How to Enable the "root" Account on Mac OS X
8 August 2012
Detailed Method using NetInfo Manager
These instructions allow you to enable the "root" account, or to reset
the password for any user, not just "root".
This only works for Mac OS X 10.4 or earlier, because
NetInfo Manager was removed after that.
To disable the "root" account, or any user account, follow the
directions above to edit the "user" map with NetInfo Manager, and put
a "*" in the passwd field.
If you so desire, you can first verify that the "root" user
account is indeed locked.
One way to do this is to get a shell prompt by running the Terminal
application, found at
Macintosh HD -> Applications -> Utilities -> Terminal
At the command prompt type this command:
% nidump passwd .
(Don't type the "%" - that represents the Unix command prompt.
And don't forget the "dot" at the end, which indicates that the "password"
map to be dumped to the screen is the one on this machine, not the
password map from a remote server.)
You should see a line like this:
The "*" is where the encrypted password for the user would normally
If the "root" account has a "*" then it is not possible for a user to
To remove the "*" (or any old password) you can run the
NetInfo Manager application, which is also in the Utilities
Macintosh HD -> Applications -> Utilities -> NetInfo Manager
With "/" in the left column select the "users" map in the
second column and click on the ""root"" user.
Click on the lock icon at the bottom of the window marked "Click to
Enter the administrative password as prompted.
You are now free to make changes to the users map.
Find the "passwd" property and double click on the value field
to alter it (it should contain just the "*", or possibly an old
Delete the "*" and make sure there are no spaces left in the value
You cannot simply enter a new password here, because Unix stores
an encrypted version of the password in the user database
You will need to use the passwd command (step 7 below) to
enter a new password.
Pull down the "Domain" menu from the top bar and select
Confirm that you really want to make the change.
At this point your computer has the root account enabled with no
password, which is very dangerous.
Get a shell prompt (from the Terminal application, as
described in step 1 above).
Enter the command:
% su root
(Don't enter the %, that represents the Unix command prompt.)
When prompted for the password, just hit "return".
Then add a password with the `passwd root` command, like so:
# passwd root
Changing password for root
(Don't enter the #, that is the root command prompt on Unix.)
The password you type won't be printed on the screen, which is why
you are asked to type it twice for verification.
Be sure to pick a good password for the "root" account.
If your computer is connected to the Internet is may be possible for
someone to get in to your computer as "root" if you have a weak
Some useful guidelines for picking a good (or bad) password may be
Log out and log in as the "root" user to verify that it worked.
If the login screen shows a list of users it won't show the
"root" user so you will have to select "Other".
It's very useful for the "root" user to have the Terminal application
always in the Dock.
Here is how to do that:
First, start up the Terminal application
(Macintosh HD -> Applications -> Utilities
Hold down the "control" key as you click on the icon of the
Terminal application in the Dock.
A menu will appear. Select the item "Keep In Dock".