I want to enable root on a Lion

Discussion in 'Apple' started by Torsten Jørgensen, Apr 18, 2012.

  1. I did it with a Tiger, but Lion does not have NetInfo,
    so what then?

    Can you become root user on a Lion at all?

    /Torsten
    Torsten Jørgensen, Apr 18, 2012
    #1
    1. Advertising

  2. Torsten Jørgensen

    Sara Guest

    In article <2012041815001482727-info@stconinccom>,
    Torsten Jørgensen <> wrote:

    > I did it with a Tiger, but Lion does not have NetInfo,
    > so what then?
    >
    > Can you become root user on a Lion at all?
    >
    > /Torsten


    Apple says yes:
    <http://support.apple.com/kb/HT1528?viewlocale=en_US&locale=en_US>

    --
    Sara

    Cats cats cats cats
    Sara, Apr 18, 2012
    #2
    1. Advertising

  3. Torsten Jørgensen

    nospam Guest

    In article <2012041815001482727-info@stconinccom>, Torsten Jørgensen
    <> wrote:

    > I did it with a Tiger, but Lion does not have NetInfo,
    > so what then?
    >
    > Can you become root user on a Lion at all?


    what are you really trying to do that you think you need root?
    nospam, Apr 18, 2012
    #3
  4. Torsten Jørgensen <> wrote:

    > I did it with a Tiger, but Lion does not have NetInfo,
    > so what then?
    >
    > Can you become root user on a Lion at all?
    >
    > /Torsten


    Working in root is a great way to 'root' your Mac...
    --
    If you're not part of the solution, you're part of the precipitate.
    Jamie Kahn Genet, Apr 18, 2012
    #4
  5. In article <>,
    Jolly Roger <> wrote:

    > In article <2012041815001482727-info@stconinccom>,
    > Torsten Jørgensen <> wrote:
    >
    > > I did it with a Tiger, but Lion does not have NetInfo,
    > > so what then?
    > >
    > > Can you become root user on a Lion at all?
    > >
    > > /Torsten

    >
    > I have to ask: Why bother?


    I can think of a couple cases quickly.

    It can be useful for machines that have a simple task to perform and
    only one administrator. In such a case, the complexity of multiple user
    roles can be more of a risk than an asset. Unix ACLs are error prone
    and Apple's poorly supported ACL on top of that is an absolute nightmare
    to keep correct.

    Server consoles commonly have a root login for emergency maintenance
    without having to use single-user mode. (Remote root access can be
    disabled.)
    --
    I will not see posts from Google because I must filter them as spam
    Kevin McMurtrie, Apr 18, 2012
    #5
  6. In article <>,
    Jolly Roger <> wrote:

    > In article <4f8ee410$0$16194$>,
    > Kevin McMurtrie <> wrote:
    >
    > > In article <>,
    > > Jolly Roger <> wrote:
    > >
    > > > In article <2012041815001482727-info@stconinccom>,
    > > > Torsten Jørgensen <> wrote:
    > > >
    > > > > I did it with a Tiger, but Lion does not have NetInfo,
    > > > > so what then?
    > > > >
    > > > > Can you become root user on a Lion at all?
    > > > >
    > > > > /Torsten
    > > >
    > > > I have to ask: Why bother?

    > >
    > > I can think of a couple cases quickly.
    > >
    > > It can be useful for machines that have a simple task to perform and
    > > only one administrator. In such a case, the complexity of multiple user
    > > roles can be more of a risk than an asset. Unix ACLs are error prone
    > > and Apple's poorly supported ACL on top of that is an absolute nightmare
    > > to keep correct.
    > >
    > > Server consoles commonly have a root login for emergency maintenance
    > > without having to use single-user mode. (Remote root access can be
    > > disabled.)

    >
    > Explain how enabling the root user account would be preferable to using
    > the sudo facility which is already at your disposal.


