Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Login as Root User

0 views
Skip to first unread message

Carl J. Niedermeyer

unread,
Dec 26, 2003, 7:18:26 PM12/26/03
to
How does one log in as a root user?

Thanks,

Carl

Paul Mitchum

unread,
Dec 26, 2003, 7:51:04 PM12/26/03
to
Carl J. Niedermeyer <ca...@halcyon.com> wrote:

> How does one log in as a root user?

You have to enable the root user.
<http://makeashorterlink.com/?N2DE155E6> tells how.

You can also use su or sudo.

Carl J. Niedermeyer

unread,
Dec 26, 2003, 11:50:10 PM12/26/03
to
In article <1g6l2lj.1d0smqqjjfyhsN%use...@mile23.com.r3m0v3>,
use...@mile23.com.r3m0v3 (Paul Mitchum) wrote:

Paul,

Thanks for the info and link.

Carl

Charles Martin

unread,
Dec 29, 2003, 1:37:05 AM12/29/03
to
In article <carln-1B0BCD....@brokaw.wa.com>,

"Carl J. Niedermeyer" <ca...@halcyon.com> wrote:

> How does one log in as a root user?

One *really* shouldn't do that.
--
Cheers,
_Chas_
http://www.apple.com/switch
non-spammers can write to chasm at mac (dot com)

Tony Lawrence

unread,
Dec 29, 2003, 7:22:11 AM12/29/03
to
Carl J. Niedermeyer <ca...@halcyon.com> wrote:
>How does one log in as a root user?

Well, first you need root to have a password. You do that with
System Preferences -> Security -> Enable Root User or simply
"sudo passwd root" at a Terminal prompt (you give your password
first, then assign the root password).

After this, you can "su -" to become root in Terminal, or you can
actually log out and log in as root (assuming you've set the
Accounts preferences to show users (choose "Other" to login as root)

--
to...@aplawrence.com Unix/Linux/Mac OS X resources: http://aplawrence.com
Get paid for writing about tech: http://aplawrence.com/publish.html


Tom Stiller

unread,
Dec 29, 2003, 7:36:24 AM12/29/03
to
In article <bsp69j$374$2...@pcls4.std.com>,
Tony Lawrence <a...@shell01.TheWorld.com> wrote:

> Carl J. Niedermeyer <ca...@halcyon.com> wrote:
> >How does one log in as a root user?
>
> Well, first you need root to have a password. You do that with
> System Preferences -> Security -> Enable Root User or simply
> "sudo passwd root" at a Terminal prompt (you give your password
> first, then assign the root password).

You can't enable the root user with a System Preferences panel; it's
done with the NetInfo Manager utility in /Applications/Utilities.

Be advised that if you enable the root user with 'sudo passwd root", you
will have a difficult time disabling it should you want to.


>
> After this, you can "su -" to become root in Terminal, or you can
> actually log out and log in as root (assuming you've set the
> Accounts preferences to show users (choose "Other" to login as root)

You can always become root in the Terminal by entering 'sudo su -".
Unless you need/want to be root with a GUI, there's no need to enable
the root account.

--
Tom Stiller

PGP fingerprint = 5108 DDB2 9761 EDE5 E7E3
7BDA 71ED 6496 99C0 C7CF

Tony Lawrence

unread,
Dec 29, 2003, 7:53:36 AM12/29/03
to
Tom Stiller <tomst...@comcast.net> wrote:
>In article <bsp69j$374$2...@pcls4.std.com>,
> Tony Lawrence <a...@shell01.TheWorld.com> wrote:

>> Carl J. Niedermeyer <ca...@halcyon.com> wrote:
>> >How does one log in as a root user?
>>
>> Well, first you need root to have a password. You do that with
>> System Preferences -> Security -> Enable Root User or simply
>> "sudo passwd root" at a Terminal prompt (you give your password
>> first, then assign the root password).

>You can't enable the root user with a System Preferences panel; it's
>done with the NetInfo Manager utility in /Applications/Utilities.

Right, sorry..

>Be advised that if you enable the root user with 'sudo passwd root", you
>will have a difficult time disabling it should you want to.

True enough. Though I don't agree with Apple's philosophy on
this being disabled to start with.

