"su" on MacOSx terminal

Zammy-Sam

Zammy-Sam

Desertchild
does anyone know if there is a difference between su-password (superuser) and password for login as administrator?

By su in the terminal I would like to have access to some adjustments like "xdm".
Trying to type my administrator-password didn't work.

So, where can I adjust my Superuser-password?

tnx!

Sam
 
hey dude, next time use the 'Search' button.

but no worries! Here's how you enable the root user:

Log into mac os x as your Admin user. Open the application located in /Applications/Utilities called 'NetInfo Manager'.

Click the small padlock in the lower left corner to authenticate yourself (if necessary).

Now, select the 'Domain' menu and under the 'Security' sub-menu, select 'Enable root user'

You can change the root password by selecting 'Change root password'.

This probably sounds like an insecure OS now. Let me explain why it isn't:

Mac OS X puts all admin-status members into a group called 'wheel'. Any user on the wheel group can type:
sudo command
and have the given command run as if the root user had typed it (enter YOUR password when prompted - try it).

All netinfo is doing is, by authenticating you, effectively acting as a GUI for sudo.

You can, for example:
sudo passwd root
and change root's password.

Bottom line, treat an admin (wheel) account as if its root. Don't give em out for free :)

hope that helpes!
 
Or you can type:

sudo /bin/tcsh

wow, their are so many ways too do this...

Justin

(I feel a little stupider after this post)
 
its actually important to enable the root user if you plan on running a shell as root. Thus, I think my statements were on-target with netinfo.
 
Because I don't think apple would have bothered to take us through the netinfo loop on http://kbase.info.apple.com if it wasn't necessary. Besides, with the root user enabled, you can finally actually log in as root (although this is disabled in most services defaultly).
 
But it isn't necessary.

Every time I ask you why you are doing something you say you should, or somebody told you that you should. It seems you don't know how to justify your own actions except in a grand circular fashion like stating you can now login as root (which is what su is for crist sakes!).

Maybe you can find a third way to say the reason to mess with netinfo is to login as root, and the reason you should mess with netinfo is to login as root.

Then I'll say it isn't necessary to login as root and the process can continue ad infinitum. All we need are more terms which when combined are analogous to "logging in as root".

C'mon people, think! What other terms can be combined to mean the same thing? Hrm..."assume the super user identity"..ok let's try this out:

s: But it isn't necessary. Why do you think it's important?

k: Because fred told would have never raked be through the coals if it really wasn't necessary. Did I mention that you can also assume the super user identity?

s: But it isn't necessary. Why do you think it's important?
 
There is no reason to enable root if you are just an ordinary user. Most all of the people that get their computer screwed up because of the CLI is because they were stupid enough to enable root and think that they are super powerful or something like that....

sudo works fine for nearly everything...

Justin
 
The sudo system is a perfect parallel to the su system, with variations -- i.e., if you take one approach, you never have to use the other. sudo -s is an identical statement, in terms of the resulting environment, to su (with the possible exception of some ENV settings).

I can install, configure, and administer a fully-functioned UNIX system with sudo. I have never enabled root login on my OS X machines. Our office's OS X server, which I administer, has never had su enabled. I would love to hear any situation in which su is necessary, or even preferable over sudo.
 
I don't see what the big deal is with Kilowatt posting his method of enabling the root user is ? Just because it's the same as sudo -s doesn't mean that the post was useless. There's More Than One Way To Do It, and perhaps someone has a valid reason to use his, even if enabling the root user via netinfo isn't the best idea for most people. It's good to know a variety of ways to accomplish a task.

Gimpy
 
I agree with you, up to a point. It's great to know all the ways to do something. I didn't write the "never necessary" post to discourage anyone from learning various ways to gain root. I did, however, back strobe up in his contention that it is never necessary to enable root, regardless of what you're trying to do.

The main advantage to disabling root and sticking to sudo, as a system administrator, is that whenever a user sudo's a process, that request is recorded in the sys log. This means that when you've got more than one person with access to root through sudo, you can actually track who does what at what time. (Note that sudo -s, followed by a series of commands as root, logs only the initial sudo -s -- so this approach is defeatable as well).

See? So from a security management standpoint, sudo is preferable. And I carry my admin practices down to individual machines, because what's good in a mission-critical administration scenario is good for my laptop. Is it necessary to stick religiously to the sudo approach? No, not at all. But it is preferable to encourage standard practices, and sudo is preferable to enabling root as a standard practice.
 
You must log in or register to reply here.
Back
Top