    You wouldn't be at the console running emergency maintenance if sudo on
    a remote terminal worked. The biggest difference is that the root user
    has a small amount of spare resources reserved for it. A resource leak
    (files, memory, processes, sockets, etc.) will lock out an admin but not
    root.
    --
    I will not see posts from Google because I must filter them as spam
    Kevin McMurtrie, Apr 19, 2012
    #6
  7. Torsten Jørgensen

    Tom Stiller Guest

    In article <4f8f8d6d$0$16115$>,
    Kevin McMurtrie <> wrote:

    > In article <>,
    > Jolly Roger <> wrote:
    >
    > > In article <4f8ee410$0$16194$>,
    > > Kevin McMurtrie <> wrote:
    > >
    > > > In article <>,
    > > > Jolly Roger <> wrote:
    > > >
    > > > > In article <2012041815001482727-info@stconinccom>,
    > > > > Torsten Jørgensen <> wrote:
    > > > >
    > > > > > I did it with a Tiger, but Lion does not have NetInfo,
    > > > > > so what then?
    > > > > >
    > > > > > Can you become root user on a Lion at all?
    > > > > >
    > > > > > /Torsten
    > > > >
    > > > > I have to ask: Why bother?
    > > >
    > > > I can think of a couple cases quickly.
    > > >
    > > > It can be useful for machines that have a simple task to perform and
    > > > only one administrator. In such a case, the complexity of multiple user
    > > > roles can be more of a risk than an asset. Unix ACLs are error prone
    > > > and Apple's poorly supported ACL on top of that is an absolute nightmare
    > > > to keep correct.
    > > >
    > > > Server consoles commonly have a root login for emergency maintenance
    > > > without having to use single-user mode. (Remote root access can be
    > > > disabled.)

    > >
    > > Explain how enabling the root user account would be preferable to using
    > > the sudo facility which is already at your disposal.

    >
    > You wouldn't be at the console running emergency maintenance if sudo on
    > a remote terminal worked. The biggest difference is that the root user
    > has a small amount of spare resources reserved for it. A resource leak
    > (files, memory, processes, sockets, etc.) will lock out an admin but not
    > root.


    I can't recall the last time I saw a unix system administrator permit
    remote login to the root. Doing so provides no accountability.

    Responsible administrators require an ordinary user login followed by
    either a 'su' to switch to the root account or 'sudo' for one-time
    privilege escalation.

    --
    PRAY, v. To ask that the laws of the universe be annulled in behalf
    of a single petitioner confessedly unworthy. -- Ambrose Bierce
    Tom Stiller, Apr 19, 2012
    #7
  8. Torsten Jørgensen

    Sara Guest

    In article <>,
    Jolly Roger <> wrote:

    > In article
    > <-september.org>,
    > Sara <> wrote:
    >
    > > In article <2012041815001482727-info@stconinccom>,
    > > Torsten Jørgensen <> wrote:
    > >
    > > > I did it with a Tiger, but Lion does not have NetInfo,
    > > > so what then?
    > > >
    > > > Can you become root user on a Lion at all?
    > > >
    > > > /Torsten

    > >
    > > Apple says yes:
    > > <http://support.apple.com/kb/HT1528?viewlocale=en_US&locale=en_US>

    >
    > For most people, not only is this completely unnecessary, but doing so
    > is anywhere from not the best idea to a really bad idea.


    It was, however, an answer to the question asked.

    --
    Sara

    Peeps squeaks, Billy is silly and as for Armageddon...
    Sara, Apr 19, 2012
    #8
  9. Torsten Jørgensen

    Sara Guest

    In article <>,
    Jolly Roger <> wrote:

    > In article
    > <-september.org>,
    > Sara <> wrote:
    >
    > > In article <>,
    > > Jolly Roger <> wrote:
    > >
    > > > In article
    > > > <-september.org>,
    > > > Sara <> wrote:
    > > >
    > > > > In article <2012041815001482727-info@stconinccom>,
    > > > > Torsten Jørgensen <> wrote:
    > > > >
    > > > > > I did it with a Tiger, but Lion does not have NetInfo,
    > > > > > so what then?
    > > > > >
    > > > > > Can you become root user on a Lion at all?
    > > > > >
    > > > > > /Torsten
    > > > >
    > > > > Apple says yes:
    > > > > <http://support.apple.com/kb/HT1528?viewlocale=en_US&locale=en_US>
    > > >
    > > > For most people, not only is this completely unnecessary, but doing so
    > > > is anywhere from not the best idea to a really bad idea.

    > >
    > > It was, however, an answer to the question asked.

    >
    > Indeed. I just think it's important when someone asks a question about
    > something like this to provide a little guidance regarding security and
    > safety.


