Root User Somehow Enabled

[BaldiMac]

A month or two ago, An "Other..." option appeared on my login screen on El Capitan. I didn't think much of it at the time. I finally got around to searching for how to get rid of it today. Turns out, that somehow the root user had become enabled. Disabling root removed the "Other..." option. That issue is fixed.

But... Is there a way to tell who enabled the root user? My spouse and I each have our own passwords and both are Admin users. Could this have been a permission problem during an update? Is there a way to tell if my spouse installed something that required root? Is there an event log for root?

Thanks in advance!

 

[KALLT]

Interesting question. I had a look if something is logged when the root account is enabled, but this does not seem to be the case. Enabling it though Directory Utility or with dsenableroot seems to have no visible effect. If the command-line program was used, you might find a trace in ~/.bash_history, although this would require that the command was used directly, rather than within a script.

I do not think that this happened due to an error. It might have been a malicious program that enabled the root account.

 

[997440]

Did you connect to a network directory service?

You can check at - System Preferences -> Users & Groups -> Login Options -
to see if if a network account server is listed.

 

[BaldiMac]

Did you connect to a network directory service?

You can check at - System Preferences -> Users & Groups -> Login Options -
to see if if a network account server is listed.

Nope. Nothing there.