Yesterday, 2017-11-28, I saw some pretty bad news around security in macOS High Sierra also known as Mac OS version 10.13.1 where you can access the computer with root user privileges WITHOUT a password.
As you might know I have been running MacBook for a long time but this must be one of the worst vulnerability I have seen.
Anyway, there is an instruction for how to enable/disable root user and also set password for the root user which you can find here. I decided to set a password for root and not disable the account and I expect Apple to come out with a security patch that will disable this option even if you don’t have a root user password.
Below is a step by step instruction with screenshots you can follow to set a root password which is did or simply disable the root account. Instruction is the same for both options, just steps 9 & 10 are different if you decide to disable the root user.
- Open System Preferences app. I usually open application by pressing the key “command plus space” and type the app name
- Open Users & Groups
- Highlight the “Login Options” and click the Padlock in the bottom left corner
- Provide User credentials
- Click Join
- Click Open Directory Utility
- Click the Padlock
- Provide User credentials
- In the Edit menu select Change Root Password or Disable root user (if root user is enabled)
- Provide root user password
- Click the Padlock (so it is locked) and exit the Directory Utility
- Click the Padlock (so it is locked) and exit the Users & Groups utility
1 pings