>You can always become root in the Terminal by entering 'sudo su -".
>Unless you need/want to be root with a GUI, there's no need to enable
>the root account.


I'd rather have a root password than depend on sudo. Really,
that's all "enabling" means here: having a password you can use rather
than something you can only get at through the grace of sudo.

You could perhaps argue that if a weak password is used, you might have
been better off leaving it as it was, but if your admin account is
weak also you didn't add much insecurity to what was already there.
So what's the point?

Not that needing root in any way at all comes up very often, of course.

Tony Lawrence

unread,
Dec 31, 2003, 7:57:24 AM12/31/03
to
"Michael wrote:
>In article <bsp84g$374$3...@pcls4.std.com>,
> Tony Lawrence <a...@shell01.TheWorld.com> wrote:

>> Tom Stiller <tomst...@comcast.net> wrote:
>> >In article <bsp69j$374$2...@pcls4.std.com>,
>> > Tony Lawrence <a...@shell01.TheWorld.com> wrote:
>>
>> >> Carl J. Niedermeyer <ca...@halcyon.com> wrote:
>> >> >How does one log in as a root user?
>> >>
>> >> Well, first you need root to have a password. You do that with
>> >> System Preferences -> Security -> Enable Root User or simply
>> >> "sudo passwd root" at a Terminal prompt (you give your password
>> >> first, then assign the root password).
>>
>> >You can't enable the root user with a System Preferences panel; it's
>> >done with the NetInfo Manager utility in /Applications/Utilities.
>>
>> Right, sorry..
>>
>> >Be advised that if you enable the root user with 'sudo passwd root", you
>> >will have a difficult time disabling it should you want to.
>>
>> True enough. Though I don't agree with Apple's philosophy on
>> this being disabled to start with.

>Perhaps you haven't been paged to come into the office because the evil
>developer hosed their system by deleting files they didn't think were
>needed, like /lib/ld.so on Solaris. All the dynamically linked
>applications on the system like cp, ls, mv, etc. fail when the file is
>not present. It's easy enough to recover from if you have the install
>media, but fixing someone's dumb mistake at 3am on Sunday morning
>doesn't make one's mood any lighter.

So? Anyone can cause just as much damage with "sudo".

>>
>> >You can always become root in the Terminal by entering 'sudo su -".
>> >Unless you need/want to be root with a GUI, there's no need to enable
>> >the root account.
>>
>>
>> I'd rather have a root password than depend on sudo. Really,
>> that's all "enabling" means here: having a password you can use rather
>> than something you can only get at through the grace of sudo.

>Since there's no need to ever login as root on MacOS X, why do you
>prefer it? It can't be tracked as well as sudo access. It provides a
>very high _oops_ factor. Unless you run daily backups on your systems,
>how do you recover files that get accidently deleted by root (no, Norton
>doesn't work very well on MacOS X).

Never say never. If sudo broke, you would need to login as root.

>The only reason I ever logged in as root on Solaris systems was to get
>into single-user mode and repair a disk with fsck. Since no password is
>required on MacOS X, why do you feel you need root access over something
>that's more secure?


You HAVE root access now. All I'm saying is that I'd rather be able
to use it directly than depend on sudo.


>>
>> You could perhaps argue that if a weak password is used, you might have
>> been better off leaving it as it was, but if your admin account is
>> weak also you didn't add much insecurity to what was already there.
>> So what's the point?
>>
>> Not that needing root in any way at all comes up very often, of course.

>Having been a sysadmin for over 10 years, I find my job much harder if a
>site allows users have root access on their desktop systems. The only
>place this wasn't the case was at SUN. Those people knew fully well
>what root could do and guarded their root password very carefully.

I've worked on Unix systems for over 20 years now. There
are times you need root. My experience is probably different than
yours because my primary business is troubleshooting: broken systems
that aren't booting, services not running etc. Generally, you
need root access.

>It's much easier at sites where root access is available to those who
>know what it can do and respect it. I don't feel average users should
>want or need root access. sudo gives them access to a root shell if
>they want and it logs this access in /var/log/syslog.log.

I don't disagree. But setting a root password that the system owner
or main admin or MIS or mufwic has doesn't change any of that:
ordinarily people use sudo, but the password is there if need be.

