I deleted the root user! Help!

simbalala said:
If I were you the next thing I'd be doing is getting your machine's root and nobody accounts sorted out.

I'd be leery of installing more and more stuff onto a machine with a wonky O/S.
Click to expand...

According to BjarneDM, there should be no passwd entry for root?
The nobody user looks just like Bjarne told me it should.
What happens now when I switch to root is this: there's no user name at all

:~ jordan$ sudo -s
Password:
:~ # whoami

:~ #

what's a good way to test if I have root?
 
Something is obviously messed up - not to be rude, but it appears that your tinkering with netinfo and then trying to fix the resulting error has adversely effected your computer in some way.

It may be fine for now, but you cannot be sure that some future security update or OS update will not cause your OS to "crash and burn".

If i were in your situation, i would seriously consider backing up any data i did not want to lose and doing an archive and install.
 
You seem to log in as root, as you get the '#' in the prompt

A way to check is to use: sudo su - root ; and after having logged in to use: pwd
The result of the last ought to be '/var/root'

Double-check the root-settings. It looks as if you've got no name entry in the root account. The behaviour you are reporting is consistent with what happens when I delete the 'name' entry for my root account.

Try to check the results of this command:
nidump -r /users . | sed -nE '/(\{|"uid"|"name"|"realname"|"home"|\})/p'
and look for something looking like this:
Code: 
    {
      "uid" = ( "0" );
      "home" = ( "/var/root" );
      "name" = ( "root" );
      "realname" = ( "System Administrator" );
    },
I've got a nasty suspicion that you might have more than one group of lines that looks like the above, so be very careful when you go through the output and !don't! stop at the first match, but make very sure you've been the whole list through - and possibly more than once just to make sure.

If the root account has no name, you'll not be able to find it in the list of users in 'Netinfo Manager'. Instead, the root account will have some strange name like 'dir:12'

Let's take it from there when you've analyzed your situation
 
I have that entry, it looks exactly the same, and there aren't any duplicates.
/var/root is the home
so, I'm good to go?
I might as well back up anyway, what's the best program or method for backing up? and where's the best place to find applications for x11?
 
starboardman said:
I have that entry, it looks exactly the same, and there aren't any duplicates.
/var/root is the home
so, I'm good to go?
Click to expand...
Apparently, but I'm still wondering about the missing 'whoami' information ! I definitely don't like that you don't get any response; it definitely means that !something! isn't as it should be :(
starboardman said:
I might as well back up anyway, what's the best program or method for backing up?
Click to expand...
Depends on what you want to back up.
starboardman said:
and where's the best place to find applications for x11?
Click to expand...
There are several way you can install X11 software:
1) DarwinPorts ( http://www.apple.com/downloads/macosx/unix_open_source/portauthority.html )
2) fink ( http://finkcommander.sourceforge.net/about/ )
3) Standalone installers requiring just Apple X11
4) Partly to Mac OS X ported applications; meaning that the GUI is a Mac OS X program, but that you'll have to install the backend through fink/darwinports ( http://www.apple.com/downloads/macosx/networking_security/aquaethereal.html )
5) Fully to Mac OS X ported applications ( http://www.apple.com/downloads/macosx/math_science/rformacosx.html )

Take a look here: http://www.apple.com/downloads/macosx/unix_open_source/ . You'll also find X11 or other traditional Unix application in some of the other categories (which should be obvious by looking at the URLs above).
 
starboardman said:
I have that entry, it looks exactly the same, and there aren't any duplicates.
/var/root is the home
so, I'm good to go?
I might as well back up anyway, what's the best program or method for backing up? and where's the best place to find applications for x11?
Click to expand...

Why not post the complete report from this command?

nidump -r /users . | sed -nE '/(\{|"uid"|"name"|"realname"|"home"|\})/p'

It's not all that long on my machine. Or just post enough to show us the first special users, like so:

