10.13.2 supplemental update & root account

Ryan Schmidt ryandesign at macports.org
Thu Jan 18 06:15:00 UTC 2018


On Jan 16, 2018, at 03:13, Bjarne D Mathiesen wrote:

> Ryan Schmidt wrote:
>> 
>> Using the root account is not recommended; you should use an admin account instead.
>> 
>> If you must use the root account, and you have no admin account with which to enable it the normal way, you can apparently enable it in single user mode:
>> 
>> http://sachinparmarblog.com/enable-root-user-password-in-single-user-mode/
> 
> The issue is not whether or not I'm using the root account or not ;
> neither how and why I'm using it on my boxes - that's purely my own
> business ; and -frankly- please stay out of that !

This is a public email list with archives that users may refer to for guidance in the future. I didn't want some user to read this thread and wonder: "Wait, I don't use the root account... should I?" I wanted to make sure that everyone who reads this thread understands that we do not recommend enabling the root account. 


> So far, none of you have netiher referenced or nor commented on the
> _REAL_ issue which is Apple de-activating the root account in a
> supplementary update when they -in my opinion- shouldn't do that :-(

I don't know Apple's motivations for doing that.

Recall however that there was a bug in High Sierra where a disabled root account could unexpectedly become enabled. The 2017-002 security update which fixed that problem also disabled the root account, in case it had become enabled due to that problem.

Apple's description of the 10.13.2 supplemental update doesn't mention this, but perhaps Apple discovered a second method by which the root account could become enabled, and addressed that second issue in the supplemental update, and again disabled the root account in case it had inadvertently become activated. Or maybe they're just including the root-disabling code in several updates from now on, in case the user installs one but not the other, since Apple probably wants to make absolutely certain that a root account is not enabled when it should not be.

In any case, we're not Apple, so all we can do is speculate.




More information about the macports-users mailing list