>At other sites, if anytime an engineer wanted root access and pushed the
>fact that he needed it 'to get his job done', we sugested that he also
>join the on-call rotation and respond to outages after hours. That was
>usually enough to quiet them down--their manager didn't want them doing
>_our_ job but the job they were hired for.

So?

>It might be that the OP (and some other posters) is a "maximizer" rather
>than a "satifizer" when it comes to making choices. Maximizers always
>want the best and search long and hard to get it. Satifizers settle for
>"does the job and is good enough". sudo is 'good enough'.

Seems dumb to me to be totally dependent on su. Would you really
run your personal machine that way? I sure as hell won't.

Understand I am NOT arguing against sudo. Properly setup, it's
a wonderful tool for giving the power you want to sub-admins and
even co-admins get benefit from using it. But that doesn't mean
that I'd lock myself out of root entirely as Apple has done. This
is an area where they did it wrong, just like having tcsh as the
default shell.

Tony Lawrence

unread,
Jan 1, 2004, 8:24:05 AM1/1/04
to
"Michael wrote:

>It's the nature of root, regardless of if you're accessing the machine
>directly from the console logged in as root, or telnetting into the
>system as root [generally a Really Bad Idea(tm)], or using su (which
>leaves only a date/timestamp in syslog but not _what_ you did, or using
>sudo, which leaves more tracks.

I am NOT arguing against the usefulness of sudo. It's a wonderful
thing. I am arguing against not having a root password available
for the emergency case where it could be needed: for example,
when sudo is broken!

>If sudo broke, you wouldn't be able to login as root anyway. It's a
>program that's set with SUID that validates the users password, checks
>what they're authorized to do from /etc/sudoers, and then forks the
>process as root. If you can't fork processes and there are not terminal
>sessions already logged in as root, you're hosed anyway.

If that's the way the Mac OS X login process works, then they are
absolute IDIOTS to have done it that way. Can you refer me to
some documentation on that? I don't want to go around thinking
they are horses asses just on the basis of this thread.

Never mind: I just checked by using Fast User Switching (love
that!) and "ls -lut /usr/bin/sudo" and it looks like you are
right. I don't want to make the experiment of breaking sudo
to see if there's a failsafe :-)

I'd still like to see any docs if you know of any.. just curiousity.

>> run your personal machine that way? I sure as hell won't.

>Yes, I do and I've _been_ dumb on some occasions. After shooting myself
>in the foot often enough when logged in as root, I figure it easier to
>be the normal user. If I need to do stuff to the local webserver, I
>sudo a root shell. But, I also do regular backups to tape.

Well, of course. I think I logged in as root on my Mac exactly
once - to make sure it worked.

>>
>> Understand I am NOT arguing against sudo. Properly setup, it's
>> a wonderful tool for giving the power you want to sub-admins and
>> even co-admins get benefit from using it. But that doesn't mean
>> that I'd lock myself out of root entirely as Apple has done. This
>> is an area where they did it wrong, just like having tcsh as the
>> default shell.

>A default shell is like a choice in cars or how you make beef stew.
>Everyone has an opinion on which one is best. It's your system. Change
>it if you don't like it. It's not like HP/UX which won't shutdown or
>boot without the right shell.

That's not why I say it was dumb. Of course if you have a csh-like
background, you'd use tcsh. But new Terminal users (which is probably
most of the Mac population) shouldn't. The primary reason a Mac
person is going to use Terminal is for writing scripts, and csh and
all of its descendants are poor choices for that. As bash is
every bit as user friendly as tcsh (for someone not coming from
a csh background of course) and has the scripting and file descriptor
handling that the csh shells lack, that's what they should have for
a default shell. It seems that Apple corrected that mistake in Panther.

>You have the skills and knowledge to know what root can do. I would
>rather my mother or teenage nephew not have root, though. Protecting
>people from theselves must be done "delicately or you hurt the spell"
>and people can't get work done. You also won't be calling me at 2am to
>restore a file you've deleted, right?

Again, anything root can do, sudo lets the admin do. So there's
no point in arguing about your Mom: if she's the Admin of her iBook,
she can do damage if she wants to.

