12.10. Permissions

 <  Day Day Up  >  

12.9. The Root Account

An administrator's account isn't exactly a skeleton key that gives unfettered access to every corner of the Mac. Even an administrator isn't allowed to remove files from the System folder or other files whose removal could hobble the machine.

It turns out that Standard and Administrator aren't the only kinds of accounts. There's one account that wields ultimate power, one person who can do anything to any file anywhere . This person is called the superuser .

Unix fans speak of the superuser account ”also called the root account ”in hushed tones, because it offers absolutely unrestricted power. The root account holder can move, delete, rename, or otherwise mangle any file on the machine, no matter what folder it's in. One wrong move ”or one Internet hacker who manages to seize the root account ”and you've got yourself a $2,500 doorstop. That'S why Mac OS X's root account is completely hidden and, in fact, deactivated.

There's another reason this account comes turned off: You can enjoy most root-like powers without actually turning on the root account. Here, for example, are some of the things the root account holder can do ”and the ways you can do them without ducking into a phone booth to become the superuser:

  • See the thousands of crucial system files that Mac OS X ordinarily renders invisible . Of course, you can also see them easily by using the freeware program TinkerTool (see Section 18.1). You can also use the Terminal program as described in Chapter 16.

  • Manipulate the files within the System folders Library folder . In general, you'd be nuts to try. The numero uno virtue of Mac OS X is its stability ”its System folder's invulnerability to change. Sure, you can mess around with its contents, but if you really wanted a crash-prone machine, you could have stuck with Mac OS 9.

  • Peek into other account holders' folders (or even trash them) . You don't have to be the superuser to do this ”you just have to be an administrator who's smart enough to use the Get Info command, as described on Section 12.10.1.

  • Use powerful Unix system commands . As you'll discover in Chapter 17, some of the Unix commands you can issue in Mac OS X require superuser powers. As you'll also find out in that chapter, however, there's a simple command ”the sudo command ”that simulates root powers without you actually having them. Details on Section 17.1.5.1.

Treat the root account, in other words, as you would one of those "Break glass in case of fire" boxes. If you know what you're doing, and you see no alternative, you might be glad the root account is available. System-customization freaks who enjoy editing, say, the look of window title bars may need to enable the root account. And certain pre-Tiger software installers , like the one for Palm Desktop 4.1, won't install correctly except when you're using the root account.

You can turn on the root account in any of several ways. One of them involves typing a Unix command or two (Section 17.2), but the technique most people use goes like this:

  1. In your Applications Utilities folder, open the NetInfo Manager program. Click the tiny padlock in the lower-left corner of its screen .

    A dialog box asks you for an administrator's name and password. After all, you wouldn't want ordinary underlings fooling around with the superuser account.

  2. Type your name and password, and then click OK .

    You're in. (If you're not an administrator, then you probably shouldn't be using the root account.)

  3. Choose Security Enable Root User .

    If this is the first time you've performed this particular surgery, you'll be told, "The root password is currently blank." You're then asked to make up a "nontrivial" (meaning virtually impossible for anyone to guess) password for the newly created root account.

  4. Click OK and then type the password in both of the bottom Password boxes. Click OK two more times .

    The second dialog box simply tells you that if you intend to make any more changes in NetInfo Manager, you'll have to sign in as an administrator again . But your work is done here.

  5. Quit NetInfo Manager .

    You've just brought the dormant root account to life.

  6. Log out. Log back in again as root .

    That is, when the login screen appears, click Other User (a choice that magically appears once you've turned on the root account). In the first text box, type root . In the second, type the password you made up in step 4. Click Log In.

That'S it ”you arrive at the desktop, where no matter what you do, no error messages regarding access privileges or ownership will interrupt the proceedings . In the words of every movie hero's sidekick: Be careful out there.

When you're finished going about your business as a root user, immediately log out again. It's important to rule out the possibility that some clueless or malicious person might wander up to the Mac while you're still logged in as the superuser.

In fact, if you don't anticipate needing your superuser powers again soon, consider turning off the root account altogether. (Just repeat steps 1 and 2 on the facing page. In step 3, choose Security Disable Root User.)

 <  Day Day Up  >  


Mac OS X. The Missing Manual
Mac OS X Snow Leopard: The Missing Manual (Missing Manuals)
ISBN: 0596153287
EAN: 2147483647
Year: 2005
Pages: 506
Authors: David Pogue

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net