can't change or reset password for "root"

Discussion in 'Mac OS X Server, Xserve, and Networking' started by Ruahrc, Sep 15, 2011.

  1. Ruahrc, Sep 15, 2011
    Last edited: Sep 15, 2011

    Ruahrc macrumors 65816

    Jun 9, 2009
    So a little while ago I screwed up something on my Lion install which required me to log in as "root" to fix. I followed the steps to enable root, put in a password, and logged in. Made the necessary changes, and fixed the problem.

    Right afterwards, I went back in and disabled the root account.

    Now I want to change the UID of my main user account in order to facilitate network-based file sharing. I read the cleanest way to do this was to log in as root and execute the necessary terminal commands from there. I again followed the steps to re-enable the root account, rebooted, and tried to log in using root credentials.

    However, it would not accept the password. I tried to reset it in the Directory Manager but it didn't seem to take. So I booted into the recovery partition and opened the terminal, where I typed in "resetpassword" which launched the password reset password utility. I selected the disk with Lion, and chose the System Administrator (root) account, and tried to type in a new password. I press "Save" and get the following message:

    "The password you entered has not been saved for the user System Administrator (root). You may not have permission to edit this disk or a general failure has occured."

    Changing the password for other "regular administrator" accounts works fine, but I can't seem to change the password for root.

    Anybody know what the issue is, and how can I resolve it? I would really like to be able to log in as root to change the UID of my main account.


    P.S. Just realized this, but isn't the recovery partition a HUGE, GAPING SECURITY FLAW in OSX Lion? I mean all anyone has to do is physically steal your computer, boot into the recovery partition (which exists on EVERYBODY'S LION), reset the password, and off they go? Made even worse by Apple's "internet recovery", since even if you disable or erase the recovery partition, all a thief needs to do is hook it up to the internet and download it straight away from Apple? Literally, I just was able to change the password to my primary user account without having to know or put in any kind of password whatsoever...
  2. nelz886 macrumors member


    Oct 23, 2010
    New Jersey
    Boot into single user mode (cmd + S at boot)
    at the prompt type
    mount -uw /
    launchctl load /System/Library/LaunchDaemons/
    passwd root
    See if this pw reset works.
  3. Ruahrc thread starter macrumors 65816

    Jun 9, 2009
    No, it comes up with the following error:

    passwd: Could not verify credentials because directory server does not support the requested authentication method. Could not verify credentials because directory server does not support the requested authentication method

    (yes, it reads off the same message twice)

    This is the same message I got when I tried to change the password via the terminal

  4. robvas macrumors 68020

    Mar 29, 2009
    OS X is designed to use sudo, not log in as the root user. If you wish to enable the root account, follow Apple's directions:

    There is no security when someone has physical access to your machine. Mac, Linux, or Windows. All you can do is encrypt your data and keep your password/encryption key safe.
  5. Ruahrc thread starter macrumors 65816

    Jun 9, 2009
    Those directions are what I followed first. They didn't work.
  6. Ruahrc thread starter macrumors 65816

    Jun 9, 2009
  7. pewra macrumors regular


    Jun 26, 2011
    Set a firmware password. That's what it's for.
  8. fiddy, Oct 15, 2011
    Last edited: Oct 15, 2011

    fiddy macrumors newbie

    Jun 14, 2009
    This worked for me after not being to reenable my root user...

    Can't Login as root after...

    Seems like after disabling root this has to be done to allow access to root user again. Maybe a bug, or maybe a security implementation, but it is kinda annoying.

Share This Page