Carnegie Mellon University Website Home Page
 
Skip navigation and jump directly to page content
Documentation Index
Security
Macintosh Machines
Advanced Section
Step 1: Create Separate Admin Account
Step 2: Remove Admin Access from Everyday Accounts
Step 3: Ensure Root Account is Disabled
Step 4: Disable Network Services
Accounts
Network, Phone & TV
Software
Email & Calendar
Secure Your Computer
Clusters & Printing
Web Services
Classroom & Event Support
Education & Outreach
Support & Repair
Information Security Office (ISO)

Advanced Step 3: Ensure the Root Account is Disabled (OS X 10.4)

Mac OS X is based on BSD Unix. In Unix, the root account has full control and can override all security settings. To prevent someone directly logging into the root account, keep it should be disabled. To ensure the root account is disabled follow these steps:

  1. Open Applications > Utilities (Finder window) and double-click Netinfo Manager.
  2. In the local @ localhost - / window, click the lock icon to make changes.
  3. When prompted, enter the short admin userid and password.
    Note: The short userid is whatever you specified as "Short Name" when creating the admin account.
  4. From the Security menu do one of the following:
    • If Disable Root User is visible, select it to disable the root account.
    • If Enable Root User is visible, do not make any changes. The root account is already disabled.
  5. Click the lock icon to prevent further changes.
  6. From the NetInfo Manager window, select Quit NetInfo Manager.

next Advanced Step 4: Disable Network Services

Last Updated:  7/1/08