{
"name" = ( "users" );
{
"name" = ( "nobody" );
"uid" = ( "-2" );
"realname" = ( "Unprivileged User" );
"home" = ( "/var/empty" );
},
{
"name" = ( "root" );
"uid" = ( "0" );
"realname" = ( "System Administrator" );
"home" = ( "/var/root" );
},
{
"name" = ( "daemon" );
"uid" = ( "1" );
"realname" = ( "System Services" );
"home" = ( "/var/root" );
},
{
"name" = ( "unknown" );
"uid" = ( "99" );
"realname" = ( "Unknown User" );
"home" = ( "/var/empty" );
},
{
"name" = ( "lp" );
"uid" = ( "26" );
"realname" = ( "Printing Services" );
"home" = ( "/var/spool/cups" );
},
{
"name" = ( "postfix" );
"uid" = ( "27" );
"realname" = ( "Postfix User" );
"home" = ( "/var/spool/postfix" );
},
 
well, to shorten the output at bit we can get each user on separate lines by treating the output from 'nidump' a bit more:
Code: 
echo -e $( nidump -r /users . | \
           sed -nE -e '/(\{|"uid"|"name"|"realname"|"home"|\})/p' |\
           tr -d '\n' | tr -s ' ' | sed -E 's/ \{/\\n\{/g' \
         )
Copy and Paste the !whole! code-block as a single entity into Terminal. It's been broken into lines in order to improve readability, but it's actually a single command line ;)
 
hehe, this is like a little lesson in command line basics, here's mine

{ "name" = ( "users" );
{ "name" = ( "nobody" ); "uid" = ( "-2" ); "realname" = ( "Unprivileged User" ); "home" = ( "/var/empty" ); },
{ "name" = ( "root" ); "uid" = ( "0" ); "realname" = ( "System Administrator" ); "home" = ( "/var/root" ); },
{ "name" = ( "daemon" ); "uid" = ( "1" ); "realname" = ( "System Services" ); "home" = ( "/var/root" ); },
{ "name" = ( "unknown" ); "uid" = ( "99" ); "realname" = ( "Unknown User" ); "home" = ( "/var/empty" ); },
{ "name" = ( "lp" ); "uid" = ( "26" ); "realname" = ( "Printing Services" ); "home" = ( "/var/spool/cups" ); },
{ "name" = ( "postfix" ); "uid" = ( "27" ); "realname" = ( "Postfix User" ); "home" = ( "/var/spool/postfix" ); },
{ "name" = ( "www" ); "uid" = ( "70" ); "realname" = ( "World Wide Web Server" ); "home" = ( "/Library/WebServer" ); },
{ "name" = ( "eppc" ); "uid" = ( "71" ); "realname" = ( "Apple Events User" ); "home" = ( "/var/empty" ); },
{ "name" = ( "mysql" ); "uid" = ( "74" ); "realname" = ( "MySQL Server" ); "home" = ( "/var/empty" ); },
{ "name" = ( "sshd" ); "uid" = ( "75" ); "realname" = ( "sshd Privilege separation" ); "home" = ( "/var/empty" ); },
{ "name" = ( "qtss" ); "uid" = ( "76" ); "realname" = ( "QuickTime Streaming Server" ); "home" = ( "/var/empty" ); },
{ "name" = ( "cyrusimap" ); "uid" = ( "77" ); "realname" = ( "Cyrus IMAP User" ); "home" = ( "/var/imap" ); },
{ "name" = ( "mailman" ); "uid" = ( "78" ); "realname" = ( "Mailman user" ); "home" = ( "/var/empty" ); },
{ "name" = ( "appserver" ); "uid" = ( "79" ); "realname" = ( "Application Server" ); "home" = ( "/var/empty" ); },
{ "name" = ( "clamav" ); "uid" = ( "82" ); "realname" = ( "Clamav User" ); "home" = ( "/var/virusmails" ); },
{ "name" = ( "amavisd" ); "uid" = ( "83" ); "realname" = ( "Amavisd User" ); "home" = ( "/var/virusmails" ); },
{ "name" = ( "jabber" ); "uid" = ( "84" ); "realname" = ( "Jabber User" ); "home" = ( "/var/empty" ); },
{ "name" = ( "xgridcontroller" ); "uid" = ( "85" ); "realname" = ( "Xgrid Controller" ); "home" = ( "/var/xgrid/controller" ); },
{ "name" = ( "xgridagent" ); "uid" = ( "86" ); "realname" = ( "Xgrid Agent" ); "home" = ( "/var/xgrid/agent" ); },
{ "name" = ( "appowner" ); "uid" = ( "87" ); "realname" = ( "Application Owner" ); "home" = ( "/var/empty" ); },
{ "name" = ( "windowserver" ); "uid" = ( "88" ); "realname" = ( "WindowServer" ); "home" = ( "/var/empty" ); },
{ "name" = ( "tokend" ); "uid" = ( "91" ); "realname" = ( "Token Daemon" ); "home" = ( "/var/empty" ); },
{ "name" = ( "securityagent" ); "uid" = ( "92" ); "realname" = ( "SecurityAgent" ); "home" = ( "/var/empty" ); },
 
here ya go:


