Is it 'OK' to use the root user as a normal user?

macos root user-account

I have enabled the root user on my Mac so I can log into it and run Finder etc. Being the lazy person that I am, just transferred everything from my home directory to /var/root. I'm not too sure of doing this, so I may move everything back. Is it technically 'OK' to be using this like a normal user? (I am the only one who can access my computer.)


Using your computer logged in as root all the time is like always carrying around all your keys, your passport, $5,000 in cash, that piece of paper with all your passwords written on it and the only photo you have of Flopsy, the adorable rabbit whose death broke your seven-year-old heart. Oh, and a chainsaw.

Which is to say, it's mighty convenient from time to time, because it means you can do whatever you want, whenever you want, without needing to go back home to get stuff or talk to your bank manager. But it also puts you at great risk of losing stuff, having it stolen (don't think that chainsaw will help you: you'll be streets away before you notice your wallet's gone), doing things you really regret later (impulse-buying plane tickets to Vegas while drunk), taking dangerous shortcuts (chainsawing through the lion enclosure fence because that's the fastest way to the pandas) and over-reacting (chainsawing your neighbour's car because his dog barks too much). And, when you think about it, mostly, you're just going to the office, going grocery shopping, hanging out with your friends. You don't need all that stuff with you all the time just for the convenience of needing it, what?, once a month? Once a week?

So, no, it's not OK to use the root account all the time. It gives you a tiny amount of convenience but puts you in a lot of danger. There's the danger of stupid mistakes having catastrophic results ("Hey, why is rm -rf * taking so long to run? **** I'm in /!"). There's the danger of acclimating yourself to the idea that all files are equal and you can just mess about with whatever you want, anywhere in the directory tree. There's the danger that any hack to your account is immediately a hack to the whole system, so now every single piece of software on your machine is security-critical. And even if you think you don't care about your machine getting hacked (after all, that photo of Flopsy is a real piece of glossy paper, not some ephemeral JPEG), I care about your machine getting hacked because then it's on the botnet that's mounting the DDOS attack against whatever internet service I can't access today.

Root is your spiderman costume. It gives you great power but requires great responsibility. It's there in the closet whenever you need it, so you don't have to wear it all the time.


You can, but it's a major security and stability risk. Doing so allows any application full access to your computer. You can't know what they're doing with that access. It's unnecessary, and just really unsafe.

For a lot more background information on this, see

  • Why is it bad to login as root
  • Why not run always logged in as root
  • Why it is not recommend to use root login in linux

Honestly, I agree that there are a lot of risks associated with using the root user as default. But let me just run through them and criticize some of the arguments a bit

  • Defending against applications: Practically the permission system of *nix is not strong enough (by far) to allow running arbitrary programs. A malicious program on *nix is able to do enough evil stuff (like stealing your bank credentials) without root permissions. It will be somewhat harder for a non-root application than for a root application (e.g. instead of directly installing a root-certificate and intercepting the connection to the bank you will need to mess around with the browser instead, but hey, that's actually quite doable and you likely had to do that anyways to make sure the user doesn't notice anything)
  • Defending against user mistakes (like running a wrong command and deleting all system files): Absolutely true, but even though a non-root user will save the system, all the important files will normally be lost already (as the user owned files are far more likely to be unique).
  • Defending against exploitable bugs in applications you run: Now this is more like it. E.g. when you run a web server where a lot of applications are open to the outside and thus any exploitable bugs will be easily reached. The same still applies of course even if you are sitting behind a router and firewall, though the extent of the danger is far less significant. Once again however the question becomes how much the permission system will realistically defend on a private system. Without root permissions all private files can still be accessed and intercepting network data is also possible... the two most important things you can wish for as an attacker of a private system.
    • (Now, on top of the standard *nix file permission system Apple has also introduced an application sandboxing system. As far as I know that one is still fully functional even when logged in as root. If however it weren't then that would be a total deal breaker.)

Either way, all considered I do not think it's as terrible an idea as some others claim. Mind you, I am not saying it's a good idea either, but I think that people overestimate the usefulness of the *nix file system permission model in protecting you. Yes, it's incredibly useful for certain things (e.g. multi user systems, complex multi-application servers, keeping the system running no matter what happens (running, but not necessary usable), locking important files away (though you're better off encrypting those...), etc.), but it's not some magical protection that prevents bad stuff from happening.

