Does the root password need to be set on OSX?
Page 1 of 2 12 LastLast
Results 1 to 10 of 15

Thread: Does the root password need to be set on OSX?

  1. #1
    Senior Member
    Join Date
    Nov 2005
    Posts
    115

    Does the root password need to be set on OSX?

    Point of interest generated from http://www.antionline.com/showthread...hreadid=272990

    Is changing the root password on OSX a good thing to do(security-wise)? I have always accessed root by sudo using my own password. I had assumed it was locked down for the betterment of all OSX users, not just non-power users.

    Any comments?

    Cheers,

    Al

  2. #2
    Banned
    Join Date
    Apr 2003
    Posts
    1,147
    Well, depends on how your Mac was set up. You may or may not have a password for the root account. If you follow the instructions provided in that other thread, you can change it to something more secure than blank or whatever was done at install. And then don't use it unless you must.

    Most of the people I've come across with Macs running OSX are just running in root mode with no password. They didn't set up a user account. I've heard sales droids at Mac stores tell new laptop buyers that the OS firewall was turned on and that was all they needed. Macs were secure by default, they said.

    Just plain scarey.

  3. #3
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    It is wise to change blank/default passwords as the bad guys know them and you are just asking for trouble if you do not.

    Write the password down and keep it in a safe place.

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  4. #4
    Senior Member
    Join Date
    Nov 2005
    Posts
    115
    Thats interesting... at my old job, the seasoned sysadmins were setting a root password on their macs because they reported, by default, there is no password for root... the account is locked by the OSX user administration GUI which is different from the underlying Unix...

    Also, on installation, you are required to create a user... I am using Tiger, maybe this is different from Panther?

    *ping* Are there other day to day Mac users on this forum?

  5. #5
    The Prancing Pirate
    Join Date
    Jul 2004
    Posts
    548
    Write the password down and keep it in a safe place.

    nihil - I agree to disagree!

    alleyCat: Make the password so complex and long that you cannot remember it, and make sure that you don't write it down (this could lead to a leak of the password and you'd end up in big trouble)!
    I use my iMac quite often - not every day, but almost. I spend more time on Linux or my M$ laptop, but I do know my way around it quite well - so if you've got any questions, I'll try to help you out.

    And as for the original question: as the others have said, set one. This ensures that no other users on your Mac are able to change key settings without your permission (technically root permission), and it will make a cracker's job much more difficult to break into your system.

    Cheers,

    -jk
    TAZForum <---- click

  6. #6
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    J_K9

    nihil - I agree to disagree!
    You missed the point.....................I specified a "safe place " If your physical security is compromised then you have bigger worries than your root password.

    It is common practice in commerce, industry etc. to have the master password written down and placed in a sealed envelope in the responsible director's safe.

    I actually have some very scary news for you:

    The launch codes for the US and UK thermonuclear arsenals are actually written down and kept in a safe place.

    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  7. #7
    Senior Member
    Join Date
    Nov 2005
    Posts
    115
    nihil: I think you missed the point of J_K9's comments: he wants me to forget my root password too...

  8. #8
    Super Moderator: GMT Zone nihil's Avatar
    Join Date
    Jul 2003
    Location
    United Kingdom: Bridlington
    Posts
    17,192
    Hi alleyCat

    No, I did see the irony...............hey, if you can't use it, neither can "they"
    If you cannot do someone any good: don't do them any harm....
    As long as you did this to one of these, the least of my little ones............you did it unto Me.
    What profiteth a man if he gains the entire World at the expense of his immortal soul?

  9. #9
    Senior Member
    Join Date
    Nov 2005
    Posts
    115
    hehe no worries... I guess if I didn't have the password it would kinda be hard to change if I did get externally hacked.

  10. #10
    The Prancing Pirate
    Join Date
    Jul 2004
    Posts
    548
    Originally posted here by nihil
    You missed the point.....................I specified a "safe place " If your physical security is compromised then you have bigger worries than your root password.
    That's for sure

    It is common practice in commerce, industry etc. to have the master password written down and placed in a sealed envelope in the responsible director's safe.
    What if they crack the safe?

    I actually have some very scary news for you:

    The launch codes for the US and UK thermonuclear arsenals are actually written down and kept in a safe place.
    Thank you for that extra bit of knowledge I just gained - although I did expect it. alleyCat, as nihil suggested, that is the best thing to do - not mine which involved forgetting an immensely long and complicated pass and not writing it down....heh!

    One last thing nihil - weren't there some missiles whose launch codes were 0000 or something?
    TAZForum <---- click

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides