Go Back   MacRumors Forums > Archive > Archives of Old Posts > Mac OS X 10.3 (Panther) Discussion

 
 
Thread Tools Search this Thread Display Modes
Old Jun 12, 2004, 03:05 AM   #1
simX
macrumors 6502a
 
simX's Avatar
 
Join Date: May 2002
Location: Bay Area, CA
Problem with enabling/disabling root user

Before anyone says anything, yes, I am entirely aware of the risks of enabling the root user, and that's why I intended to disable it after I was finished working with it. (Unfortunately, the only easy way to set the keyboard layout of the login window is to enable root user, change the keyboard layout of the root user, and then log out and disable the root user. Using the Setup Assistant again isn't an option because it requires you to go through all the other options as well.)

Normally I enable the root user through the NetInfo Manager utility, log in as root, do what I need to do, and then log out and disable the root user through the NetInfo Manager again. Unfortunately, on one of my iMacs (bondi blue, 233 MHz Rev. A), the NetInfo Manager didn't do anything when I selected the "Enable Root User" menu item. It would prompt me for my administrator password, but then would never actually enable the root user. Finally I got fed up, and just went to the terminal and used the "sudo passwd root" command to enable it manually.

Bad idea. Now the root user is stuck on. The NetInfo Manager application still simply has an "Enable Root User" menu item, and it still doesn't do anything when I try to select it -- it authenticates me, then does nothing. (If the root user is already enabled, the "Enable Root User" menu item changes to "Disable Root User".)

So now my root user is stuck enabled. It's not a big security risk since it's behind a firewall anyway, but I'd rest easier if it were disabled. Does anybody know why this problem with the NetInfo Manager is happening and how to fix it? Alternatively, does someone know how to disable the root user from the command line? Any help would be much appreciated.

(Also, of note, is the fact that my 800 MHz 17" G4 iMac does not have this problem -- the NetInfo Manager application enables and disables the root user fine. My bondi blue iMac has all the latest updates and is running Mac OS X Panther version 10.3.4.)
__________________
-- simX

Last edited by simX; Jun 12, 2004 at 03:07 AM.
simX is offline   0
Old Jun 12, 2004, 05:31 AM   #2
MacFan26
macrumors 65816
 
MacFan26's Avatar
 
Join Date: Jan 2003
Location: San Jose, California
Send a message via Yahoo to MacFan26
Try doing this in the terminal:

niutil -createprop . /users/root passwd '*'

This will set the password back to the original setting. Then is should display disabled in NetInfo. Hope that works
__________________
15" i7 MacBook Pro antiglare, iPhone 4, 5G black iPod 60GB, iPod shuffle (red), new AppleTV
MacFan26 is offline   0
Old Jun 12, 2004, 07:00 PM   #3
simX
Thread Starter
macrumors 6502a
 
simX's Avatar
 
Join Date: May 2002
Location: Bay Area, CA
Quote:
Originally Posted by MacFan26
Try doing this in the terminal:

niutil -createprop . /users/root passwd '*'

This will set the password back to the original setting. Then is should display disabled in NetInfo. Hope that works
I got this same advice from some other Mac forums, and unfortunately, it didn't help. Here's what happened:

I did as you described. In NetInfo Manager, the "Enable Root User" menu item now works, and NetInfo Manager told me that my root user had a blank password. Additionally, the menu item now changes to "Disable Root User". But my actions in NetInfo Manager still have no effect on the root user. After selecting "Disable Root User" from the menu, it changes to "Enable Root User" as if it's really been disabled, but I can still log in as the root user. Additionally, if I simply change the root user password to "*" in NetInfo Manager (i.e.: a blank password), I still have to put in the original password I set for the root user to login (the one when I used the "sudo passwd root" command)... i.e.: it's not blank, as NetInfo Manager tells me. So changing the password in NetInfo Manager has no effect on the actual root password.