In the comments I came up with an analogy which seems quite adequate in describing the situation. In Dutch we have a word for the little closet where you can find all the meters and the toggle for the main water supply, etc. Running as the root user account is like taking the lock off that little closet. Ironic fact: Most people don't have locks on it in the first place. Now, just like with the root user that's not to say that it's not useful to lock it away in certain cases, for example in offices or other semi-public buildings it's often locked away, but in normal houses it's far more important to have a strong lock on the front door (not installing random things, firewall, etc.) and putting all your important stuff in a safe (making backups, encrypting stuff, etc.). Will an extra lock on that closet hurt? Nope, so it might be a good idea to have it in place just in case, but in all likelihood it's going to be quite useless.

Running as the root user is nothing like taking all the locks of your house and carrying all the stuff in the safe with you all the time as is claimed by David Richerby. Your passport (identity) is in no way protected by the *nix file system, your money (bank account) is in no way protected by the *nix file system, your important passwords are likely not protected by the *nix file system (if you're using Safari however they might actually protected partially by the *nix file system permission model, but without root you can still add an invisible extension to Safari and next just intercept the password the next time you use it), your photos are definitely not protected by the *nix file system and if you're using the terminal you're already carrying a chainsaw around with you (per point 2 above).


Back around 1990 I was working on a project with a guy named Tom. We were using a SUN server running SunOS (a Unix derivative, predecessor to Solaris). This was back in the days before CD drives and flash drives, so if you messed up the OS on your hard drive there was no way to recover.

Tom used to routinely log in as root. I told him that was a bad idea, but he did not listen. One day I heard him say "Uh-oh". He had meant to type comething like this:

mv something* .

Unfortunately he left off the final dot, so the shell expanded all the file and directory names which matched this pattern. Then the mv command used whatever ended up as the final name in the list as the destination directory, and moved everything else into it. Also unfortunately, he was currently at the root directory, so basically the entire file system got moved into one of its subdirectories.

I used up-arrow to bring back the previous command and saw what had happened. The first thing I then said was, "Don't log off! Or you will never be able to log in again."

No problem, right? We could just move everything back. We could, except that the mv command was not one of the built-in commands of the shell. Instead, it was an executable program, stored in one of the files which had been moved. Luckily, ls was a built-in command, so after using ls to confirm where the commands had moved to, I was able to find the mv command, invoke it with its full path name, and put things back where they were supposed to be.

And then I told him, "Tom, this is why it is a bad idea to routinely log in as root."


Generally you want to keep ownership of your personal files separate from the root user. This is why you create a account for yourself as an administrator. The accepted way, under OS X, to gain root level access is to use the sudo command from the Terminal application. For example, if you want to see the partitioning of your internal drive the command is

gpt -r show /dev/disk0

which if entered will result in the following error message.

gpt show: unable to open device '/dev/disk0': Permission denied

To use the command, you need to use sudo as shown below.

sudo gpt -r show /dev/disk0

If you want to become the root user to avoid entering sudo, you can just enter sudo sh. The exit command can be used to exit from being the root user.

If you want to execute an application as the root user, you can by using the Terminal application. For example, if you want to launch the Finder as the root user, enter the following command.

sudo /System/Library/CoreServices/Finder.app/Contents/MacOS/Finder &

To avoid the confusion of having two Finder applications open at the same time, it is usually best to quit your Finder application first. This can be done using the following terminal command.

osascript -e 'tell application "Finder" to quit'

One word of caution: preceding a command with sudo is not the same as becoming the root user. For example, the commands 

sudo echo $USER
sudo echo $SUDO_USER

result in the same output as the commands shown below.

echo $USER
echo $SUDO_USER

If you become the root user (the superuser), then the same commands result in a different output. This can be verified by entering the commands shown below.

sudo sh
echo $USER
echo $SUDO_USER
sudo echo $USER
sudo echo $SUDO_USER
exit

Related

Why won't closing the lid sleep my MacBook Pro with external monitor attached after upgrading to Lion?
Enter a filename in the File Open dialog
Right-click, create a new text file. How? [duplicate]
Consequences of deleting .DS_Store
How to print an image across two pages
How to remove unused MacPorts packages?
Can I force a cache refresh in Safari running on iOS?
Where does the Mac store account pictures?
Where can I find default Microsoft fonts Calibri, Cambria?
Copying the current directory's path to the clipboard
How do I negotiate dialogue boxes using the keyboard only?
Which application to preview .md files?