still love the fact that now I have access to the user root. It was a personal goal of mine. No it is not for the normal user. No there is no real purpose to it, but I still think that it is a cool little hack. The fact that the user root was unable to be logged in with was reason enough for me. Hey if the Mac community was made of people who settle for what is then what could be, we would still be back on a little beige box with no software.


----------



## abceasy (Dec 14, 2000)

But I don't think the average user's going to actually be doing anything with the Terminal or even know what it is. There will probably be no reason to use it, once programs have installers that work and aren't tarred and gzipped. (I've tried extracing those with OS X Stuffit with varying degrees of success.) 

Besides, I don't think doing rm /library would do much. It would probably be more like rm -r /Library

That would probably not be a good idea to do by accident as root. So I can see why someone would want to remove such a dangerous account.  Perhaps "su" should give a warning like what comes up with GNOME, like "using this account allows you to make irreparable changes to your system that can make it completely unusable. Do you want to do this? (y/n). If yes, you will be asked to enter the root password" Y. (defaulting to N) Password: 

That would make sense. 
su <enter> y<enter> would not be too much of a burden for me to prevent someone from su'ing by accident. 

But the user Root should definitely not be able to be removed using NetInfo. I hope that Apple has been notified of this, becuase I doubt that anyone working on the program for Apple has actually tried to do this. If there are no objections, I'd like to forward this information to Apple.


----------



## rinse (Dec 15, 2000)

i think they should definitely know about this.

bad bad things could happen if apple doesn't tidy all the holes like this.

i hope they offer the Terminal app and other unix utilities as a seperate install option apart from typical installation...

How many newbie's will want to install them if iwas an extra checkbox in the install that was defaulted to off? not many, and lots of problems could be avoided...

netinfo is a dangerous program if used incorrectly in many other respects as well.


----------



## marmoset (Dec 15, 2000)

The mental picture I keep having is a guy in a khaki short suit, standing hip deep in a jungle river somewhere:

"Crikey!  This 'root user'  sure has a nasty disposition!  if I were to let her, she'd take my bleedin' hand right off!  Look at the fury in her eyes!  Phwooarrr!"

(with apologies to the Crocodile Hunter)


----------



## DJ_XTC (Dec 15, 2000)

LMAO!!!!!!!!




Sorry, just had to say it.


----------



## ITz The MaN (Dec 17, 2000)

Hey, I am a unix newbie (though I dont think u can call me that any more now), but I am gunna tell you what I think:
Unix was meant to be a networking OS. It has the root user, the admin(s), and the regular users. The regular users only get mess with what is in their user folder, becuase they are only meant for client users. The admin has a little more power in that he can mess with some other file.... the files that *will not hurt your computer if messed with.* Now, there is the super user, the root account; this is the account that a system admin uses when he/she needs to make some big change in the system, intstall some software, etc. Root is not a normal adminastration account, where it is only used when it is needed to do something advanced (or at least intermediate). Even the person who has acces to root does not normaly like to be in root, because he/she knows it as potential to f**king up the system.
I advise you be realy careful if you are gunna be in root (no matter what your user name is, your uid is 0 wich means your are the super user (root). You might as well just log on as root isntead of your user name, becuse they are the exact same thing except the login name is different. If you want to use root for a little thing, you should just su to root (and learn some unix commands).


----------



## scruffy (Dec 17, 2000)

sagegreenimac: <i>The fact that the user root was unable to be logged in with was reason enough for me.</i>

You couldn't log in as root?  That's odd - when I installed, I was able to log in as either the name I gave at install, or as root, using the same password.

That actually bothered me, so I opened a terminal, su'ed, and changed my password (the command is "passwd" incidentally).  I thought it was very annoying that Apple has not provided a graphical way to change the root user account's attributes.

Especially bad is that, since graphical configuration controls do not require you to give the username and password for root, just anyone in the group "wheel" (people allowed to su to root), the apps have to be "suid root".  That means that anyone running them is running with root's permissions.  The fact that you can't make any changes until you enter a valid password is left entirely up to the diligence and competence of the programmer.  This is considered a very major security hole in Unix circles - it means that all anyone has to do is find a single bug in a single one of these applications that lets them circumvent the password entry somehow, and they potentially have command of your entire computer.  

And all this because Apple decided "Our users are too dumb to understand the concept or a root user.  We won't explain any of it to them."


----------



## zpincus (Dec 17, 2000)

Scruffy -- could you run that by me again? The config programs run
as "root" even before you "authenticate" them? What in OS X stops
any application (possibly malicious) from doing this same thing?
Hearing this pains me. I certainly hope Apple, at the very least, decides
to ask for a "Master" admin password in the setup process...
I found it confusing/annoying/dangerous that my "admin" password was also root's.

Thanks for bringing this to our attention.
Zach


----------



## omega884 (Dec 21, 2000)

What you all seem to have forgoten is that the average user does not know nor care about root. The purpose of OS X is to create an OS that satisfies both consumers and buisnesses with power and eficiency. The fact that you can access root with the same password as the sys admin, is rather pointless to all of you since you all know how to change this and all understand the power of root. If this operating system were to be used under a buisness setting or a setting requiring high security, chances are the original password schemes would not be used to begin with. Most people concerned with security will download another program to secure their computers. Besides, your admin password should not be made availible to anyone but you to begin with. Any book on security will tell you that. If you wan tother admin accounts create them, don't let others use yours.


----------



## zpincus (Dec 22, 2000)

Omega --
I'm afraid that I must respectfully disagree.

OS X needs to be bulletproof out of the box. Whether or not end users know about root, it is still there. If there are bugs/security flaws that leave this accessible to malicious programs or non-admin users, we've all got big problems. 

