As I understood the description of the patch/update — the Root Account is only de-activated if it has no password. Making it just like all previous releases of OSX.
If you have activated the Root Account and supplied a password, then nothing happens. Read Mac Rumors description: https://www.macrumors.com/2017/11/29/apple-fixes-root-password-bug-security-update/ The original bug description: https://www.macrumors.com/2017/11/28/macos-high-sierra-bug-admin-access/ > On Jan 15, 2018, at 4:21 AM, Bjarne D Mathiesen <[email protected]> > wrote: > > Jan Stary wrote: >> I don't get it. 10.13.2 does _not_ have a root account by default? Why? >> And if it does, how is that a problem? It's UNIX, of course there is >> a 'root' account. > > macOS out-of-the-box has a de-activated root account; eg you can't log > in as root or ssh into the box as root. The root account exists but in a > dormant state and is accessed though sudo from admin accounts. > > One of the things I do on my boxes is activating the root account; and > in some cases removing the other admin accounts, so I've only got root > and users. Now, if the root account is de-activated you have no way of > administering the box - even with sudo at normal user accounts can't use > sudo. > > Also if you have scrips that eg ssh into the box from the outside, this > will completely thow off your setup. > > -- > Bjarne D Mathiesen > Korsør ; Danmark ; Europa > ---------------------------------------------------------------------- > denne besked er skrevet i et totalt M$-frit miljø > macOS 10.13.2 High Sierra (17C205) > 2 x 3,46 GHz 6-Core Intel Xeon ; 48 GB 1333 MHz DDR3 ECC > ATI Radeon HD 5770 1024 MB "Never be cruel; never be cowardly; and never ever eat pears.” - The Doctor William H. Magill [email protected] [email protected]
