Several computers losing admin rights on all accounts including root

Question

Level 1

9 points

Several computers losing admin rights on all accounts including root

At my workplace we have several OS X computers, and recently several of them seem to be spontaneously losing admin access from any account. I've tried to delete .AppleSetupDone to create a new admin user and that account only has standard rights. I've gone into single user mode, activated root by setting the password, logged in as root, and although now it allows me to unlock and make changes to the Accounts system preference, when I check Allow user to administer this computer, the computer automatically unchecks the box.

I've run out of ideas. Anyone know what this could be?

iMac, Macbook Pros, Mac OS X (10.6.7)

Posted on Apr 7, 2011 11:01 AM

Reply

Answer 1

Best reply

Kappy

Level 10

361,741 points

Apr 7, 2011 12:38 PM in response to archer823

I have several snippets possibly related to the issue:

I lost my admin user (OS X 10.5)

If you are unfortunate enough to delete your only admin user, or remove his admin capability, then as long as you have another user with login capability, you can give that user admin rights as shown below.

Print this post out in a mono-spaced font, and type carefully, paying attention to spaces and punctuation, since you cannot copy/paste in Single User mode.

Caution: in single user mode you have root privileges. Be careful! Substitute the name of 'youruser' below.

Boot into single-user mode which will eventually get you to a shell prompt (ending in #). Then type the following (Press RETURN after each command):

/sbin/fsck -fy

Repeat the above until it says your disk is OK. Then continue with

/sbin/mount -uw /
/usr/bin/dscl . -merge /groups/admin users youruser

If you get a message saying "invalid path", then type these two commands first:

/usr/bin/dscl . -create /groups/admin gid 80
/usr/bin/dscl . -create /groups/admin passwd '*'

and then repeat the "dscl ... -merge" command. Then:
reboot

You will now be able to login as 'youruser' and have administrative privileges.

Membership of the 'admin' group is the only thing that distinguishes administrative users from ordinary users.

Cannot make any user account an admin account

If the directory services entry for the admin group gets corrupted do the following:

Log in as the "root" user. Open the Terminal and paste in the following commands. Press RETURN after each:

rm /var/db/dslocal/nodes/Default/groups/admin.plist
cp /System/Library/DirectoryServices/DefaultLocalDB/Default/groups/admin.plist /var/db/dslocal/nodes/Default/groups/admin.plist

Restart and again log in as "root." Open Accounts preferences in System Preferences, select your default user account and make it the admin account.

Credit goes to forum member, biovizier, for this solution.

To enable the "root" user see Enabling and using the "root" user in Mac OS X

Restore admin user status.

If your admin user loses admin status for whatever reason (and it has happened to a few people), and you do not have a second admin account, then try the following:

Boot into single-user mode. At the prompt enter:

mount -uw /
nicl -raw /var/db/netinfo/local.nidb -merge /groups/admin users your-username-here

Press RETURN after each command.

To restart in OS X enter:

reboot

I recommend you write down these commands in a monospaced font. Be sure to carefully note where there are spaces in the command line.

And, here are some related links: I lost my admin user (Mac OS X 10.5); OS X 10.5- Administrator user changes to standard; and, Problems with lost Admin account.

Reply