Root as Primary Login: Why Not?

A user writes, "I help moderate a forum dealing with Mac OS X, and I'm having an awful time convincing a fair portion of our readers that logging in as root all the time is a Really Bad Idea. Worse, though, are the ones who try to convince others to log in as root all the time, claiming it's 'more Mac-OS-9-like,' or saying 'it's not really more insecure,' or even that 'a firewall should deter hackers pretty well.' I know all the standard arguments, but they're not working out. Does anyone here have some real-world anecdotes that I can point to?"

OS 9 like? Nope.

[jasonwileymac.com]

"...claiming it's 'more Mac-OS-9-like,' "
Nope. Not at all. OS 9 has the same level of protection for itself that OS X does, it just works a bit differently. Tell your friends to try this... In OS 9, drag your System Folder to the trash. Go on, do it. Whupps - you can't. Why? Because you don't have 'permission' to. You can only do it if you boot from a different source, like a CD or another volume. Unix does this far better than OS 9 could, but it's basically the same idea. Logging in as ROOT lets you do anything you want. Toss your kernel? SURE!!! No problem! BAD idea. I feel that if someone doesn't know why they shouldn't be root, that alone is reason enough for them NOT to be.

Re:You don't log in as root in macosx

[Phroggy]

For the old unix hacker it looks like you're logging in as root, but that's not really the case. At install time the system creates two users, both have the same name and the same password!

Um, no. This may have been true in pre-release versions, but in 10.0 and later, only your regular non-root account shows up in System Preferences. The root account doesn't have your name on it, and the encrypted password is set to "*" meaning logins are disabled altogether.

One is just a user, the other is root. In previous versions ( i haven't tested it lately) you could change the password of one but it wouldn't result in a password change of the other (which gave alot of headaches).

They are not the same account, so changing a user password will not change the root password, and vice-versa.

Now if you log in you're the normal user, and you can't do anything really dangerous. You need su (which needs to be activated, it isn't possible by default) or sudo to do something as root. Also when you're doing an install that requires root the installer will ask for a super user.

If you're an Administrator, you do have write access to the contents of /Applications and /Library, just not /System. The reason su doesn't work by default is, root doesn't have a password by default. However, any Administrator can run any command as root with sudo - for example, "sudo tcsh" will get you a root prompt.

In both cases you use your own username and password (if your user is created at startup). So If somebody sneaks behind my computer when I'm gone to do something else, they can't really do anything dangerous. They would still need a password!

If you're doing something that actually requires root privaleges, such as changing system settings or installing software, you must authenticate as an Administrator, even if you're already logged in as an Administrator. If you type "sudo tcsh", sudo will prompt you for your password. It's an excellent system.

You can make more users if you want without any rights (that's easy), but the system works better than it looks because you don't log in as root!

What?

You can if you want to btw. The password of root is the same as the password of the user.

As I said before, this is wrong. As I recall, the Public Beta set the root password to the same as the user password at install time; the final version didn't do this.

If you do want to enable root logins, there are three ways to do it:

A) open NetInfo Manager, click the padlock icon, authenticate, then go to select the Domain/Security/Enable Root User menu item

B) open NetInfo Manager, click the padlock icon, authenticate, browse to /users/root, and change the value of the passwd item to an encrypted password

C) open Terminal, type "sudo passwd", authenticate, and set a root password.

It does nail down the importance of good passwords which is something that alot of macusers are new to.

I set my system to automatically log me in at boot time, so it doesn't nail down anything.