nabling and using the "root" user in Mac OS X

Summary

The root user in Mac OS X is disabled by default. Follow the steps in this article to enable and use it, if needed.

Important: If you are not familiar with the meaning of "root user," read this entire article to learn important precautionary information before using the root user. You must have an administrator account and password to complete the steps below.

Note: If you are using Mac OS X Server, root is already enabled by default. Advice contained in this article to disable root access when used infrequently does not apply to Mac OS X Server. It should remain enabled. For more information on related behavior, see this article.

Products Affected

Mac OS X 10.4, Mac OS X 10.3, Mac OS X 10.2, Mac OS X 10.1, Mac OS X 10.0, Mac OS X 10.5

About the root user

The user named "root" is a special user in UNIX-style operating systems that has read and write privileges to all areas of the file system. The root user should only be used for specific administration or monitoring tasks. After completing a task as the root user, you should log out of Mac OS X and log back in using a normal or administrator account. You should disable root access if you do not use it often.

The root user does not appear in Users or Accounts preferences.

Important notes

• Only the owner of a computer or its designated administrator(s) should have an administrator account or the root password.
• Any user with an administrator account can become the root user or reset the root password.
• A root password should be difficult to guess, containing both numbers and letters within the first eight characters.
• A root user has the ability to access other users' files.
• The root user has the ability to relocate or remove required system files and to introduce new files in locations that are protected from other users.

How to enable the root user

Mac OS X 10.5 or later

1. From the Finder's Go menu, choose Utilities.
2. Open Directory Utility.
3. Click the lock in the Directory Utility window.
4. Enter an administrator account name and password, then click OK.
5. Choose Enable Root User from the Edit menu.
6. Enter the root password you wish to use in both the Password and Verify fields, then click OK.

Note: If you are troubleshooting an issue that prevents you from logging in as an administrator, follow the steps in this article to enable the root user.

Mac OS X 10.4.x or earlier

1. Click the Finder icon in the Dock.
2. From the Go menu, choose Applications.
3. Open the Utilities folder.
4. Open the NetInfo Manager utility.
5. Click the lock in the NetInfo Manager window.
6. Enter an administrator account name and password, then click OK.
7. For Mac OS X 10.2 and later, choose Enable Root User from the Security menu.
8. For Mac OS X 10.0 and 10.1, choose Security from the Domain menu, then Enable Root User from the submenu.
9. If you have not previously set a root password, an alert box may appear that says "NetInfo Error," indicating that the password is blank. Click OK.
10. Enter the root password you wish to use and click Set.
11. Enter the password again for verification and click Verify.
12. Click the lock again to prevent changes.
    

How to log in as root

Use these steps for Mac OS X 10.2 or later:

1. If you are logged in, choose Log Out from the Apple menu.
2. If you are logging in from a list of usernames with pictures, click Other.
3. In the Name field, type: root
4. In the Password field, type the password you defined in the steps above.
   

Mac OS X 10.0 to 10.1.5

After enabling the root user, you must log out from Mac OS X and log back in as the root user. Logging in to Mac OS X from a list of usernames is the default behavior for later versions of Mac OS X. Logging in by typing your username in a text entry field is the default behavior in earlier versions of Mac OS X. You can choose either method in Login preferences. The root user does not appear in the list, so you need the text entry option. If necessary, follow these steps to change the login method to text entry:

1. From the Apple menu, choose System Preferences.
2. From the View menu, choose Login.
3. Click the Login Window tab.
4. Select the radio button for "Name and password entry fields."

Follow these steps to log in as root:

1. If you are logged in, choose Log Out from the Apple menu.
2. In the Name field, type: root
3. In the Password field, type the password you defined in the steps above.

How to disable the root user

Mac OS X 10.5 or later

1. Click the Finder icon in the Dock.
2. From the Go menu, choose Utilities.
3. Open Directory Utility.
4. Click the lock in the Directory Utility window.
5. Enter an administrator account name and password, then click OK.
6. Choose Disable Root User from the Edit menu.

Mac OS X 10.4.x or earlier

1. Open NetInfo Manager. It's in the Utilities folder.
2. Click the lock.
3. Enter the name and password for an administrator account, then click OK.
4. For Mac OS X 10.2 and later, choose Disable Root User from the Security menu.
5. For Mac OS X 10.0 and 10.1, choose Security from the Domain menu, then Disable Root User from the submenu.

What is the root directory?

It helps to know that the term root is used in two distinct ways: The "root user" and the "root directory." The root directory is the highest directory level of a disk. The files and folders you see when you open (double-click) your hard disk icon are the contents of that disk's root directory. A directory is represented graphically as a folder. You may know your home directory as your "home folder." The terms "folder" and "directory" are generally interchangeable.

A user's short name is also the name of his home directory.

The Finder and the Terminal show different contents for the root directory. Some items in the root directory are made invisible when viewed in the Finder. This reduces visual clutter and enhances simplicity. Users familiar with UNIX-style command line may use the Terminal utility to view everything in a directory.