    I tend to assume people are grown-ups. If they want to screw up their
    machines it's their own problem. I realise this isn't everyone's point
    of view of course.

    --
    Sara

    Peeps squeaks, Billy is silly and as for Armageddon...
    Sara, Apr 19, 2012
    #9
  10. Sara <> wrote:

    > In article <>,
    > Jolly Roger <> wrote:
    >
    > > In article
    > > <-september.org>,
    > > Sara <> wrote:
    > >
    > > > In article <>,
    > > > Jolly Roger <> wrote:
    > > >
    > > > > In article
    > > > > <-september.org>,
    > > > > Sara <> wrote:
    > > > >
    > > > > > In article <2012041815001482727-info@stconinccom>,
    > > > > > Torsten Jørgensen <> wrote:
    > > > > >
    > > > > > > I did it with a Tiger, but Lion does not have NetInfo,
    > > > > > > so what then?
    > > > > > >
    > > > > > > Can you become root user on a Lion at all?
    > > > > > >
    > > > > > > /Torsten
    > > > > >
    > > > > > Apple says yes:
    > > > > > <http://support.apple.com/kb/HT1528?viewlocale=en_US&locale=en_US>
    > > > >
    > > > > For most people, not only is this completely unnecessary, but doing so
    > > > > is anywhere from not the best idea to a really bad idea.
    > > >
    > > > It was, however, an answer to the question asked.

    > >
    > > Indeed. I just think it's important when someone asks a question about
    > > something like this to provide a little guidance regarding security and
    > > safety.

    >
    > I tend to assume people are grown-ups. If they want to screw up their
    > machines it's their own problem. I realise this isn't everyone's point
    > of view of course.


    Being a grown up means nothing IME :) I've seen otherwise mature and
    sensible adults lose their marbles plonked down in front of a computer,
    and do some amazingly illogical and profoundly stupid things.
    --
    If you're not part of the solution, you're part of the precipitate.
    Jamie Kahn Genet, Apr 19, 2012
    #10
  11. Torsten Jørgensen

    Sara Guest

    In article <1kitzuy.147e41o4y2w3sN%>,
    (Jamie Kahn Genet) wrote:

    > Sara <> wrote:
    >
    > > In article <>,
    > > Jolly Roger <> wrote:
    > >
    > > > In article
    > > > <-september.org>,
    > > > Sara <> wrote:
    > > >
    > > > > In article <>,
    > > > > Jolly Roger <> wrote:
    > > > >
    > > > > > In article
    > > > > > <-september.org>,
    > > > > > Sara <> wrote:
    > > > > >
    > > > > > > In article <2012041815001482727-info@stconinccom>,
    > > > > > > Torsten Jørgensen <> wrote:
    > > > > > >
    > > > > > > > I did it with a Tiger, but Lion does not have NetInfo,
    > > > > > > > so what then?
    > > > > > > >
    > > > > > > > Can you become root user on a Lion at all?
    > > > > > > >
    > > > > > > > /Torsten
    > > > > > >
    > > > > > > Apple says yes:
    > > > > > > <http://support.apple.com/kb/HT1528?viewlocale=en_US&locale=en_US>
    > > > > >
    > > > > > For most people, not only is this completely unnecessary, but doing so
    > > > > > is anywhere from not the best idea to a really bad idea.
    > > > >
    > > > > It was, however, an answer to the question asked.
    > > >
    > > > Indeed. I just think it's important when someone asks a question about
    > > > something like this to provide a little guidance regarding security and
    > > > safety.

    > >
    > > I tend to assume people are grown-ups. If they want to screw up their
    > > machines it's their own problem. I realise this isn't everyone's point
    > > of view of course.

    >
    > Being a grown up means nothing IME :) I've seen otherwise mature and
    > sensible adults lose their marbles plonked down in front of a computer,
    > and do some amazingly illogical and profoundly stupid things.


    Oh heavens and so have I - and I'm including myself here.

    --
    Sara

    Peeps squeaks, Billy is silly and as for Armageddon...
    Sara, Apr 19, 2012
    #11
  12. Jamie Kahn Genet <> wrote:

    > Sara <> wrote:
    >
    > > In article <>,
    > > Jolly Roger <> wrote:
    > >
    > > > Indeed. I just think it's important when someone asks a question about
    > > > something like this to provide a little guidance regarding security and
    > > > safety.

