Specifications
Managing the Root User Account
You can use Directory Utility (located in Accounts preferences) to manage the root
user account by enabling or disabling the root user. If you enabled the root user
account, you can also use Directory Utility to change the root account password.
To learn more about managing the root user account using Directory Utility,
see the following:
“ Â Enabling the Root User Account” on page 12 4
“ Â Changing the Root User Account Password” on page 12 5
Enabling the Root User Account
You can use Directory Utility to enable the root user account. If you enable the
root user account, use a complex password that contains alphanumeric and special
characters, to prevent the password from being compromised.
WARNING: The root account is an unrestricted administrator account used to
perform changes to critical system les. Even if you are logged in as an administrator,
you must still use the root account, or
sudo, to perform critical system tasks.
Never use the root account to log in to a computer (remotely or locally). Instead, use
sudo to perform root tasks. You can restrict access to sudo by adding users to the
/etc/sudoers/ le.
For more information about the root account, see User Management.
To enable the root user account:
1 Open System Preferences and click Accounts.
2 If the lock icon is locked, unlock it by clicking it and entering the name and password
of an administrator.
3 Click Login Options, then click Join or Edit.
If you see an Edit button, your computer has at least one connection to a directory
server.
4 Click Open Directory Utility.
5 Choose Edit > Enable Root User.
12 4 Chapter 7 Managing Directory Clients Using Accounts Preferences