{ "name" = ( "users" );
{ "name" = ( "nobody" ); "uid" = ( "-2" ); "realname" = ( "Unprivileged User" ); "home" = ( "/var/empty" ); },
{ "uid" = ( "0" ); "home" = ( "/var/root" ); "realname" = ( "System Administrator" ); },
{ "name" = ( "daemon" ); "uid" = ( "1" ); "realname" = ( "System Services" ); "home" = ( "/var/root" ); },
{ "name" = ( "unknown" ); "uid" = ( "99" ); "realname" = ( "Unknown User" ); "home" = ( "/var/empty" ); },
{ "name" = ( "lp" ); "uid" = ( "26" ); "realname" = ( "Printing Services" ); "home" = ( "/var/spool/cups" ); },
{ "name" = ( "postfix" ); "uid" = ( "27" ); "realname" = ( "Postfix User" ); "home" = ( "/var/spool/postfix" ); },
{ "name" = ( "www" ); "uid" = ( "70" ); "realname" = ( "World Wide Web Server" ); "home" = ( "/Library/WebServer" ); },
{ "name" = ( "eppc" ); "uid" = ( "71" ); "realname" = ( "Apple Events User" ); "home" = ( "/var/empty" ); },
{ "name" = ( "mysql" ); "uid" = ( "74" ); "realname" = ( "MySQL Server" ); "home" = ( "/var/empty" ); },
{ "name" = ( "sshd" ); "uid" = ( "75" ); "realname" = ( "sshd Privilege separation" ); "home" = ( "/var/empty" ); },
{ "name" = ( "qtss" ); "uid" = ( "76" ); "realname" = ( "QuickTime Streaming Server" ); "home" = ( "/var/empty" ); },
{ "name" = ( "cyrusimap" ); "uid" = ( "77" ); "realname" = ( "Cyrus IMAP User" ); "home" = ( "/var/imap" ); },
{ "name" = ( "mailman" ); "uid" = ( "78" ); "realname" = ( "Mailman user" ); "home" = ( "/var/empty" ); },
{ "name" = ( "appserver" ); "uid" = ( "79" ); "realname" = ( "Application Server" ); "home" = ( "/var/empty" ); },
{ "name" = ( "clamav" ); "uid" = ( "82" ); "realname" = ( "Clamav User" ); "home" = ( "/var/virusmails" ); },
{ "name" = ( "amavisd" ); "uid" = ( "83" ); "realname" = ( "Amavisd User" ); "home" = ( "/var/virusmails" ); },
{ "name" = ( "jabber" ); "uid" = ( "84" ); "realname" = ( "Jabber User" ); "home" = ( "/var/empty" ); },
{ "name" = ( "xgridcontroller" ); "uid" = ( "85" ); "realname" = ( "Xgrid Controller" ); "home" = ( "/var/xgrid/controller" ); },
{ "name" = ( "xgridagent" ); "uid" = ( "86" ); "realname" = ( "Xgrid Agent" ); "home" = ( "/var/xgrid/agent" ); },
{ "name" = ( "appowner" ); "uid" = ( "87" ); "realname" = ( "Application Owner" ); "home" = ( "/var/empty" ); },
{ "name" = ( "windowserver" ); "uid" = ( "88" ); "realname" = ( "WindowServer" ); "home" = ( "/var/empty" ); },
{ "name" = ( "tokend" ); "uid" = ( "91" ); "realname" = ( "Token Daemon" ); "home" = ( "/var/empty" ); },
{ "name" = ( "securityagent" ); "uid" = ( "92" ); "realname" = ( "SecurityAgent" ); "home" = ( "/var/empty" ); },
{ "name" = ( "jordan" ); "home" = ( "/Users/jordan" ); "uid" = ( "501" ); "realname" = ( "Jordan" ); },
{ },
{ "uid" = ( "0" ); "home" = ( "/var/root" ); "name" = ( "********" ); "realname" = ( "System Administrator" ); },
{ "uid" = ( "0" ); "home" = ( "/var/root" ); "name" = ( "root" ); "realname" = ( "System Administrator" ); }}


there are 3 different entries that have the sys admin realname
 
sinclair_tm said:
as far as ni and root, the first thing i have always done with a new os install is to go and enable the root to set a password to plug that sercurity hole and then dissable. then i never use ni again, unless i need to put a user account on a different hd.
Click to expand...

