Mac administrators can use the root user account to perform tasks that require access to more areas of the system.

The user account named ”root” is a superuser with read and write privileges to more areas of the system, including files in other macOS user accounts. The root user is disabled by default. If you can log in to your Mac with an administrator account, you can enable the root user, then log in as the root user to complete your task.

The root user account is not intended for routine use. Its privileges allow changes to files that are required by your Mac. To undo such changes, you might need to reinstall your system software. You should disable the root user after completing your task.

It’s safer to use the sudo command in Terminal instead of enabling the root user. To learn about sudo , open the Terminal app and enter man sudo .

Enable or disable the root user

  1. Choose Apple menu () > System Preferences, then click Users & Groups (or Accounts).
  2. Click , then enter an administrator name and password.
  3. Click Login Options.
  4. Click Join (or Edit).
  5. Click Open Directory Utility.
  6. Click in the Directory Utility window, then enter an administrator name and password.
  7. From the menu bar in Directory Utility:
    • Choose Edit > Enable Root User, then enter the password that you want to use for the root user.
    • Or choose Edit > Disable Root User.

Log in as the root user

When the root user is enabled, you have the privileges of the root user only while logged in as the root user.

  1. Choose Apple menu > Log Out to log out of your current user account.
  2. At the login window, log in with the user name ”root” and the password you created for the root user.
    If the login window is a list of users, click Other, then log in.

Remember to disable the root user after completing your task.

Though most advanced Mac users will find it easiest to enable root with Directory Utility from the GUI of Mac OS X, another option is to turn to the command line. No, we’re not talking about using sudo or su, we’re talking about enabling the actual root user account, which can be appropriate for some complex situations.

For those who are familiar with the Terminal and comfortable with command line syntax, enabling the root user account in Mac OS X from the command line may even be easier than doing so from the Directory Utility application, as there are fewer steps necessary to both enable and disable the root user account, either widely or on a per-user basis. This is also advantageous in that it can be enabled remotely via SSH on any Mac that can be connected to.

It’s very important to point out that enabling the root user account is only for advanced users who understand when and why it may be necessary to have universal superuser privileges. This is rarely necessary for anything beyond systems administrators or for troubleshooting some particularly advanced and complex issues, and for the vast majority of purposes, simply using sudo or launching a GUI app as root is usually sufficient for the vast majority of situations.

If you do not know what you’re doing, do not enable the root user account, and do not use the root user account. Because the root user has universally privileged access to everything in Mac OS X, it’s quite easy to mess something up, and leaving the account active can lead to a security risk. This is truly only for advanced Mac users.

Enable root User Account from the Command Line of Mac OS X with dsenableroot

A simple command line tool appropriately called ‘dsenableroot’ will quickly enable the root user account in Mac OS X. At it’s most simple form, simply type ‘dsenableroot’ into the Terminal prompt, enter the users password, then enter and verify a root user password.

% dsenableroot
username = Paul
user password:
root password:
verify root password:
dsenableroot:: ***Successfully enabled root user.

When you see the “dsenableroot:: ***Successfully enabled root user.” message, you know the root user has been enabled with the password that was just defined.

If you wish, you can also enable the root user on a per user account basis by specifying the -u flag:

dsenableroot -u Paul

Replacing ‘Paul’ with any user name that is on the specific Mac will work.

Of course, once you’re done with root user, you may wish to disable root account access as well.

Disable Root User Account from the Command Line in Mac OS X

Passing the -d flag to the same dsenableroot command string will disable the root user universally, like so:

% dsenableroot -d
username = Paul
user password:
dsenableroot:: ***Successfully disabled root user.

The message “dsenableroot:: ***Successfully disabled root user.” indicates the root account is now disabled.

Similar to enabling a specific user, you can also disable for a specific user with the -d and -u flag:

dsenableroot -d -u Paul

This may be appropriate for a situation where a particular user account no longer requires root account privilege.

Generally speaking, leaving the root user account disabled is a good idea.

The dsenableroot utility works in MacOS Sierra, OS X El Capitan, OS X Yosemite, OS X Mavericks, Mountain Lion, etc. For users who are on much older versions of OS X like Snow Leopard, use the sudo passwd method instead.