DealsOnTheWeb Daily Deal: OneCall's Weekend Sale - 20 Great Items at Great Prices All Weekend Long
TMO Quick Tip - Leopard: Lock Down Your Root User
by , 7:30 AM EDT, June 13th, 2008
I've mentioned before why it's important to protect your Mac's Root user and explained how Mac OS X 10.4 users can assign a password to their Root user. The steps are different in Mac OS X 10.5, but they aren't any more difficult.
Just like in Tiger, Leopard's Root user is disabled by default, but does not have a password. Assigning a password to your Root user adds an extra layer of protection, which is a great idea because anyone that gains Root-level control over your Mac can do anything they want -- including deleting files, adding and removing applications, and changing settings without your knowledge.
 Use Directory Utility to set your Root user password. |
|---|
Here's how to add a password to your Root user account in Leopard:
- Launch Directory Utility. It's hiding in Applications/Utilities.
- CLick the padlock in the lower left of the application's window, and enter your administrator user name and password to authenticate.
- Select Edit > Enable Root User.
- Enter a password for your root user, and make sure it isn't a password that you are already using for another account on your Mac.
- Click OK.
- Now select Edit > Disable Root User.
- Click the padlock to prevent any other changes.
 Enable the Root user so you can assign a password. |
|---|
 Enter a password for your Root user. |
|---|
Password protecting and disabling your Mac's Root user won't protect you from every possible attack, but it is one piece in the bigger security puzzle.
Jeff Gamet is TMO's Morning Editor and Reviews Editor. He lectures, teaches and speaks on Mac OS X and design-related topics, and is the author of The Designer's Guide to Mac OS X from Peachpit Press.
if you have tips or tricks to share, or Mac-related questions you want answered.
Observer Comments
Adding a password to a disabled account does nothing. It is not an "extra layer" and to claim so using visual language is misleading. The password only serves as a means of providing authentication assuming authentication is even checked. If a process is already running as root (uid 0), it is not going to get checked for a password just because you've added one.
For example, one may add a public key to the authorized_keys file within the root home directory to allow login as root via SSH. In this case the authentication is provided by possessing the matching private key. The password will not be checked and you are never prompted for it regardless of whether you've set one or not.
Secondly, the pathway to root does not need to be via the root account. Any administrator whose password you can guess gives you a root shell via "sudo". Disabling the root account and/or setting a password on it does not prevent access to root privileges here either.
Recent Headlines - Updated Friday, October 10th, 2008
- Fri., 7:00 PM
- iPO Free on iTunes - Clone Wars, Spaceballs, Silverman, And More
- 5:15 PM
- John Hodgman Hosts SPAMasterpiece Theater
- 4:05 PM
- CNET: Apple's New Notebooks Had Better be Pretty
- 2:00 PM
- Analyst: AAPL Has Hit Rock Bottom
- 12:55 PM
- Ballmer: Macs Don't Get the Full MS Office, Don't Work in Business
- 11:15 AM
- DocHaven 3 Adds Project History, More
- 10:35 AM
- iPodObserver - iPod touch Wins T3 Gadget of the Year Award
- 10:05 AM
- Hot Forum Topic - Apple's Special Laptop Event
- 9:40 AM
- FileWave 3.6 Improves File Distribution Support
- 9:10 AM
- Apple to Replace Defective MacBook Pro Video Chips
- 8:45 AM
- iPO Just a Thought - iPhone Whine and Cheese
- 8:15 AM
- Billings 3 Gets a $20 Price Cut
- 7:40 AM
- QuickerTek Unveils Apple Juicz Charger for MacBook Pro
The Mac Observer Reader Specials
- Download Typestyler, still the Ultimate Styling Tool for Internet, Print and Video Graphics. Works great in Classic with a Native OS X Version on the way. Free Tryout: www.typestyler.com
- OWC: NewerTech NuPower Batteries for iBook and PowerBooks Designed+Built in USA to run longer, LAST LONGER TOO! Free Battery Recycling Return Label; Quality High-Capacity from $99.95
MacPro Memory 667Mhz With Apple Spec Heat Sink 2GB $ 82 / 4GB $128 / 8GB $256 - Click to Maximize your Macs...
Mac observers can now play Party Poker for Mac as well as Mac casino games by going to MacPokerOnline.com.
RamJet Memory: Mac Pro FB-DIMMs: 2Gig kit $95, 4Gig Kit $179, 8Gig Kit $355! MacBook 2Gig Kit $78, 4Gig Kit $149! Click hereFor the latest Apple products use Ciao a comparison website to find laptops like MacBook Air. Then find the best prices on MP3 players and use our comparison tool to evaluate cell phones.
Laptop Hardware Provided by TechRestore - Overnight Mac & iPod Repairs.
LA ComputerCompany's Apple Care Deals - Starting from $55.00 
iPod Replacement Batteries from $6.00 
Micro (R/C) Remote Control Helicopter: $13.99 Delivered 
Panasonic DMP-BD30K Blu-ray Disc Player: $259.99 Delivered 
Garmin nuvi 270 Portable GPS System w/ 3.5" LCD Touch Screen & Preloaded Maps: $179.99 Delivered - $10 Drop 