Could this be because I used the Terminal command, and NetInfo Manager doesn't know how to disable the root user after enabling it that way? In effect, it seems like the NetInfo database is disconnected from the NetInfo Manager application, which could be the root of the problem. I don't know how to correct it, though.
__________________
-- simX
simX is offline   0
Old Jun 12, 2004, 09:07 PM   #4
MacFan26
macrumors 65816
 
MacFan26's Avatar
 
Join Date: Jan 2003
Location: San Jose, California
Send a message via Yahoo to MacFan26
Hm, I don't really know what's up with NetInfo. I have root setup as another user, so I can login that way. I can also login to root from the terminal. This is all with root disabled in NetInfo. So...now I'm confused
Anyone else know?
__________________
15" i7 MacBook Pro antiglare, iPhone 4, 5G black iPod 60GB, iPod shuffle (red), new AppleTV
MacFan26 is offline   0
Old Jun 21, 2004, 02:01 PM   #5
publicat
macrumors newbie
 
Join Date: Jun 2004
Other Option does not appear when NetInfo is turned off in Directory Access

I experienced the same issue running v.10.3.2. I installed, and activated the root. I logged off as the admin user and sucessfully logged on as root. I logged off as root and the "Other" option at login disappeared. I then went to NetInfo to reactivate the root. When I did so, it would ask for an admin password for confirmation, but then still appear in the pull-down menu as deactivated. I found the following link in Apple's support pages and it solved the problem. In summary, the article says...The "Other" option does not appear when NetInfo is turned off in Directory Access utility.

Mac OS X 10.3: No "Other" option at login Article ID # 25686

It does solve the problem. I'm not sure if it presents others.
publicat is offline   0
Old Jul 2, 2004, 03:47 AM   #6
simX
Thread Starter
macrumors 6502a
 
simX's Avatar
 
Join Date: May 2002
Location: Bay Area, CA
Figured it out!

OK, I figured out the problem! It turns out that if you have an "authentication_authority" property for the root user in the NetInfo database (use NetInfo Manager to easily check), then the root user will not be disabled. Deleting this property (and then checking the NetInfo Manager utility to make sure the Security menu says root is disabled) will properly disable the root user.

I tested out doing the "sudo passwd root" command in the Terminal, and guess what? It enters an "authentication_authority" property for the root user when changing the root user's password. So this explains the whole problem. (It's likely that changing the root user's password via System Preferences when actually logged in as root will also do the same thing.) Note that these methods also introduce a "generateduid" property in the root user -- for good measure, you should make sure your root user doesn't have that property either.

Moral of the story: either 1) use a utility like Pseudo to change the root user's System Preference settings, or 2) always use the NetInfo Manager utility to enable or disable the root user.
__________________
-- simX

Last edited by simX; Jul 2, 2004 at 04:01 AM.
simX is offline   0
Old Jul 2, 2004, 04:21 AM   #7
MacFan26
macrumors 65816
 
MacFan26's Avatar
 
Join Date: Jan 2003
Location: San Jose, California
Send a message via Yahoo to MacFan26
Quote:
Originally Posted by simX
OK, I figured out the problem! It turns out that if you have an "authentication_authority" property for the root user in the NetInfo database (use NetInfo Manager to easily check), then the root user will not be disabled. Deleting this property (and then checking the NetInfo Manager utility to make sure the Security menu says root is disabled) will properly disable the root user.

Moral of the story: either 1) use a utility like Pseudo to change the root user's System Preference settings, or 2) always use the NetInfo Manager utility to enable or disable the root user.
Ah ha! Yep, I had the authentication_authority on my root user also. I'm glad you figured it out! Pseudo is a cool utility, I added it to mine
__________________
15" i7 MacBook Pro antiglare, iPhone 4, 5G black iPod 60GB, iPod shuffle (red), new AppleTV
MacFan26 is offline   0


 
MacRumors Forums > Archive > Archives of Old Posts > Mac OS X 10.3 (Panther) Discussion

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Similar Threads
thread Thread Starter Forum Replies Last Post
Disable the root account using single user mode Mcgode OS X 10.8 Mountain Lion 0 Feb 24, 2014 01:43 AM
How do you tell if Root user is logged in on Mavericks? Jazzandmetal? Mac Basics and Help 1 Nov 19, 2013 12:28 AM
Disabling Single User Mode 10.6.8 Macman671 Mac Basics and Help 3 Oct 15, 2013 10:15 AM
Open app as root on user login? pickaxe Mac Programming 3 Jul 31, 2013 03:58 PM
Applications installing in root instead of user folder? dapitts08 OS X 10.8 Mountain Lion 4 Apr 14, 2013 09:28 AM

Forum Jump

All times are GMT -5. The time now is 07:05 AM.

Mac Rumors | Mac | iPhone | iPhone Game Reviews | iPhone Apps

Mobile Version | Fixed | Fluid | Fluid HD
Copyright 2002-2013, MacRumors.com, LLC