I am Root!

By Michael Gregory On In Tech Tips

ROOTheader

If you’re at all tapped into news, you’ve likely heard by now that the latest version of MacOS has a very bad bug, which allows anyone on your machine to log in as “root” without a password. But you may not be fully aware what root is, and how this bug came about in the first place.

A Brief History of Root

Unix

One of the oldest surviving operating systems is Unix. Unix is unique from Windows in that it treats everything like a file. Folders are just files that point to other files. Devices? Those are files that you run commands on. In addition to everything being a file, everything has permissions. Most things can’t be touched by standard users (as they could screw up the system with a typo). But there is one user that has full control in a system, and that user is ‘root.’ The root user can give other users permission to do things, but in general root is the user with the ability to change anything or run any command.

Apple and Unix

Starting with OSX, Apple abandoned their older systems and rebuilt it all on top of Unix. They implemented many new features with a shiny interface, but Unix remained its core. (Ever wondered why you have to drag a CD to the trash to eject it? Because it’s a file!). Apple decided that users didn’t need to be root, and so they disabled it, and allowed you to make an administrator user when you set up the Mac, and then that user can make others if needed.

This was, of course, until the recent High Sierra update. Some line of code reactivated the root user. Unfortunately, Apple didn’t give the root user a password, which is why you can suddenly log into any updated Mac with the username of “root” and no password.

This sounds really bad! How do I fix it?

Thankfully, it’s really easy to change the password:

  1. Open System Preferences
  2. Click the lock and enter a user with administrative privileges (If you’re the only user, that means you’re an administrator!)
  3. Click on “Login Options” and then Join or Edit.
  4. Click on “Directory Utility” and then the lock and enter your username and password again.
  5. Choose “Edit” then “Enable Root User” and give it a really long, gibberish password. I sometimes use [https://www.random.org/passwords/?num=1&len=24&format=html&rnd=new](Random.org) to create really good ones.
  6. Choose “Edit” then “Disable Root User” and it should be newly secured.