Root User Somehow Enabled

BaldiMac · Aug 3, 2016

A month or two ago, An "Other..." option appeared on my login screen on El Capitan. I didn't think much of it at the time. I finally got around to searching for how to get rid of it today. Turns out, that somehow the root user had become enabled. Disabling root removed the "Other..." option. That issue is fixed.

But... Is there a way to tell who enabled the root user? My spouse and I each have our own passwords and both are Admin users. Could this have been a permission problem during an update? Is there a way to tell if my spouse installed something that required root? Is there an event log for root?

Thanks in advance!

KALLT · Aug 3, 2016

Interesting question. I had a look if something is logged when the root account is enabled, but this does not seem to be the case. Enabling it though Directory Utility or with dsenableroot seems to have no visible effect. If the command-line program was used, you might find a trace in ~/.bash_history, although this would require that the command was used directly, rather than within a script.

I do not think that this happened due to an error. It might have been a malicious program that enabled the root account.

rshrugged · Aug 4, 2016

Did you connect to a network directory service?

You can check at - System Preferences -> Users & Groups -> Login Options -
to see if if a network account server is listed.

BaldiMac · Aug 4, 2016

rshrugged said: ↑

Did you connect to a network directory service?

You can check at - System Preferences -> Users & Groups -> Login Options -
to see if if a network account server is listed.
Click to expand...

Nope. Nothing there.

Root User Somehow Enabled

BaldiMac macrumors 604

KALLT macrumors 601

rshrugged macrumors 6502a

BaldiMac thread starter macrumors 604

Share This Page

Touch Arcade

YouTube

Useful Searches

Root User Somehow Enabled

BaldiMac macrumors 604

KALLT macrumors 601

rshrugged macrumors 6502a

BaldiMac thread starter macrumors 604

Share This Page