What security hole are you addressing by enabling root? I wonder what I might be missing...
 
lurk said:
What security hole are you addressing by enabling root? I wonder what I might be missing...
Click to expand...

That argument was countered earlier in the thread. I think the response was - how can any password be more secure than no password?

In any case he says that he enables it, sets a password, then disables it. It's probably best to leave it alone.
 
Lets start by taking a backup of the users just in case. If everything goes completely bonkers then we'll have the option of getting back to our starting point:
nidump -r /users . > users.txt

Next, we'll need to identify the id's of the problematic users. We can get the id's of every user with this command:
niutil -list . /users
This will output a list of id's and the corresponding short name of the user. What we are looking for here are the two entries with
1) no name at all - just the id number
2) a name consisting of '*'s

We get rid of these two one-by-one by issuing this command:
sudo niutil -destroy . [id]

Example:
Part of my list looks like this:
26 children
27 bjarne
28 gaest
29 postgres
30 novo
If i want to remove the 'postgres' user, I'll issue this command:
sudo niutil -destroy . 29

Now, each time you've removed one of them, run the command to get the list of users and make sure you've destroyed the right one. If you mess up, we'll re-create your original status and take it from there again.

Please note: this id we are talking about here is !NOT! the normal user-id !!!
 
% sudo niutil -destroy 12
niutil: insufficient number of arguments for -destroy

usage:
niutil -create [opts] <domain> <path>
niutil -destroy [opts] <domain> <path>
niutil -createprop [opts] <domain> <path> <propkey> [<val>...]
niutil -appendprop [opts] <domain> <path> <propkey> <val>...
niutil -mergeprop [opts] <domain> <path> <propkey> <val>...
niutil -insertval [opts] <domain> <path> <propkey> <val> <index>
niutil -destroyprop [opts] <domain> <path> <propkey>...
niutil -destroyval [opts] <domain> <path> <propkey> <val>...
niutil -renameprop [opts] <domain> <path> <oldkey> <newkey>
niutil -read [opts] <domain> <path>
niutil -list [opts] <domain> <path> [<propkey>]
niutil -readprop [opts] <domain> <path> <propkey>
niutil -readval [opts] <domain> <path> <propkey> <index>
niutil -rparent [opts] <domain>
niutil -resync [opts] <domain>
niutil -statistics [opts] <domain>
niutil -domainname [opts] <domain>
opts:
-t domain specified by <hostname>/<tag>
-p prompt for password
-u <user> authenticate as another user (implies -p)
-P <password> password supplied on command line (overrides -p)
-T <timeout> read & write timeout in seconds (default 30)
-n numeric output for -rparent
-R Retry operation if master is busy


Do I need to put the path... and domain??
 
starboardman said:
% sudo niutil -destroy 12
niutil: insufficient number of arguments for -destroy

Do I need to put the path... and domain??
Click to expand...

Careful... don't get ahead of the game, yer gonna make him mad :mad: again.

Just post the results of

niutil -list . /users
 
simbalala said:
Careful... don't get ahead of the game, yer gonna make him mad :mad: again.

Just post the results of

niutil -list . /users
Click to expand...
I see which ones to "destroy" but the command doesn't work, there are two blank users and one with "*"s
 
Instead of this:

sudo niutil -destroy 12

try

sudo niutil -destroy 12 -P <password>

Where <password> is your password

- or -

sudo niutil -destroy 12 -p

and it should prompt you for your password
 
well lurk, there is no pw requested when you enable root for the first time, so the first one to do it gets to pick the pw. so if some one sits down to your machine or some how gets in remotely and you havn't done this, they can and then have more power over your mac then you. maybe its just me being parinoid, but i had a friend that was the admin at a company that adopted os x very early and when i first got os x on my 7500, he came over and that was the first thing he had me do, enable root and set the pw to protect me from hackers over the net, then he showed me all the other cool things os x does. so i have always done it sence.
 
sinclair_tm said:
well lurk, there is no pw requested when you enable root for the first time, so the first one to do it gets to pick the pw. so if some one sits down to your machine or some how gets in remotely and you havn't done this, they can and then have more power over your mac then you.
Click to expand...

Well, that makes sense. If you lend or someone learns your (admin) account/password and they're malicious they could set the root password and you then would not be able to change it in the future. They could hijack the machine at any time.
 
You must log in or register to reply here.
Back
Top