Jerry Kindall

unread,
Jan 1, 2004, 1:34:10 PM1/1/04
to
In article <bt171k$l8m$1...@pcls4.std.com>, Tony Lawrence
<a...@shell01.TheWorld.com> wrote:

> The primary reason a Mac
> person is going to use Terminal is for writing scripts

Erm, really? I would wager that 99.44% of Mac users primarily use the
Terminal to paste in incantations they have found on the Internet and
in magazines, or for running simple commands like ssh, top, netstat,
and whois. The only shell script I've ever written on my Mac is a
.login script, and the main thing it contains is command aliases and
thus would work equally well in any shell.

99.44% is of course the reputed purity of Ivory soap, which I
habitually use as a synonym for "the vast majority," not a real guess
at the proportion of Mac users who rarely write scripts. But I would
imagine that 0.56% is pretty close to the number of Mac users who
frequently write shell scripts. Even "real" Unix geeks don't do that
anymore -- they use Perl, or maybe Python or, if they're really on the
cutting edge, Ruby.

In any case, if you want to use bash for scripting, it is trivial to do
so even if your primary shell is something else.

--
Jerry Kindall, Seattle, WA <http://www.jerrykindall.com/>

Send only plain text messages under 32K to the Reply-To address.
This mailbox is filtered aggressively to thwart spam and viruses.

Tony Lawrence

unread,
Jan 1, 2004, 5:02:07 PM1/1/04
to
Jerry Kindall <jerryk...@nospam.invalid> wrote:
>In article <bt171k$l8m$1...@pcls4.std.com>, Tony Lawrence
><a...@shell01.TheWorld.com> wrote:

>> The primary reason a Mac
>> person is going to use Terminal is for writing scripts

>Erm, really? I would wager that 99.44% of Mac users primarily use the
>Terminal to paste in incantations they have found on the Internet and
>in magazines, or for running simple commands like ssh, top, netstat,
>and whois. The only shell script I've ever written on my Mac is a
>.login script, and the main thing it contains is command aliases and
>thus would work equally well in any shell.

OK - then they are mostly going to find sh scripts. But if that is all
they use it for, then it doesn't matter to them what their default
shell is, so again it should NOT be tcsh.

>99.44% is of course the reputed purity of Ivory soap, which I
>habitually use as a synonym for "the vast majority," not a real guess
>at the proportion of Mac users who rarely write scripts. But I would
>imagine that 0.56% is pretty close to the number of Mac users who
>frequently write shell scripts. Even "real" Unix geeks don't do that
>anymore -- they use Perl, or maybe Python or, if they're really on the
>cutting edge, Ruby.

Oh, nonsense. Of course we use Perl or whatever for more complex
scripts but simple shell scripts and one liners are an every day
thing.

>In any case, if you want to use bash for scripting, it is trivial to do
>so even if your primary shell is something else.

But why learn two shells? If you come from the csh world, you need
to learn sh to do any useful scripting. Why bother? Learn one,
and be done with it. Tcsh was a dumb choice as a default shell and
it's good that somebody woke up and changed it.

Tony Lawrence

unread,
Jan 2, 2004, 8:43:18 AM1/2/04
to
"Michael wrote:

>Strangely, I like doing Q&D command line hacks in csh-style syntax but
>find the sh-style syntax a pain at the console. I think you have to
>learn both shell's syntax. What's the biggie? The other newer stuff
>like python and ruby is to much. I'm happy with perl and vi (or bbedit
>on the Mac). I don't need emacs nor want to spend the time learn all
>the great features. I used it some years ago on ITS systems at MIT
>(when it was written in TECO), but it's way more than I need.

Remember, I am NOT arguing that those who like csh syntax shouldn't
use it. If that's what you've become accustomed to, that's what you
should use.

I'm saying that in today's world, a new user should be given a bash
shell. I'll even add a caveat to that: unless they are in an
environment where the person supporting them prefers some other
shell. But for Misc. New Mac OS X user, they should have bash if
they are going into the terminal at all.

They won't need to learn two shells, and should they ever find themselves
at a command line in some other Unix/Linux system, the overwhelming
likelihood is that it will be bash or sh/ksh. Bash is every bit
as user friendly for the new user - I could even argue that it is
MORE friendly - and we alll know that 99% or more of useful
shell scripts will not be csh/tcsh. There is no reason to learn
csh because you'll never, ever be in an environment where you
have to know it.

0 new messages