Root User Somehow Enabled

Discussion in 'macOS' started by BaldiMac, Aug 3, 2016.

  1. BaldiMac macrumors 604

    BaldiMac

    Joined:
    Jan 24, 2008
    #1
    A month or two ago, An "Other..." option appeared on my login screen on El Capitan. I didn't think much of it at the time. I finally got around to searching for how to get rid of it today. Turns out, that somehow the root user had become enabled. Disabling root removed the "Other..." option. That issue is fixed.

    But... Is there a way to tell who enabled the root user? My spouse and I each have our own passwords and both are Admin users. Could this have been a permission problem during an update? Is there a way to tell if my spouse installed something that required root? Is there an event log for root?

    Thanks in advance!
     
  2. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #2
    Interesting question. I had a look if something is logged when the root account is enabled, but this does not seem to be the case. Enabling it though Directory Utility or with dsenableroot seems to have no visible effect. If the command-line program was used, you might find a trace in ~/.bash_history, although this would require that the command was used directly, rather than within a script.

    I do not think that this happened due to an error. It might have been a malicious program that enabled the root account.
     
  3. rshrugged macrumors 6502a

    Joined:
    Oct 11, 2015
    #3
    Did you connect to a network directory service?

    You can check at - System Preferences -> Users & Groups -> Login Options -
    to see if if a network account server is listed.
     
  4. BaldiMac thread starter macrumors 604

    BaldiMac

    Joined:
    Jan 24, 2008
    #4
    Nope. Nothing there.
     

Share This Page