Help

Determining if the Root Account is Enabled or Not

dstranathan
Valued Contributor II

Posted on ‎06-01-2016 07:32 AM

Anyone know if a down 'n dirty way to determine if the root (AKA "System Administrator") account is enabled or not?

0 Kudos
3 REPLIES 3

dstranathan
Valued Contributor II

Posted on ‎06-01-2016 07:37 AM

Oops, looks like I found some info...

https://jamfnation.jamfsoftware.com/discussion.html?id=2595

This does the trick quite nice.

if dscl . read /Users/root | grep -q AuthenticationAuthority; then
    echo "<return>Enabled</return>"
else
    echo "<return>Disabled</return>"
fi
0 Kudos

mm2270
Legendary Contributor III

Posted on ‎06-01-2016 07:43 AM 

dscl . read /Users/root Password

If root is enabled, the above will return something like:

Password: ********

(meaning it has a password)

If its not enabled, it will return something like:

No such key:

You could probably build an Extension Attribute using the above information to report on root enabled/disabled state.

If you need to take it a step further, look into the dsenableroot command to disable it (or enable it if you need to)

0 Kudos

easyedc
Valued Contributor II

Posted on ‎06-01-2016 10:49 AM

Here's the EA I am using (that I'm sure I lifted from someone else!)

#!/bin/bash
rootCheck=`dscl . read /Users/root | grep AuthenticationAuthority 2>&1 > /dev/null ; echo $?`
if [ "${rootCheck}" == 1 ]; then
echo "<result>Disabled</result>"
else
echo "<result>Enabled</result>"
fi