Lost root user

grecopj
Contributor

Hi all,

This is a strange issue that has come up. It seems the root user on almost half of my lab machines has vanished. I am also getting when I check the permissions on the HD, "fetching" when I am logged in as a admin user. The machines that are good show staff as the user. This seems to be preventing me from installing a simple piece of software called Insight from Faronics. It goes through the install but nothing gets installed.

If I start up with command + R and go to terminal and type resetpassword, I am only seeing my admin users for that drive, no root user. Thought resetting ACLs would fix.

If I go to Directory Utility and go to enable root user, disable is shown and I am not able to disable or enable root.

I have gone to terminal to try and add root via the dsenableroot command but that fails as well as trying to disable.

What is puzzling is that I have machines that were imaged the same way and are fine. They all show the root user. I have been also able to install all my adobe apps without an issue up to this point.

Any suggestions? All machines are running 10.11.5. tried updating to 10.11.6 but that does not help.

Semester starts Monday so panic mode is starting to set in.

Thanks,
Pete

5 REPLIES 5

bkramps
New Contributor III

@grecopj Seems like this could be filesystem corruption and/or wrong permissions. I don't think OSX would be able to function without root but you can check for the presence of the account easily. If you can run any command with sudo, then root exists. Running "sudo whoami" will return root. You can also just run "id 0" as a non-sudo command and that should return root and all of its groups.

It seems like you already ran a First Aid on the disk. But you can try using the diskutil command line option with sudo to verify and repair the disk.

Honestly, I am not sure how much time and how many machines you have, but reimaging maybe your best bet. I don't know if I would trust an install that has been so finicky, even if disk repair does work.

grecopj
Contributor

Brian,

root does exist. I ran the sudo command whoami and it came back root. What's strange is that I don't see root as a user when I boot up under restore and try the reset ACL's for root. I see it on a good machine but not one that is exhibiting this behavior.

I could see if it was a couple of machines but I have a least one lab of 24 that they all have this issue and another lab that has about 9 machines out of the 24. One lab of 24 all is great and no issues with it all. (scratching my head on this one)

I've tried re-imaging a machine and it fell back to that fetching issue.

lionelgruenberg
New Contributor III

@grecopj Fetching is no good... You probably have a package in your imaging config messing with the default system permissions. Hopefully you're thin imaging. It's a pain and time consuming to troubleshoot but much easier with a thin imaging approach. Start with the base OS and install packages in your imaging config one at a time. After each package is installed over the base OS check the permissions for fetching. You may eventually find a package causing the fetching. I had this same fetching issue before and all because of a bad vendor supplied package in my imaging config.

sgrall
New Contributor III

I had a similar issue, and it turned out to be caused by a script that resulted in an invalid duplicate root user (it passed a null value that resulted in creating a duplicate root user). I created the following script lines to fix the issue. Your issue may be unrelated, or it may be similar. The caveat here is that the ONLY way to delete this corrupt user for me was by manually deleting its associated plist file in the local directory services file structure. No other method worked, because the name of the account, "/", was supposed to be invalid. For affected Macs for me, whoami for root returned "/"

sudo rm /var/db/dslocal/nodes/Default/users/%2F.plist
sudo dscacheutil -flushcache

grecopj
Contributor

Thanks Guys for the suggestions. I tried re-imaging two computers. I have a base OS that I just set some settings to including enabling root. Netboot to a server to image the machines. Once that is done and tied to my JSS, I push out policies for my Adobe apps, browsers etc.. I have them each on their own policy. I have a few config profiles but not many.

So I did that to two machines after I deleted those machines from the JSS. I then have a policy to bind to my domain which I just go to the computer and run that from self service.

I thought I was in the clear but then I got the "fetching" issue.

I then tried a third machine but this time I went through each policy and installed them with self service one at a time. Checking each time the permissions. Enabled that machine to each profile one by one. Hoping to catch the issue that way. All is good. So I am at a standstill. I don't know what is causing the "fetching" issue.

I also have a few scripts that run at login and logout but again I enabled them one by one on the third machine and all is still good. I thought maybe the one I had that deletes my domain accounts on logout was the cause but that seems ok.

I also found that the machines in the other labs I thought were all good, have started with the "fetching" issue as well.

Any other ideas anyone might have would be greatly appreciated.

Thanks,
Pete