Scripting enabling root or disabling root on Mac OS X

If you want to script enabling or disabling the root account in Mac OS X (instead of having to go to Directory Utility to do it), you’ll want to use the dsenableroot command.

Enable the root user

dsenableroot -u adminaccount -p adminaccountpassword -r rootpasswordyouwant

Disable the root user

dsenableroot -d -u adminaccount -p adminaccountpassword

Important Notes

Just keep in mind that you have to use the syntax as given. You cannot bypass giving an actual username and password of an admin account by being logged into that admin account and prefixing the command with sudo.

Any commands you put into the terminal on a computer, by default, will go into that user’s .bash_history file stored as plain text. So if it’s one-off on a local computer, be sure to edit that file later and delete that line. If you’re using some other remote way to deploy the command, make sure it’s being sent over a secure (and protected) connection of some sort.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.