Hi, I was playing around with the terminal utility of my Mac and suddenly remembered that since the back-end uses Unix, then it has a root user so i immediately typed su root and i got prompted with a password, and was amazed, where in the box can I find the password for the root??? since my user is an admin account, i can easily do a sudo su - and login using my account password and voila! i'm root. but i believe this is a potential security flaw if i do not know what is the password of the one, the most powerful root
root user is disabled by default. So you don't have anything to fear. If for some reason you need to be logged in as root, here's how to activate it: http://docs.info.apple.com/article.html?artnum=106290
sudo is actually a layer to protect the root account - and is not a security flaw the way I see it. Just make sure you keep your admin account separate for maintenance from your usual account that you use everyday. This way, treat your admin account as root.
cool! it's nice to hear that the root is disabled by default. i'll have it activated tonight. security flaw <- im referring to myself because i don't know the root password
haha. why would you consider it a security flaw if you don't know the password? You're not running a server and sudo would be sufficient. In fact, since the Mac OS X is pretty much a well thought-of *Nix system you can depend on SUDO. You may have a different need though but even to the extreme of using server applications in a non-Mac OS X Server Mac, I don't actually intend in running processes in root.
my impression is that i may have missed the process of setting up the root password or there is a default password for root, ala PIN code or PUK for cellphones hehehe now i really believe that Mac OS X is secure! yap sudo will do for me, but it won't hurt securing the root as well hehehe
i'm not sure if what i'm saying is entirely correct but os x allows you to set the root password the fIrst time without asking for any password. once it's set and you change the password again, it'll ask for the password that you previously set. the only way to prevent others from doing this is to set it yourself.
Running OS X as root is dangerous. You can accidentally erase system files without prompts and wonder why your mac won't boot on your next startup...
nope i won't run on OS X as a root user. this is mainly for administration. i've been handling unix and linux servers for quite a long time now and quite knowleagable on what it can do.
Honest question: Why'd you feel the need to enable root? I've been doing tons of software development and power user stuff (modding stock apps, for instance) on OS X for years now and I've never once, ever, had to "su root".
Even in Linux or *Nix flavors, it always is best practice to avoid using root when running processes/apps. SUDO is preferable, really.
Hi, If you were to look at it at a different perspective, i actually “disabled” root by giving it a different credential aside from its default, which is disabled. Imagine someone using your computer and got to enable the root password without your knowledge, he/she could instantly gain access to your mac if you are on a network by using any exploit. It gives me security that I know that no one will be able to change the root account itself because I’ve already given it a non-default credential. You could liken this to software updates of your OS. You could stay with the default package and wait to be attacked by hackers. Or you could update your software to the nondefault, and be safe. In our company, not even our System Administrator is knowledgeable of the root password, they have sudo roots, but not the root. The root password is kept safely in a vault. We consider this as a best practice in alignment with ISO standards. Now setting the scale down to my macbook, I kept the root hidden somewhere and will just use my access for normal day to day stuff. This is more of a security issue for me. My macbook is connected more than 8 hours per day on the internet and I’m not that confident on its firewall yet, as I haven’t mastered it. Some of the important security measures I made were disabling sharing for non-essential services, password authentication, and installation of virus scanner (clamxav)
i just asked our Security Administrator, and as advised, default is not the best practice. the root should be enabled and given a different credential/password.
the only use for root ive ever had for mac os x is for deleting pesky files that refuse to be deleted from finder. other than that, no other purpose really.
I agree with Lamski. I suggest that you have to use only the root user for specific purposes like troubleshooting or installing certain applications that will ask for the root user to be activated.
mmm just to clarify, i'm quite bothered by the way people are replying here when my only objective is to enable root so i can change the password to avoid a potential security issue
See, from what I understand - root is disabled by default. So, it doesn't really have a 'default' password - it has no password which is more secure because that totally prevents login as root. At least, this is how I understand disabled accounts in *nix to work. A blank password ("") is not the same as an empty password hash value (in /etc/shadow). The former will let anyone who knows the default, empty password in. The latter will totally prevent login. (It does not, however, prevent "sudo su" - but having a password for root won't prevent that either.)
