root user for Mac OS X

Discussion in 'OS X and OS X Apps' started by viral_variance, Apr 10, 2008.

  1. viral_variance

    Joined:
    Mar 16, 2008
    Messages:
    512
    Likes Received:
    0
    Gender:
    Male
    Hi,

    I was playing around with the terminal utility of my Mac and suddenly remembered that since the back-end uses Unix, then it has a root user

    so i immediately typed su root and i got prompted with a password, and was amazed, where in the box can I find the password for the root???

    since my user is an admin account, i can easily do a sudo su - and login using my account password and voila! i'm root.

    but i believe this is a potential security flaw if i do not know what is the password of the one, the most powerful root
     
  2. coffeelover

    coffeelover Member

    Joined:
    Apr 19, 2004
    Messages:
    448
    Likes Received:
    3
  3. bacchus_3

    bacchus_3 PhilMUG Addict Member

    Joined:
    Apr 29, 2007
    Messages:
    4,804
    Likes Received:
    310
    Gender:
    Male
    sudo is actually a layer to protect the root account - and is not a security flaw the way I see it. Just make sure you keep your admin account separate for maintenance from your usual account that you use everyday. This way, treat your admin account as root.
     
  4. viral_variance

    Joined:
    Mar 16, 2008
    Messages:
    512
    Likes Received:
    0
    Gender:
    Male
    cool! it's nice to hear that the root is disabled by default. i'll have it activated tonight.

    security flaw <- im referring to myself because i don't know the root password :D
     
  5. bacchus_3

    bacchus_3 PhilMUG Addict Member

    Joined:
    Apr 29, 2007
    Messages:
    4,804
    Likes Received:
    310
    Gender:
    Male
    haha. why would you consider it a security flaw if you don't know the password? You're not running a server and sudo would be sufficient. In fact, since the Mac OS X is pretty much a well thought-of *Nix system you can depend on SUDO.

    You may have a different need though but even to the extreme of using server applications in a non-Mac OS X Server Mac, I don't actually intend in running processes in root.
     
  6. viral_variance

    Joined:
    Mar 16, 2008
    Messages:
    512
    Likes Received:
    0
    Gender:
    Male
    my impression is that i may have missed the process of setting up the root password or there is a default password for root, ala PIN code or PUK for cellphones hehehe :D

    now i really believe that Mac OS X is secure!

    yap sudo will do for me, but it won't hurt securing the root as well hehehe :D
     
  7. kaotep

    kaotep Active Member

    Joined:
    Apr 22, 2005
    Messages:
    343
    Likes Received:
    35
    Location:
    Lapu-Lapu City
    i'm not sure if what i'm saying is entirely correct but os x allows you to set the root password the fIrst time without asking for any password. once it's set and you change the password again, it'll ask for the password that you previously set.

    the only way to prevent others from doing this is to set it yourself.
     
  8. alistair

    alistair Member

    Joined:
    Feb 11, 2005
    Messages:
    931
    Likes Received:
    0
    Location:
    Makati
    Just don't, ever, ever, do:
    Code:
    sudo rm -rf /
     
  9. kaotep

    kaotep Active Member

    Joined:
    Apr 22, 2005
    Messages:
    343
    Likes Received:
    35
    Location:
    Lapu-Lapu City
    @alistair - hahaha i did an "\rm -rf ." once. i forgot i was at the '/' directory LOL!
     
  10. lamski

    lamski PhilMUG Addict Member

    Joined:
    May 8, 2005
    Messages:
    2,828
    Likes Received:
    432
    Location:
    Makati, Philippines
    Running OS X as root is dangerous. You can accidentally erase system files without prompts and wonder why your mac won't boot on your next startup...
     
  11. viral_variance

    Joined:
    Mar 16, 2008
    Messages:
    512
    Likes Received:
    0
    Gender:
    Male
    nope i won't run on OS X as a root user. this is mainly for administration. i've been handling unix and linux servers for quite a long time now and quite knowleagable on what it can do.
     
  12. viral_variance

    Joined:
    Mar 16, 2008
    Messages:
    512
    Likes Received:
    0
    Gender:
    Male
    yahoo!!! finally enabled my root. now its time to keep my password list safe hehe
     
  13. alistair

    alistair Member

    Joined:
    Feb 11, 2005
    Messages:
    931
    Likes Received:
    0
    Location:
    Makati
    Honest question: Why'd you feel the need to enable root?