    > >
    > > I tend to assume people are grown-ups. If they want to screw up their
    > > machines it's their own problem. I realise this isn't everyone's point
    > > of view of course.

    >
    > Being a grown up means nothing IME :) I've seen otherwise mature and
    > sensible adults lose their marbles plonked down in front of a computer,
    > and do some amazingly illogical and profoundly stupid things.


    And everyone (myself, included, of course) is ocasionally in need of a
    little guidance. It isn't necessarily a matter of being immature,
    illogical, or anything else with a negative connotation. I have *LOTS*
    of experience over several decades with helping people with computer
    problems. One of the most common problems is that they are often asking
    the wrong question. Just answering the question literally as asked is
    often the wrong answer because it isn't the question they needed to ask.
    It sometimes takes a bit of digging to figure out what question they
    really needed to ask. Other times, it is pretty evident to me.

    One of my favorite examples has nothing to do with security or any
    judgemental matter at all. Rather, it is purely factual. I'd have
    programmers (it happened more than once) ask me whether a machine at our
    site was a 32-bit or 64-bit one. The simple, factual answer was just
    "64". But knowing the kind of progamming they did, I realized that was
    exactly the wrong answer for them because they were asking the wrong
    question. What they really wanted to know was whether a "single
    precision" Fortran real variable was 32 or 64 bits. They probably didn't
    even realize that was a diferent question. It is. And it had the
    opposite answer for the machine and compilers in question.

    --
    Richard Maine | Good judgment comes from experience;
    email: last name at domain . net | experience comes from bad judgment.
    domain: summertriangle | -- Mark Twain
    Richard Maine, Apr 19, 2012
    #12
  13. In article <>,
    Jolly Roger <> wrote:

    > In article <4f8f8d6d$0$16115$>,
    > Kevin McMurtrie <> wrote:
    >
    > > In article <>,
    > > Jolly Roger <> wrote:
    > >
    > > > In article <4f8ee410$0$16194$>,
    > > > Kevin McMurtrie <> wrote:
    > > >
    > > > > In article <>,
    > > > > Jolly Roger <> wrote:
    > > > >
    > > > > > In article <2012041815001482727-info@stconinccom>,
    > > > > > Torsten Jørgensen <> wrote:
    > > > > >
    > > > > > > I did it with a Tiger, but Lion does not have NetInfo,
    > > > > > > so what then?
    > > > > > >
    > > > > > > Can you become root user on a Lion at all?
    > > > > > >
    > > > > > > /Torsten
    > > > > >
    > > > > > I have to ask: Why bother?
    > > > >
    > > > > I can think of a couple cases quickly.
    > > > >
    > > > > It can be useful for machines that have a simple task to perform and
    > > > > only one administrator. In such a case, the complexity of multiple
    > > > > user
    > > > > roles can be more of a risk than an asset. Unix ACLs are error prone
    > > > > and Apple's poorly supported ACL on top of that is an absolute
    > > > > nightmare
    > > > > to keep correct.
    > > > >
    > > > > Server consoles commonly have a root login for emergency maintenance
    > > > > without having to use single-user mode. (Remote root access can be
    > > > > disabled.)
    > > >
    > > > Explain how enabling the root user account would be preferable to using
    > > > the sudo facility which is already at your disposal.

    > >
    > > You wouldn't be at the console running emergency maintenance if sudo on
    > > a remote terminal worked. The biggest difference is that the root user
    > > has a small amount of spare resources reserved for it. A resource leak
    > > (files, memory, processes, sockets, etc.) will lock out an admin but not
    > > root.

    >
    > When is the last time you've seen this happen in Mac OS X?


    You haven't depleted system resources a few times? You're not trying.