1) With persistent internet connections becoming so inexpensive and popular, even home users need be concerned that their computer may be cracked. A *NIX box with security flaws is a huge target, wandering around all day with a "kick me" sign on its back. It would be sad (and hugely bad PR) if OS X boxes get cracked, say for use as platforms for things like denial of service attacks. (Previous attackers exploited a security flaw in a Redhat distribution, I believe?)

2) The education market is huge for Apple. If OS X machines are to survive in college (or even high school) computer clusters, a non-admin user must not be able to get root access, period. (The single user startup is far too insecure, for example.) People who run these computer labs are not necessarialy going to be reading security books, or themselves even know about "root."

3) Because OS X is at its base a UNIX OS, security can and must be expected out of the box. Requiring a  third party solution to secure what should already be a bulletproof OS (and note that BSD has emphatically been designed thusly) is insulting. Sure, third-party solutions are great for extra security measures, but they should not be necessary to keep the OS from being cracked and the root user exposed.

Note that none of these security concerns (or those scruffy astutely pointed out) have anything to do with people accidentally giving out admin accounts or their password. Also, the ability to change the root password from the original scheme doesn't fix the problem that programs can run with root priviledges without authentication by the real root password (I think?).

Just my thoughts, though,
Zach

[Edited by zpincus on 12-22-2000 at 01:04 AM]


----------



## billbaloney (Dec 22, 2000)

Absolutely.  It doesn't matter in this discussion what the average user will or won't be interested in; it matters what security holes a user will be unknowingly implementing by installing OS X.


----------



## tadd (Dec 24, 2000)

it is important that we keep in mind the difference between 

1. security that prevents the owner from screwing up
2. security that prevents your kids from getting parents' stuff.  
3. security that prevents someone from getting at your system from the internet
4. security that prevents someone with physical access to your box from getting at your system.

i think that we'd be very lucky to see a system that had great security for all four cases.  

I'd like to hear arguments as to what OS X currently has and what we think it should have.

thanks.
  Tadd


----------



## billbaloney (Dec 27, 2000)

The companion product that Apple has to develop here, in addition to a robust and secure OS X, is the education necessary for users to switch from the previous, hand-holding OS to this new environment.

For instance, it's a great benefit to Xers to have an Apache server ready to go at the flip of a Network Services switch, but they need to deploy this feature with thorough documentation.  Apple unfortunately can't expect their customers to exercise due diligence and read through the Apache site to understand the security risks that are involved with running a server from your computer -- they'll need to spell it out, and include it as a chapter in a large, separate manual, titled "IMPORTANT: Security and OS X", that ships with the installer disks.

This is really about users' understanding the *NIX security scheme in general.  I was talking to a security consultant recently about OS X, and his comment was, "At least it'll look cool to the users while their laptops are being broken into!"  If Apple fails to provide thorough security documentation, their boldness in developing a commercial OS on top of BSD will seriously backfire.


----------



## rsteed (Jan 13, 2001)

I don't get all the fuss here!

First of all, you can <i>always</i> log in as <b>root</b> from the main login prompt and run all the administration tools directly as root. If you want a GUI tool to change the root password, log in as root and change your password. If you want to remove the password for root, delete the hashed password in Netinfo. You will now have a completely insecure system and can look forward to being screwed by anyone 

<i>"That means that anyone running them is running with root's permissions."</i>

It does not mean you are running as root, just as a member of the <b>System Administrators</b> group. If you are the installing user, and therefore belong to the group <b>admin</b> then you have the same access (mostly) as root to make changes to your system. Apple has done the right thing here, since 'admin' users usually have to authenticate themselves before doing any damage, whereas the root user change just change things willy-nilly. There is no security risk unless you give away your password, or use one which can be easily guessed.

Apple <i>has</i> provided a secure system out of the box. In fact, if you look at the revised OS X site, you will notice that even <b>telnet</b> is no longer in favor of <b>ssh</b> as the default remote access protocol. 

Apple has created a UNIX OS that gives power users everything they want, while maintaining a reasonable level of ease of use for the rest. The only danger is with wannabe power users who don't know what they are doing. These users have to remember that there is plenty of documentation to help them out (man pages) and that there are always consequences to hacking. 

<b>sagegreenimac</b> has only succeeded to demonstrate that if you make something idiot proof, someone will always make a better idiot.


----------



## omega884 (Jan 13, 2001)

You all complain that apple has provided no education to it's end users concerning the safety and security of their system and the root login. Remember this is a BETA of the operating system. This means that it is going to have flaws and will not have documentation or anything explaining the workings of the system. Disregard the fact that this is a public beta, all that means is you don't have to register with apple to play with it. Apple has given no documentation on it because it costs money to do that and right now the OS is not finished. The people who set this computer up at home, most likely have never used Linux or UNIX before and have no idea what "root" is or even that it exists. Those that have had previous *NIX expierience know how dangerous root is and won't touch it. The people that are setting this up to be a secure system i.e. a server or mainframe system, should already know about root and have extensive knowledge in *NIX. Also, any system using this in a secure fashion will have the root pass word as well as the administrator pass words on a rotateing system so that no one password is used for too long. It is acctualy an insult for you to think that a person useing the system for security will not know how to handle the system and should be told how to do so. So then you could argue well that just makes things easier for hackers. If your worried about hackers, relying only on what comes bundled with the OS is an extreamly stupid thing to do. Please next time, reconsider what you say before you say it.


----------



## rsteed (Jan 14, 2001)

Well said <b>Omega884</b>.

I expect Apple's final documentation will be very good.


----------

