Two ways to enable the root user in OS X
While rarely needed, the root user can be enabled to give full and unrestricted access to an OS X system for troubleshooting purposes.
Besides the user account you use to log into the system, OS X contains a number of other accounts, most of which are hidden, but are used for running specific background tasks and system features. One of these accounts is called the "root" account, which is the main overarching system account that has unrestricted access to all system resources. Most of the system's background tasks are run under the root account, as can be seen if you open the Activity Monitor utility and choose "All Processes" from the View menu.
When a program or process is run under the "root" account, it will not be restricted by the permissions settings that prevent a normal user account from accessing potentially critical parts of the system. Where you might normally be met with an access warning, the root account will not and will be given direct and full access to all aspects of the system.
Because of this, the root account can be used to make system-level changes, that would otherwise require you to run special commands in Terminal, or otherwise authenticate when running within your user account. If you are in a situation where you might need to make extensive changes to your system, enabling and logging into the root account might make these changes far easier to do, and you might be specifically instructed to use this account by the troubleshooting resources you are using.
You can use two methods to enable and use this account in OS X:
- Directory Utility
The tool "Directory Utility" that is relatively hidden in the Macintosh HD > System > Library > CoreServices folder, is the default way to enable the root user. Go to this folder and open the program, then click the lock to authenticate. After you have done this, you can choose "Enable root user" from the Edit menu. - Terminal
The OS X Terminal application is more readily available than Directory Utility, and can be used to enable the root user by running the following command:
dsenableroot
After you have run either of these two options, you can log out of your account and use "root" as the username of an account to log into. This will then log you in with /private/var as your home folder (instead of a folder within the /Users directory), and you should be able to navigate the entire hard drive and make changes to files and folders without restriction.
Keep in mind that while the root account has this convenience, its unrestricted status makes it a dangerous account to work in, especially since programs and tasks you run might make changes to the system that would otherwise require interaction and authentication. While for the most part simply running in the root account will not be much different, if an application run in this account goes awry, then root access for this program can increase the chance of data corruption and other problems that could affect the system.
Normally the root account is kept restricted, and root access is only granted on a per-process basis via Terminal using the "sudo" command. For most instances, this is the method that should be used for granting root access, but on a rare occasion you might find an extensive troubleshooting routine may be easier from within the root account, in which case you can use the above methods for enabling and using the root account.
Questions? Comments? Have a fix? Post them below or
e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.