    Of course I've never seen an enterprise grade Mac OS X server. Apple
    ditched OS X Server before OS X was stable enough to provide such a
    product. 10.0 through 10.3 locked up or panicked maybe a dozen times a
    day when stressed. 10.4 through 10.5 were better but had some hangs and
    data corruption issues under stress. 10.6 is pretty good, but not good
    enough to compete with cheaper server alternatives. 10.7 is a cheap toy.
    --
    I will not see posts from Google because I must filter them as spam
    Kevin McMurtrie, Apr 19, 2012
    #13
  14. Richard Maine <> wrote:

    > Jamie Kahn Genet <> wrote:
    >
    > > Sara <> wrote:
    > >
    > > > In article <>,
    > > > Jolly Roger <> wrote:
    > > >
    > > > > Indeed. I just think it's important when someone asks a question about
    > > > > something like this to provide a little guidance regarding security and
    > > > > safety.
    > > >
    > > > I tend to assume people are grown-ups. If they want to screw up their
    > > > machines it's their own problem. I realise this isn't everyone's point
    > > > of view of course.

    > >
    > > Being a grown up means nothing IME :) I've seen otherwise mature and
    > > sensible adults lose their marbles plonked down in front of a computer,
    > > and do some amazingly illogical and profoundly stupid things.

    >
    > And everyone (myself, included, of course) is occasionally in need of a
    > little guidance.


    For sure, I've called tech support many a time over the years when I was
    at a lose end. Sometimes they were even helpful. Sometimes I ended up
    having to explain things to them... but let's not go there right now.

    But I have to say most of the time I got far more helpful advice from
    Usenet, mailing lists, IRC, web forms, etc. Actually getting a solution
    out of official tech support for a product has been incredibly hit and
    miss IME.

    Part of getting good help is knowing where to ask. That's something I
    try to teach my users with varying degrees of success.

    > It isn't necessarily a matter of being immature, illogical, or anything
    > else with a negative connotation. I have *LOTS* of experience over several
    > decades with helping people with computer problems. One of the most common
    > problems is that they are often asking the wrong question. Just answering
    > the question literally as asked is often the wrong answer because it isn't
    > the question they needed to ask. It sometimes takes a bit of digging to
    > figure out what question they really needed to ask. Other times, it is
    > pretty evident to me.


    Yup, absolutely, then there's knowing what's the issue really is; and a
    bigger problem for many - having the technical vocabulary to describe
    the issue or at least what they _think the issue is_ in the first place.

    > One of my favorite examples has nothing to do with security or any
    > judgemental matter at all. Rather, it is purely factual. I'd have
    > programmers (it happened more than once) ask me whether a machine at our
    > site was a 32-bit or 64-bit one. The simple, factual answer was just
    > "64". But knowing the kind of progamming they did, I realized that was
    > exactly the wrong answer for them because they were asking the wrong
    > question. What they really wanted to know was whether a "single
    > precision" Fortran real variable was 32 or 64 bits. They probably didn't
    > even realize that was a diferent question. It is. And it had the
    > opposite answer for the machine and compilers in question.


    They're lucky they had a good support guy :)
    --
    If you're not part of the solution, you're part of the precipitate.
    Jamie Kahn Genet, Apr 19, 2012
    #14
  15. Torsten Jørgensen

    Paul Sture Guest

    On Thu, 19 Apr 2012 16:56:26 +0100, Sara wrote:

    > In article <1kitzuy.147e41o4y2w3sN%>,
    > (Jamie Kahn Genet) wrote:


    >> Being a grown up means nothing IME :) I've seen otherwise mature and
    >> sensible adults lose their marbles plonked down in front of a computer,
    >> and do some amazingly illogical and profoundly stupid things.

    >
    > Oh heavens and so have I - and I'm including myself here.


    So have I. I've buried read only files in read only directories and
    applied ACLs* on them before now so that I can't accidentally delete
    them, but in a fit of housekeeping have still managed to get rid of them.

    * on a system where ACLs really did work ;-)

    --
    Paul Sture
    Paul Sture, Apr 20, 2012
    #15
  16. Torsten Jørgensen

    Paul Sture Guest

    On Thu, 19 Apr 2012 08:55:16 -0400, Tom Stiller wrote:

