Even admins can’t access every part of the Mac file system!
In particular, admins cannot move files from one user account to another, or edit another user’s files. This restriction can be frustrating if there’s an account you no longer have access to, such as a user account belonging to an ex-employee who left the company without sharing their login details.
Having access to every single user account can also come in handy if you want to sweep your entire Mac for viruses or malware, or you need to backup everything that exists across your Mac, rather than just the files inside your user account.
You can gain access to every part of your Mac that isn’t protected by System Integrity Protection (SIP), by creating a root account.
Enabling root essentially makes every part of the system accessible, but at this point it becomes much easier to damage your Mac. There’s often a reason why macOS prevents you from accessing certain files and folders, so you should only enable root if you have a specific reason for requiring this level of access.
Root can be dangerous, but if you do require root privileges, then in this article I’ll show you exactly how to get them.
Create a root user account
You create a root account, via your Mac’s System Preferences:
- Select the ‘Apple’ logo from your Mac’s menu bar, followed by ‘System Preferences…’
- Choose ‘Users & Groups.’
- Click the little padlock icon in the bottom-left, and enter your admin username and password when prompted.
- Select ‘Login Options.’
- Click the ‘Join…’ button.
- In the popup that appears, select ‘Open Directory Utility…’
- Click the padlock, and enter your password again.
- In the ‘Directory Utility’ menu bar, select ‘Edit > Enable Root User.’
- Enter a strong password that you can definitely remember. To ensure you don’t log into the root account by accident, don’t use the same password as your regular user account. Once you’ve entered a long, complex and unique password, click ‘OK.’ You’ve now created your root account!
Alternatively, you can enable root access from the Terminal:
- Open a Finder window.
- Navigate to ‘Applications > Utilities,’ and launch the Terminal application.
- Type the following command:
dsenableroot
- Press the ‘Enter’ key on your keyboard.
- When prompted, enter your admin password, and then press the ‘Enter’ key.
- Type the password that you want to use for your root account, and press ‘Enter.’
- When prompted, enter this password again; press ‘Enter.’
The Terminal should now display a ‘Successfully enabled root user’ message.
Logging into your root account
You can log into your root account from macOS’ main login screen, just like any other user account:
- Log out of your current user account.
- On macOS’ login screen, select ‘Other…’
- Enter root as the username, and the password you just created.
On the surface, this account may look exactly the same as a regular user account, but files that are usually off-limits are perfectly accessible within this account – including important system files!
Since it’s much easier to delete, modify or generally break crucial files, you shouldn’t use the root account for everyday tasks. Even system admins and Mac power users are unlikely to require root access on a day-to-day basis!
You should only log into the root account when you have a task that specifically requires root privileges. As soon as you’ve finished this task, you should log out of root and back into your regular user account.
No longer require root?
If someone gained access to your root account, they could cause some serious damage to your Mac. Since root makes your Mac more vulnerable to malicious third parties, if you no longer require root privileges then you should delete this account.
To disable the root user account:
- Navigate to ‘System Preferences > Users & Groups.’
- Click the padlock icon, and enter your admin password.
- Select ‘Login Options,’ and give the ‘Join…’ button a click.
- Select ‘Open Directory Utility…’
- Select ‘Edit’ from the toolbar, followed by ‘Disable Root User.’