Heads Up! Set root password or disable root user in macOS High Sierra

Yesterday, 2017-11-28, I saw some pretty bad news around security in macOS High Sierra also known as Mac OS version 10.13.1 where you can access the computer with root user privileges WITHOUT a password.

As you might know I have been running MacBook for a long time but this must be one of the worst vulnerability I have seen.

Anyway, there is an instruction for how to enable/disable root user and also set password for the root user which you can find here. I decided to set a password for root and not disable the account and I expect Apple to come out with a security patch that will disable this option even if you don’t have a root user password.

Below is a step by step instruction with screenshots you can follow to set a root password which is did or simply disable the root account. Instruction is the same for both options, just steps 9 & 10 are different if you decide to disable the root user.

1. Open System Preferences app. I usually open application by pressing the key “command plus space” and type the app name
   
2. Open Users & Groups
   
3. Highlight the “Login Options” and click the Padlock in the bottom left corner
   
4. Provide User credentials
   
5. Click Join
   
6. Click Open Directory Utility
   
7. Click the Padlock
   
8. Provide User credentials
   
9. In the Edit menu select Change Root Password or Disable root user (if root user is enabled)
   
10. Provide root user password
    
11. Click the Padlock (so it is locked) and exit the Directory Utility
    
12. Click the Padlock (so it is locked) and exit the Users & Groups utility