When you make a new user account in OSX the highest level of permissions you can assign it is Administrator. While this is the highest set of permissions you can assign someone, it’s not the highest set on your machine. There is an account that works above the regular user accounts and can view all content on the computer, no matter what the individual users have set their security at. This is known as the Root, or Super User. If you have a system-level issue or if you need to edit another user’s account, the Root account can come in very handy. Check out the steps below to learn how to enable the Root account in OSX.
Warnings and Preparation
Warning: Before going any further, it is worth mentioning that the Root account can be very dangerous, as it has no limits to what it can do. This is the most powerful UNIX account, which means it can edit any user, delete any file, and change any setting. Use the Root account only when necessary and never use it as your main account.
With that in mind, it’s easy to see why Apple chose to hide the Root account from everyday use. Before you learn how to use it, you need to learn how to enable the Root account in OSX. These steps involve restarting your machine, so you should probably open this page up on your phone, tablet, or another machine while you’re completing the steps. Bookmarking it wouldn’t hurt, either.
Note: These instructions are written using OSX Mountain Lion, but they are nearly identical for previous versions.
Enabling The Root Account In OSX
1. First, click on the Apple menu > System Preferences. Once this loads, click on Users and Groups.
2. Next, click the lock icon in the bottom-left corner to unlock the pane, using your administrator username and password to authorize.
3. With the pane unlocked, click on Login Options, then click the Join button next to Network Account Server.
4. In the window that appears, click the Open Directory Utility button.
5. Click the lock icon in the Directory Utility to unlock the pane, using your administrator username and password.
Note: You should be noticing that Apple keeps making you verify your username and password. This is their way of making it as difficult as possible to enable the Root account and to protect you from basically messing something up. Fear not, for as long as you follow the instructions you’ll be perfectly safe.
6. With the Directory Utility pane unlocked, click on the Edit menu and select Enable Root User.
7. You now get to choose a password for the Root account. Make this a good, unique password. Here is a great article from Apple on making sure you’re using secure passwords.
With this step complete, you can close the Directory Utility and go back to the Users and Groups pane. Here, make sure Automatic login is set to Off, so you have the chance to enter the Root user account. For the User ID, enter Root and for the Password, enter the one you just created in step #7. Once the account loads, you will see a new account; with the only difference being this one can control everything.
Warning: You may want to go poke around in other user’s accounts to see their contacts, desktop, pictures, etc.. but don’t. Only use the Root account to do the specific actions you need to then immediately log out. This will save you from making a mistake that can’t be undone.
So What Can You Do With Root Access?
For starters, this is a great way to move files from a user’s account that you can no longer access, as well as moving from one user account to another. If you’re changing from one user account to another one, it’s way quicker to transfer your important files this way instead of moving them to a hard drive first, then back to the new account.
If you need to delete files from a user that’s no longer using the system (think ex-boyfriend or girlfriend) this is useful as well. Basically logging in as Root gives you a free pass to go anywhere in your Mac and do anything.
The Root account in OSX is very useful when you need it, but those times should be few and far between. Most of the time using a sudo command in Terminal will get the job done just as easily, but since most people are scared of using the command line, enabling the Root account is a great way to go.