Help

Enabling Root

jarednichols
Honored Contributor

Posted on ‎07-02-2009 11:11 AM

Hi-

We're looking at getting Random Password Manager working on OS X (already have it for our windows machines). RPM will spin the root account. Does anyone know how to script the enablement of the root account? Ideally, we'd enable it through Casper and then spin it with RPM.

Thanks

j
---
Jared F. Nichols
Desktop Engineer, Infrastructure and Operations
Information Services Department
MIT Lincoln Laboratory
244 Wood Street
Lexington, Massachusetts 02420
781.981.5436

0 Kudos
Reply
3 REPLIES 3

ktrampe
New Contributor II

Posted on ‎07-02-2009 12:58 AM

Hey Jared, sounds like fun!

I'm pretty sure you can just set the password of root and it will enable the root account.

So, if the admin user ran this script with the desired password as an argument:

#!/usr/bin/expect -f
set rootpw [lindex $argv 0]
match_max 100000
spawn passwd root
expect "New password:"
send "$rootpw "
expect "Retype new password:"
send "$rootpw "
expect eof

It SHOULD enable root with the password specified.

Example, create a script containing the above code called "enableroot.exp" and then run this:

./enableroot.exp ultramegasecret1334p0wneDpasswordgoeshere

Replace that ridiculous pw with yours, of course. :)

Let me know if you get stuck; good luck!
Kerry

P.S. I've attached the scrip to save you some time. :)

0 Kudos
Reply

Not applicable

Posted on ‎07-02-2009 01:51 PM

I believe the 'dsenableroot' command will do what you want.

Clinton Blackmore

0 Kudos
Reply

tlarkin
Honored Contributor

Posted on ‎07-06-2009 07:57 AM

dsenableroot will work on I think 10.4 or later but please be warned
anything you put in a script, like a password will be stored in the logs
in plain text. Trust me this is not a good idea, and even if you think,
oh my users will never thumb through thousands of lines of a log file
and try everything that may look like a password, then you have never
met a high school kid with too much time on their hands.....

I think you would be best wrapping this up in an application and then
deploying it, so the only thing the log file says is the PKG was
installed successfully.


Thomas Larkin
TIS Department
KCKPS USD500
tlarki at kckps.org
blackberry: 913-449-7589
office: 913-627-0351

0 Kudos
Reply