You can, but the functionality is a little buried in System Preferences.
A root account can access everything. Only enable root if you have a specific reason to, however. The root user can access almost everything—at least, everything not protected by System Integrity Protection —which is a lot of power.
You will be asked to create a new root password; make sure you create a strong one that you can remember. By logging in as root. Go ahead and click that. Don't you want to do your administrative tasks graphically? Or be able to launch applications in privileged mode graphically rather than sudo the bundle's executable from the Terminal?
How do you propose to achieve these things without running Finder, Dock and status bar items as root? I didn't yet see a reason to enable root account on my machines, but I can easily see how IT professionals may find it handy. As for security, how exactly is this different from a regular administrative user. Top tip: If you think you need root access, you've been misinformed.
As other reasonable users have already noted, pretty much anything someone may have you told you required root can actually be done just fine through sudo.
If someone is suggesting that you need root, get a better second opinion. It wasn't the recommended way to do it in Mac OS X The recommended way was to simply create a new user with the right short name and copy everything across from the old home directory to the new one.
Note that, all the method saved you was doing the copy - you had to do a rename instead. Note also, that you could do exactly the same stuff with the terminal and sudo. Since I cannot find anything recommending a file copy method which could take forever for a large directory, and not be able to fit, and perhaps have some permissions issues I do not really think you have made your case very well. In any case, I just saying that some actions were simplified by having a root account that could be logged into.
I think there are some other Apple instructions for Server that also recommend enabling the root account. Of course disabling the root account after it has been used to do whatever one needed is probably wise. Does single user mode work without enabling root? It was always my understanding that it would not. There are times when being able to boot into single user mode is not only helpful but required. One of my reasons for enabling root is to allow my father, who lives out-of-state and has difficulty with complicated computer tasks, an easy method to back up his home folder.
After logging out of his normal user, he logs in as root where he has a "burn folder" on the root desktop that contains an alias to his home folder. He just right clicks and chooses the "burn" item to commit his entire home folder to DVD-R that he can file away in his safe deposit box. Yes, he also has an external Time Machine disk, but that is no substitute for cheap, easily managed, self-contained backups to keep off-site.
I have no doubt there are a number of other ways to accomplish the same task, but I'm equally sure none are as simple and reliable. Since he's logged out as his normal user, all his files--especially his FileMaker databases--are certain to be in a closed, consistent state.
Since he doesn't log into root for any other reason, he doesn't stay in root for any longer than it takes to back up, and he doesn't perform any other tasks while in root, I genuinely don't worry about him breaking something. For that matter, I honestly don't understand the great panic about anyone enabling root. Sure, it's marginally easier to accidentally break the system while logged in as root, but if all one really cares about is in his home folder, root is no more of a threat than one's own non-root user. After all, the OS and apps can always be reinstalled if they get hosed.
On the other hand, if the bogeyman is the risk of infection from trojans, worms, viruses, etc. The bottom line is that sometimes root is simply convenient. Sometimes we grown-ups can accept a little risk for a little reward and we have backups. We'll be OK. Having written an uncountable number of scripts in a number of languages, I'm keenly aware of the fragility of even the best written of them.
For example, from the top of my head: Easier for him? When does he insert the disc? When is it finished? Does he have to boot up without logging in and wait for something to happen? Does he have to log out and wait for something to happen? Do it get triggered upon the insertion of a disc while logged out?
What if the burn fails? What if he inserts a non-blank disc? What kind of feedback does he get that the disc was burned correctly and that it contains all of his files and is completely up-to-date? Easier for me? Do I have to write and debug the script and launchd plist? What if a bug in my script goes undetected and leaves some files uncopied or doesn't properly update the pre-burn mirror directory leaving stale files?
What if the scheduled time for the mirror or burn becomes an undesirable time or if he wants to backup at another time? How should I handle all the possible errors or a bad burn?
Do I also have to write and debug a script that programmatically confirms that all files are backed up and up-to-date? If the burn fails verification, it will tell you and you can try again. It if succeeds, it will tell you that, too. It's clear you think this is simpler, and it's clear it's a system that works for you, so fine. Would I recommend it to someone else? For one, I'm picturing your dad's safe deposit box filling up with dozens or hundreds of old CDs that will never be looked at again There is a vast difference between choosing to do something because it works for you, and suggesting it as a course of action for others.
You'll be asked for the admin password, then you'll have to set a password for the root account. When you're finished, the root account is now. [robg adds: I've not had the root account enabled since the earliest days of OS X. If you do need to enable it, though, Terminal provides a.
Heck, I've gotten by for years with my laptop swinging around on the back of my motorcycle, but I'm not about to suggest that carrying a laptop that way is generally innocuous. I don't see any sense in trivializing the risk any more than I see in aggrandizing it. Your system works though I still think it's overkill - a normal administrator account could do the same thing - possibly even a burn folder within his own account - unless there's something absurd in your father's home directory , and I don't argue with success.
But I still think a cautious approach is a better approach when it comes to security. To enable root in terminal, Try "dsenableroot". You wil be prompted for your password and then what you want as root password and then a confirmation of the root password. Right, I've changed the commands. Anonymous says: Jan 21, PM. After a restart it also changed automatically the ownership of the user's files? Or would this only change the user-id and nothing more? Thanks for any hints …. I doubt that this will work, but I haven't checked.
Feel free to try and report back :. Anonymous says: Feb 11, AM. No, it's not sufficient. Anonymous says: Oct 03, AM. No problems here, but of course you should have an clone or a backup of your system and user stuff. This is a great manual!
These steps are:. My Mac Mini is a late running In the evnt that I want to disable it for some reasons, can I? System Integrity Protection can only be disabled either wholly or partly from outside of the system partition. You should disable the root user after completing your task.
Since I wanted to have my System and Accounts on the SSD, but the working files "data" on the old drive, this was a real pain. I didn't want to get rid of all user stuff on the old drive either, to have a fallback in case there were issues with the new SSD. At least for the main issues I'm now really happy.