    > In article <4f8f8d6d$0$16115$>,
    > Kevin McMurtrie <> wrote:
    >
    >> In article <>,
    >> Jolly Roger <> wrote:
    >>
    >> > In article <4f8ee410$0$16194$>,
    >> > Kevin McMurtrie <> wrote:
    >> >
    >> > > In article <>,
    >> > > Jolly Roger <> wrote:
    >> > >
    >> > > > In article <2012041815001482727-info@stconinccom>,
    >> > > > Torsten Jørgensen <> wrote:
    >> > > >
    >> > > > > I did it with a Tiger, but Lion does not have NetInfo, so what
    >> > > > > then?
    >> > > > >
    >> > > > > Can you become root user on a Lion at all?
    >> > > > >
    >> > > > > /Torsten
    >> > > >
    >> > > > I have to ask: Why bother?
    >> > >
    >> > > I can think of a couple cases quickly.
    >> > >
    >> > > It can be useful for machines that have a simple task to perform
    >> > > and only one administrator. In such a case, the complexity of
    >> > > multiple user roles can be more of a risk than an asset. Unix ACLs
    >> > > are error prone and Apple's poorly supported ACL on top of that is
    >> > > an absolute nightmare to keep correct.
    >> > >
    >> > > Server consoles commonly have a root login for emergency
    >> > > maintenance without having to use single-user mode. (Remote root
    >> > > access can be disabled.)
    >> >
    >> > Explain how enabling the root user account would be preferable to
    >> > using the sudo facility which is already at your disposal.

    >>
    >> You wouldn't be at the console running emergency maintenance if sudo on
    >> a remote terminal worked. The biggest difference is that the root user
    >> has a small amount of spare resources reserved for it. A resource leak
    >> (files, memory, processes, sockets, etc.) will lock out an admin but
    >> not root.

    >
    > I can't recall the last time I saw a unix system administrator permit
    > remote login to the root. Doing so provides no accountability.
    >
    > Responsible administrators require an ordinary user login followed by
    > either a 'su' to switch to the root account or 'sudo' for one-time
    > privilege escalation.


    And I tested that the other day on several flavours of Linux. Only one
    of them failed the test, but it's quite easy to fix.

    --
    Paul Sture
    Paul Sture, Apr 24, 2012
    #16
  17. Torsten Jørgensen

    Wes Groleau Guest

    On 04-20-2012 10:56, Paul Sture wrote:
    > So have I. I've buried read only files in read only directories and
    > applied ACLs* on them before now so that I can't accidentally delete
    > them, but in a fit of housekeeping have still managed to get rid of them.
    >
    > * on a system where ACLs really did work ;-)


    I have done that a few times--always with the help of Time Machine.
    Now that I know the cause, I know how to clean up the mess if and when I
    ever need to restore something from TM.

    In many cases, it is easier to restore it myself without the mess than
    to let TM restore it and then clean up.

    --
    Wes Groleau

    “It is incumbent on every generation to pay its own debts as it
    goes. A principle which if acted on would save one-half the wars of the
    world.â€
    — Thomas Jefferson
    Wes Groleau, Apr 26, 2012
    #17
  18. Torsten Jørgensen

    JF Mezei Guest

    Had an interesting situation. Data on a VMS box needing to be FTPed to
    OS-Server in its own directory tree (not part of any use login directory
    tree).

    My own administrator account did not work because it is rooted at my
    login directory.
    An account created in the system group (nearly identical to root) had
    the same problem because the ftp on the server was setup to only show
    the user's own directory.

    I tried "root" but root is refused on ftp. I suspect root would also
    have been limited to /var/root directory tree.

    So at the end of the day, I did the reverse and used OS-X , located in
    the right directory, to ftp the files from the VMS machine.

    While this is not an occurence that was solved by the use of "root", it
    does show how the use of certain applications does limit the view the
    file system.
    JF Mezei, Apr 27, 2012
    #18
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. D. Fox
    Replies:
    5
    Views:
    323
    Simon Slavin
    Sep 7, 2003
  2. Ian Gregory

    Re: Why Not Enable root?

    Ian Gregory, Mar 29, 2005, in forum: Apple
    Replies:
    13
    Views:
    296
    Tom Stiller
    Apr 3, 2005
  3. FPP
    Replies:
    18
    Views:
    270
    Dave Balderstone
    Jul 18, 2008
  4. David Empson

    Re: How to enable root on OS 10.5.4 ?

    David Empson, Jul 15, 2008, in forum: Apple
    Replies:
    62
    Views:
    661
    Michelle Steiner
    Jul 24, 2008
  5. Michelle Steiner
    Replies:
    3
    Views:
    416
    Alan Browne
    Jun 21, 2011
Loading...

Share This Page