The Mac Observer

Skip navigational links

Choose text size: Select small text. Select medium text. Select large text.

You're viewing an article in TMO's historic archive vault. Here, we've preserved the comments and how the site looked along with the article. Use this link to view the article on our current site:
Lock Down Your Root User

TMO Quick Tip - Lock Down Your Root User

by , 7:30 AM EDT, September 24th, 2007

Mac OS X may sport a friendly user interface, but it is harboring a Unix core underneath. That means the security steps Unix pros take can apply to regular Mac users as well including making sure that root, the ultimate power user on your computer, is under your control and no one else's.

By default, the root user on your Mac is disabled, but it doesn't have a password set, which is a potential security weak point. Setting a password makes it that much more difficult for bad guys to try to hack into your Mac.

I added a password to my root user account, and I also keep that user disabled. Here's how:

  • Launch NetInfo Manager. It's in Applications/Utilities.

    • NetInfo Manager
  • Click the padlock in the NetInfo Manager window and enter your administrator user name and password.
  • Choose Security > Enable Root User.

    • Enable your root user.
  • You should see an alert dialog telling you that your root user password is blank. Click OK.

    • Your Mac lets you know if you haven't set a root password yet.
  • Enter a password for your root user. Make sure it isn't a password that you are already using for another account on your Mac. Now click OK.

    • Enter a unique password for your root user.
  • Choose Security > Disable Root User.

    • Disable your root user.
  • Enter your administrator user name and password and click OK.
  • Click the padlock in the NetInfo Manager window to prevent any other changes.

Locking down your root user is important because anyone that gains root access to your Mac can do anything they want including deleting files or user accounts, installing applications without your knowledge, and siphoning off any information they want from your hard drive. That isn't likely to happen, but taking steps to help insure that it won't happen is a pretty good idea.

Jeff Gamet is TMO's Morning Editor and Reviews Editor. He lectures, teaches and speaks on Mac OS X and design-related topics, and is the author of The Designer's Guide to Mac OS X from Peachpit Press.

if you have tips or tricks to share, or Mac-related questions you want answered.

Observer Comments

Show: Subjects Only | Full Comments
Close Name:geoduck Posts: 1922 Joined: 30 Dec 2003
Mon Sep 24, 2007 8:01 am Subject:

Wow, I just assumed that making sure Root was disabled was enough. I guess I'll be working on my three machines tonight. thanks for the tip.


 Reply | Quote
Close Name:Guest
Mon Sep 24, 2007 9:39 am Subject: remember?

what happens if you forget your root user password. Is it kept in keychain?


 Reply | Quote
Close Name:brett_x Posts: 322 Joined: 24 Jan 2006
Mon Sep 24, 2007 11:51 am Subject: Good question, guest.

Quote
Guest wrote:
what happens if you forget your root user password. Is it kept in keychain?

No, it is not kept in any keychain. If you forget it, you have to boot to an OS X install CD and reset it. You can do that for any local OS X user account. If you're concerned about this ability, you should have an Open Firmware password that prevents booting from CD or any external device without [yet another] password.


 Reply | Quote
Close Name:Guest
Mon Sep 24, 2007 12:33 pm Subject:

Has anyone who is running Adobe CS3 tried this? CS3 installs as root user so that it can phone home under the radar. Check it out. On my machine CS3 is owned by System with RW access.


 Reply | Quote
Close Name:RGE Posts: 165 Joined: 16 Aug 2003
Mon Sep 24, 2007 4:32 pm Subject:

Could someone please explain how setting a password for the root account helps, if the root account is disabled anyway? The point isn't addressed in the article.


 Reply | Quote
Close Name:Guest
Mon Sep 24, 2007 5:46 pm Subject: Open Firmware password?

what is this?


 Reply | Quote
Close Name:LaurieF -   TMO Forum Mod Posts: 3547 Joined: 15 Jun 2001
Mon Sep 24, 2007 6:59 pm Subject:
Close Name:Guest
Mon Sep 24, 2007 11:54 pm Subject: Huh?

If the root account is disabled, then logging in as root is forbidden, and if someone hacks an admin account, he/she can elevate to root anyway, which also does not require the root account to be active, so I don't understand how this hint is applicable at all.....


 Reply | Quote
Close Name:Guest
Mon Sep 24, 2007 11:56 pm Subject: Also...

One can boot into single-user mode to reset too....


 Reply | Quote
Comment on this Article


Guest Posts Visible. Hide Them.
Back to top  Page 1 of 1    

You cannot edit your comments.   You cannot delete your comments.

Comments are currently closed. Please email the author instead.


Recent Headlines - Updated November 8th

Sat, 7:58 PM
News - Apple TV 3.0.1 Update Fixes Missing Content Bug
Fri, 7:45 PM
Rumor - Taiwan Leak Shows Verizon UTMS/CDMA iPhone for Q3 2010
6:40 PM
News - iPhone Moves Into RadioShack
6:30 PM
News - Apple to Open Stunning Paris Apple Store in Le Louvre on Saturday
5:43 PM
Free on iTunes - Dictionary, Dictionary, Dictionary, And More
4:09 PM
John Martellaro's Blog - Particle Debris (week ending 11/6) Failure IS an Option
3:32 PM
Games - The Latest App Store Games: Gravity Sling, RocketBird, Ground Effect, Checkers!
2:25 PM
Games - Star Soccer 2010 for Mac Puts Gamers in Role of Up-and-Coming Player
2:15 PM
How-To - The Mysteries of Rosetta Housekeeping
1:33 PM
News - iPhone Game Developer Sued for Collecting User’s Cell Numbers
1:17 PM
Games - Warhammer Online Expands Trial Play Option
11:19 AM
Rumor - Apple May Be Bringing RFID to the iPhone

The Mac Observer Reader Specials

  • TypeStyler For Mac OS X is Now Shipping! Download The Free Fully Functional 60 Day Tryout at www.typestyler.com
  • RamJet Memory: Mac Pro 8-core 8GB Kit $199.99, 4GB Kits $109.99! Sale on MacBook and MacBook Pro 8GB kits $549.99! New MacBook DDR3 2GB for $49.99. iMac and Mac mini 4GB Kits for $79.99! 1TB SATA Hard Drives for $109.99! Click here
  • OWC: Get the Right Memory for Your Mac Top Quality, Competitive Price, Lifetime Backed Free Expert Support + Installation Videos too! MacBook & mini 8GB, iMac 16GB, Mac Pro up to 32GB. Click here
  • Poker Mac If you're using a Mac, then you've gotta check out Full Tilt Poker for Mac. This Full Tilt Poker bonus code does the unthinkable, it actually rewards!

  • For the latest Apple products use Ciao, a price comparison website, to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate mobile phones like the Apple iPhone.

  • Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
  • __________
  • Buy Stuff, Support TMO!
  • Podcast: Mac Geek Gab
  • Podcast: Apple Weekly Report
  • TMO on Twitter!