Enabling root on a Mac which hasn’t gone through macOS Catalina’s Setup Assistant
On certain occasions, it may be necessary to configure settings on a Mac which has not yet gone through Apple’s Setup Assistant. This process usually involves enabling the root account and setting a password for it, since no user accounts with admin rights exist yet. For more details on how to do this on macOS Catalina, please see below the jump.
To enable the root account and set a password for it, use the procedure described below:
1. Start up the Mac into single-user mode.
2. Mount the boot drive’s writable volume using the following command:
/sbin/mount -uw /System/Volumes/Data
3. Launch the opendirectoryd process using the following command:
launchctl load /System/Library/LaunchDaemons/com.apple.opendirectoryd.plist
4. Enable the root account using the following command:
passwd root
5. Set a password for the root account when prompted.
6. Reboot the Mac using the following command:
reboot
Once rebooted and back at Setup Assistant, you can open the Terminal by pressing the following keys on the keyboard:
CTL + OPTION + CMD + T
Once Terminal opens, run the following command to switch to using the root user account:
su root
When prompted, enter the password you had earlier set for the root account.
Once your need for using the root account has ended, I strongly recommend disabling the root user account. Apple has a KBase article which describes how to disable the root account, available via the link below:
How do you do that in single-user mode on a Retina Mac, where verbose output text is so small due to the high resolution? You actually need a real magnifying glass to read it. Is there maybe an NVRAM hack to reduce the resolution?
Macs with the T2 chip cannot boot into the classic single-user mode. Command-S results in the same outcome as Verbose mode. In macOS Recovery mode, both volumes are already mounted and the opendirectoryd service is already loaded.
The passwd command cannot be used in this mode. Instead, the dscl command must be used.
dscl -f /Volumes/Macintosh\ HD\ -\ Data/private/var/db/dslocal/nodes/Default localhost -passwd /Local/Default/Users/root
I have once successfully booted into single-user mode on my 2018 MBP which has a T2. But (as far as I recall) you need to disable all startup security, and also the firmware password. I might have booted into SUM when I hadn’t yet set up my FileVault password yet, so it’s possible you also need to disable FileVault first, if you need to boot in SUM.
Thank you, I had the exact same problem on Catalina and now everything is well! 😀
you can enable it without single user mode with the cmd dsenableroot
from my user account I typed:
> sudo passwd root
and entered a password and boom done.
@Nauga that works for enabling root but do you know how to do the reverse and turn it off when done. Im looking at a way to update macOS before the setup assistant has completed by enabling root, updating and then turning off root afterwards. So far i haven’t worked out how to do it.
bro thankyou very much for your guide.
you save my life❤️
A bit unrelated question maybe, but, on a Mac used by just one person, do you gain any security advantages by having one admin account and one user account, or should you just go with the one admin account?