    I've been doing tons of software development and power user stuff (modding stock apps, for instance) on OS X for years now and I've never once, ever, had to "su root".
     
  14. bacchus_3

    bacchus_3 PhilMUG Addict Member

    Joined:
    Apr 29, 2007
    Messages:
    4,804
    Likes Received:
    310
    Gender:
    Male
    Even in Linux or *Nix flavors, it always is best practice to avoid using root when running processes/apps. SUDO is preferable, really.
     
  15. viral_variance

    Joined:
    Mar 16, 2008
    Messages:
    512
    Likes Received:
    0
    Gender:
    Male
    Hi,

    If you were to look at it at a different perspective, i actually “disabled” root by giving it a different credential aside from its default, which is disabled. Imagine someone using your computer and got to enable the root password without your knowledge, he/she could instantly gain access to your mac if you are on a network by using any exploit.

    It gives me security that I know that no one will be able to change the root account itself because I’ve already given it a non-default credential.

    You could liken this to software updates of your OS. You could stay with the default package and wait to be attacked by hackers. Or you could update your software to the nondefault, and be safe.

    In our company, not even our System Administrator is knowledgeable of the root password, they have sudo roots, but not the root. The root password is kept safely in a vault. We consider this as a best practice in alignment with ISO standards. Now setting the scale down to my macbook, I kept the root hidden somewhere and will just use my access for normal day to day stuff.

    This is more of a security issue for me. My macbook is connected more than 8 hours per day on the internet and I’m not that confident on its firewall yet, as I haven’t mastered it. Some of the important security measures I made were disabling sharing for non-essential services, password authentication, and installation of virus scanner (clamxav)
     
  16. viral_variance

    Joined:
    Mar 16, 2008
    Messages:
    512
    Likes Received:
    0
    Gender:
    Male
    i just asked our Security Administrator, and as advised, default is not the best practice. the root should be enabled and given a different credential/password.
     
  17. kaotep

    kaotep Active Member

    Joined:
    Apr 22, 2005
    Messages:
    343
    Likes Received:
    35
    Location:
    Lapu-Lapu City
    the only use for root ive ever had for mac os x is for deleting pesky files that refuse to be deleted from finder. other than that, no other purpose really.
     
  18. acid

    acid Member

    Joined:
    Mar 4, 2008
    Messages:
    478
    Likes Received:
    2
    Gender:
    Female
    Location:
    Quezon City
    I agree with Lamski. I suggest that you have to use only the root user for specific purposes like troubleshooting or installing certain applications that will ask for the root user to be activated.
     
  19. viral_variance

    Joined:
    Mar 16, 2008
    Messages:
    512
    Likes Received:
    0
    Gender:
    Male
    mmm just to clarify, i'm quite bothered by the way people are replying here when my only objective is to enable root so i can change the password to avoid a potential security issue :)
     
  20. alistair

    alistair Member

    Joined:
    Feb 11, 2005
    Messages:
    931
    Likes Received:
    0
    Location:
    Makati
    See, from what I understand - root is disabled by default. So, it doesn't really have a 'default' password - it has no password which is more secure because that totally prevents login as root.

    At least, this is how I understand disabled accounts in *nix to work. A blank password ("") is not the same as an empty password hash value (in /etc/shadow). The former will let anyone who knows the default, empty password in. The latter will totally prevent login.

    (It does not, however, prevent "sudo su" - but having a password for root won't prevent that either.)
     
    #20 alistair, Apr 17, 2008
    Last edited: Apr 17, 2008

Share This Page

  • About PhilMUG

    Since the mid-1990s, PhilMUG (formerly the Philippine Macintosh Users Group) has grown to become not just the Philippines’ but one of the world’s foremost Apple user groups. Our online community brings together thousands of members from the Philippines and around the world for the latest news and discussions covering all Apple products and related hardware and software. Anyone can join PhilMUG, from newbies to experts, subject to our membership rules and guidelines.
  • Like us on Facebook

  • Buy us a beer!

    The staff works very hard to make sure that PhilMUG is running 24/7. Care to buy us a beer or help out with our hosting fees? We'd really appreciate it!

    Donate to us!