Welcome to apple.newbox.org Monday, June 26 2017 @ 10:00 PM EDT  
Links |  Past Polls |  Advanced Search |   
Topics
Home
Applications (8/0)
Classic (0/0)
Hardware (12/0)
Miscellaneous (6/0)
Networking/Serving (3/0)
Mac OS X (13/0)
Terminal/CLI (3/0)
iPhone (3/0)
General News (3/0)
GeekLog (1/0)

User Functions
Username:

Password:

Don't have an account yet? Sign up as a New User

What's New
STORIES
No new stories

LINKS last 2 wks
No recent new links


Older Stories
Saturday 06-Mar
  • iPad thoughts (0)

  • Friday 19-Feb
  • A Couple Small Time Machine Notes (0)

  • Saturday 26-Sep
  • Details about iPhone backups and restore (0)

  • Monday 29-Jun
  • Camera updates in iPhone OS 3.0 (0)

  • Saturday 30-May
  • Mac mini disassembly notes (0)

  • Friday 15-May
  • Notes about Windows 7 on a 10.4 Mac with Virtual Box (0)

  • Monday 02-Mar
  • Safari 4 (Beta) notes (0)

  • Saturday 17-Jan
  • Random software notes (0)

  • Wednesday 17-Dec
  • Quicksilver vs. Spotlight (0)
  • 10.5's Dock still sucks (0)


  • OS X, root, admins, and users    
    Tuesday, March 22 2005 @ 07:39 PM EST
    Contributed by: Admin

    Mac OS XThis started out as a brief overview of how OS X deals with the UNIX concept of a user named 'root.' However, I quickly found that I have to talk about the way OS X handles users in general to cover that. As far as I know, the information here is correct. If you see any errors or inaccuracies, please mention them in the comments.

    Every so I hear someone say "OS X doesn't have a root user" or something similar, and since a lot of my OS X-using friends come from the world of Linux, the question of how OS X handles 'root' is a common one.

    OS X does indeed ship with a root user. 'Root' exists but by default has no password. (This doesn't mean anyone with shell access can become root just by entering 'su -' and hitting return. I don't exactly know if the account is disabled or has a long random password or what, I just know that a) it exists and b) you can't become root with just 'su' and a password.) OS X has two general types of users: admins and regular users. The first user created is an admin. Any users added after that can be made admins if desired. By default, when a new accout is added, it is not an admin. (Non-admin users can have additional limits placed on them, but in general there are just two classes: 'admins' and 'everyone else.')

    The easiest way to know what admins can do is to know what non-admins can't do. Non-admins can only modify files in their home directories. You have to be an admin (or authenticate as one) to add files to or delete files from places like the /Applications/ directory or the root level of the hard drive. There are some other differences but that is the main one.

    As an admin, you can prepend any command with 'sudo' and it will be executed as root. (All admins are automatically able to use 'sudo.') For example, you can restart the Apache webserver with the command 'sudo apachectl graceful.' Every once in a while, this won't work. For example, to add to the /etc/hosts file, issuing 'sudo cat hosts.txt >> /etc/hosts' won't work. For that, you really need to be root. This can be done with 'sudo' as well. Just say 'sudo -s' and you'll be at a root shell. (Note that you can edit /etc/hosts with a simple 'sudo pico /etc/hosts.' It's just that for some reason, adding to it with 'cat >>' doesn't work.) Another trick is to use 'sudo su.' (That's a handy trick to know since some older versions of sudo don't have the '-s' option. OS X supports it, of course, but you may someday find yourself on another computer or router or something that doesn't.)

    If you really, really want to log in as root, it is possible. Just launch /Applications/Utilities/NetInfo Manager, authenticate (Security -> Authenticate), then choose 'Enable Root User' from the 'Security' menu. Give 'root' a password and you can 'su -' all you want.

    If you set your login window to be 'Name and password' instead of 'List of users' you can log into the Finder as root. This is not a very good idea. First of all, OS X treats root as just another admin, so you still have to authenticate to do stuff. It's not like logging into the Finder as root gives you a life free from passwords like it does at the command line. Also, running as root while installing applications can lead to some weird behaviors. Permissions will be strange and apps might not work right when run as other users. Yes, 'ls -l /Applications/' shows lots of things owned by root, but those were apps that were on the box when you first ran it, before any other users existed, and OS X is expecting that. Just take my word for it--applications installed as root might not work.

    Speaking of installations, you should be able to install software as any user--the installer will ask you to authenticate as an admin and then everything should be fine. However, there are some applications where you actually have to be logged in as an admin when you do the installation for everything to work. It's rare but it happens so be prepared. I installed some Photoshop plugins once that were like that. The installer ran fine as a non-admin after authenticating but the plugins themselves just didn't work until I logged in as an admin and re-ran the installer. However, unlike Windows NT/2000/XP, I have never seen an OS X application that required you to be an administrator to run it, ever. And unlike Windows, with it's many levels of Administrators, Power Users, and so on, OS X works just fine with only two levels: admins and everyone else. It's simple and it works.

    OS X, by design, will do everything you need without ever logging in as root, and it's best to use the OS in the way it was meant to be used. If you really, really hate typing 'sudo' all the time, or want to escalate to root from a non-admin account without having to 'su -' to an admin first, go ahead and enable root. But there's no need to.

    When I first started using OS X (10.0.3) I enabled root right away because I came from the Linux world and was just used to it. I did the same on my second OS X box (10.1) because that was the first one I really spent a lot of time with. (Anyone who used OS X 10.0 will know why.) But while in 10.1, I got used to using sudo. All the documentation I read assumed that's what you would be doing and it was easier to just run the commands exactly as they were written instead of becoming root and skipping it. On my next box (10.2) I challenged myself to use OS X without enabling root and it was no problem at all. By the time I got to 10.3 it didn't even occur to me to enable the account. I've been fine without it ever since.

      [ Views: 2051 ]  


    OS X, root, admins, and users | 0 comments | Create New Account
    The following comments are owned by whomever posted them. This site is not responsible for what they say.
    What's Related

    Story Options
  • Mail Story to a Friend
  • Printable Story Format


  • Created this page in 0.30 seconds


     Copyright © 2017 apple.newbox.org
     All trademarks and copyrights on this page are owned by their respective owners.

    Powered By