Root vs. Administrator

Actually the Admin user does not have root privileges. The "root" user has full access to everything and anything in the OS X system including System files and user accounts. The Admin user does not have access to the System files or the files in other user accounts than his/her own. In order to have "root" user access you must first enable the "root user" password, which is done using the NetInfo Manager. In Unix the "root" user is also referred to as the "superuser."

At the command line level you can temporarily invoke superuser rights by preceding commands with the command "sudo".

Kappy is right when he says that system administrators do not have root privileges, however, certain functions of the OS and installers will temporarily grant "root-like" privileges for the purpose of administering the system. These include force-deleting certain files, and using installers that modify the System Library.

Most users running OS X are "rootless" which means the root account has not been enabled. Your root account has not been enabled, unless you have gone into NetInfo Manager and enabled the root user and given it a root password. On a side note, the short name 'root' has the long name of 'System Administrator' and this account is logged into when booting from the install CD / DVD.

Once you enable the root user, two abilities are enabled that everybody should stay away from unless they really really (no joke!) do know what they are doing. 1) the login window gains a button that says "other" which will allow you to manually log in and operate the system as root, and 2) From any account in the terminal window you can invoke the "su" command once and thereby change over to the root user (within that Terminal window) from that point forward. (this is akin to using "sudo" before /every/ command.

"sudo" grants the same temporary "root-like" privileges to admin accounts, as the installers and OS functions mentioned above.

Even Unix experts who have spent decades on a Unix machine, do not use the root account for their personal account. They have a personal account for everything they want to use the computer for, and then a root account for when they need to actually administer the system. Even then they don't login to root or invoke "su" unless they have a lot of modifications to do and don't want to type "sudu" and give the admin password several dozen times in a row.

It is very easy to break your OS as root, and I would strongly caution anybody considering enabling their root user to be aware of that.

The root password is set in NetInfo Manager

Menu > Security > Enable Root User
or
Menu > Security > Change Root Password

Again, caution is recommended. Enabling root is a bad idea unless you really know what you are doing.

No, that is not the "root" user password. The "master" password is one you use for File Vault if you intend to have your files encrypted. It is a personal security measure. There is also an Open Firmware password that can be set that prevents anyone from accessing the computer by preventing anyone from logging in or booting the computer without it. These are protective security measures. The "root" user password is set using the NetInfo Utility.

Essentially the root user accesses the system through the command line. Technically you cannot utilize root privileges via the GUI, but there are utilities that will allow you to launch applications from the GUI with root privilege. One such utility is called Psuedo (www.versiontracker.com.)

Sudo provides a mechanism for temporary root privileges when working from the command line. Also, if you boot into single-user mode you will automatically be the root user with full root privileges.

There is this document: http://docs.info.apple.com/article.html?artnum=106290. I don't know if there are any other KB articles that provide additional information, although you can search the Knowledge Base if you wish.

If you enable the root user password, you should not use the same password as you do for your Admin account.

Sudo grants temporary root privileges while in the command line and requires only your Admin password. Presumably only the Admin user would likely also be the root user.

Let me expand on the other posts and hopefully answer your questions. Let's start with a basic concept. The root user and only the root user can install system software. When you install OS X, it is installed by the root user. The root account is then disabled (root becomes a non-login user) and the setup process creates the first user who is an administrator. An admin user would be nothing without a special file- /private/etc/sudoers. This file grants admin users the right to become the root user and use all the tools owned by root to administer the computer. Here's a few example in the Terminal application:
<code>
[g5:~] mark% sudo -s
Password:
[g5:~] root#
</code>
The prompt says I'm the root user. Let's confirm this.
<code>
[g5:~] root# id
uid=0(root) gid=0(wheel) groups=0(wheel), 1(daemon), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest), 80(admin)
[g5:~] root# exit
exit
</code>
Sure enough. I'm the root user. Here's another example:
<code>
[g5:~] mark% sudo id
uid=0(root) gid=0(wheel) groups=0(wheel), 1(daemon), 2(kmem), 3(sys), 4(tty), 5(operator), 20(staff), 31(guest), 80(admin)
</code>
Every time I add sudo to a command, I become the root user. Even though root is a non-login user an admin user can become root. Sudo can be expanded using <code>visudo</code> to modify /private/etc/sudoers where you could grant user other than admins to use certain tools within the operating system. I strongly recommend that you do not modify /private/etc/sudoers. Here's some light reading:

man sudo

man sudoers

man visudo

Where it is possible to have root priviledges in the shell environment, the GUI user interface limits this ability. An admin cannot "see" inside another user's folder with the Finder. You can set a special permission bit to run a GUI application as the root user- the SET UID bit. Running a GUI application with the SET UID bit set to root is a security risk and normally should not be done. There are a parts of of the operating system that do run with the SET UID bit set.

So, an admin user is almost the same as the root user. An admin user must authenticate before changing a file they do not own- in other words an admin must think "What am I doing?" Each has the same power.

Enabling the root user doesn't really add an additional security risk from intrusion...unless of course you did something silly like enable remote login and gave root the password of "root" or "user."

The major risk that comes from enabling root, is more along the lines of the user going crazy in the System library. I recently logged in as root to set up the INN usenet server, it made it easier to manipulate the spool files and modify my manpath and modify files in ./etc, but I wound up having to restore hosts after wrestling with setting up my "fully qualified domain name" as Darwin is slightly non-standard in that area. I eventually figured it out, but the point it you don't have to try and mess things up, to actually mess things up.

Another time I logged into root to move /users and /Applications over to ./volumes/raid/ and symlink them back to /. I didn't break anything, but I was nervous the whole time that something would glitch during the movement of 40 GB from one drive to another and I would have to restore from the backup. Another time I logged into root to set up GNOME, Enlightenment and KDE just so I could bounce around to all the users and set up their shell scripts for shutting down the other window managers when switching between them. It wasn't really necessary but it made things a lot easier.

The point to that is, you don't really /need/ to enable root unless you plan on turning some serious wrenches inside the system library, or frequently need to do several things that would ordinarily violate permissions. Personally, I like having root enabled, but then I like to dive in head-first and turn the nuts and bolts of my operating system. I learned a long time ago, that if you are going to be like that, always keep a recent backup of the directories/files you will be modifying. That will prevent many headaches. If you break something, no big deal, just restore it from the backup. The key there is in knowing which modified file caused the issue.

As long as you pick a truly non-trivial password for the root account, you should be OK enabling it, but just remember what I said -- if you are going to jump into the system library, ./var, ./etc, and so on to start modifying the way your OS behaves -- BACKUP BACKUP BACKUP! Being able to restore a file you just modified after the OS forgets what a DNS is, is a lot nicer than having to archive and reinstall your whole OS.

I obviously have not gone into NetInfo Utility to enable the "root", thus setting its password. Is this a security risk?

No. If you do enable the root account use a strong password. For the average user it is unnecessary to enable the root user to be a log in user. For those who wish to be ultra-security conscious, use a normal account for day to day computer use and use an admin account to install software/ maintain the operating system.

Is it possible that w/out my "root" password set I'm susceptible to hack from remote users sharing the same network?

No, again. But P2P software does open your computer up to some vunerabilities.

Basically, should I go into NetInfo just to set the "root" password?

I'll advise against it. If you had your computer set up with multiple user and/or you were using it as a server, it may be advantageous to enable the root account.