Filed under: OS, Terminal Tips
TUAW Tip: Create an OS X admin user without a disc
Recently, I had to create a new admin user on an older 500mhz Power Mac G4 running OS 10.3.9. Needless to say, there was no 10.3 install discs to be found. What to do? Follow these simple (but powerful) steps.First, restart the Mac while holding down the Command and "S" keys to start in Single-User Mode. Next, you'll see the UNIX boot sequence in white text on a black field. Don't worry, that's what we expected. At the prompt, type the following commands, hitting "Return" after each.
- mount -uw /
- rm /var/db/.AppleSetupDone
- shutdown /h now
Other users on that machine -- including other admin users -- will remain intact. This is also a good way to change the password on an older admin account without the disc. Simply follow the same steps and, once you've logged in with the new account, change the password on your old account. Then, log in as the old account and delete the new one.
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 2)
Luigi193 said 12:20PM on 9-01-2008
I think its shutdown -h now
I didn't think you can do /h... or atleast I've never done it like that. If i'm wrong my apologies!
Reply
Richard Brooks said 12:24PM on 9-01-2008
It's important to note that when you create that new admin user, that the new name isn't used by any of the other users - otherwise there may be some issues with filevault, keychain, etc..
Reply
Luigi193 said 12:24PM on 9-01-2008
Wait... one more thing. Why would you have to do this in Single User Mode? Couldn't you just use sudo?
If you in Terminal, don't do the mount thing though... just the rm command.
And didn't you already run this tip? http://www.tuaw.com/2005/10/04/get-the-out-of-the-box-experience-with-an-older-mac/
Just curious...
Reply
Richard Brooks said 12:34PM on 9-01-2008
You need to be in single user mode to be guaranteed super user privileges. Part of the background for this procedure is not being able to get on the computer as an admin user - this works even if you can't login as an existing user.
Problem though, is if the original user was crafty and disabled single user login.
And yes, I'm very sure this tip has made the runs of the majority of the big blogs.
Luigi193 said 12:44PM on 9-01-2008
Ahhhh, good point. This is good if its not your computer...
Steven said 12:25PM on 9-01-2008
YOu mentioned this mac was running 10.3.9 Does this trickery work with 10.5.x?
Reply
Rafe H. said 12:33PM on 9-01-2008
Fortunately changing the password on an existing account does not provide access to its keychain.
Reply
Steve said 8:29PM on 9-02-2008
This sounds like a security hole to me. Doesn't this mean I can reboot a Mac, define a new admin account, and then use that account to "do things"?
Probably no good way around it, though.
noza said 12:53PM on 9-01-2008
I presume this was a computer on which you did not know the current admin user's password? Because otherwise this is a lot more trouble than just creating a new user in System Preferences and ticking the "Allow user to administer this computer"
Reply
tnn said 1:19PM on 9-01-2008
As before mentioned, the flag to shutdown is -h.
You can speed things up, by entering
shutdown -r now
to reboot, or just type
reboot instead.
Reply
urgent help said 1:40PM on 9-01-2008
Guys, I need help urgently. I ran the umount command in the terminal while logged in, and now the computer will not boot.
"If you in Terminal, don't do the mount thing though... just the rm command." I did that and now it won't boot, please help. How do I fix this?
Thanks a lot.
Reply
Japego said 1:42PM on 9-01-2008
It is a Macbook Pro with OSX 10.5 Leopard
Thank you.
Luigi193 said 4:51PM on 9-01-2008
Wait... what?
Are you blaming me? OR did you wish you saw that before you did it?
I didn't think it was possible to run the mount command while logged it...
Try booting from the DVD and going to disk utility and check to see if your hard drive is mounted... if its not, click it and click mount.
alansky said 2:57PM on 9-01-2008
"This is also a good way to change the password on an older admin account without the disc. Simply follow the same steps and, once you've logged in with the new account, change the password on your old account. Then, log in as the old account and delete the new one." --TUAW
How are you going to change the password on the old account if you don't know the old password? And if you do know the old password, the whole exercise is unnecessary; the password is easily changed in the Accounts pane of System Preferences.
Reply
Mo said 4:01PM on 9-01-2008
Because when you're booted into single-user mode, you already have root privileges and can reset the login password for any account, including an administrator's.
You can't, however, access keychains (or, by extension, FileVault home directories) without having (and knowing) a master password.
Mo said 4:04PM on 9-01-2008
Um, sorry, what I meant to say was:
The account you create using this process is an administrator, and so can change the passwords of other accounts without knowing the old password.
(My comments regarding keychains and FileVault still applies, though)
Eric said 5:24PM on 9-01-2008
If you're worried about accidentally rm'ing the wrong file, why not simply mv it to a backup location instead?
Reply
ds said 8:30AM on 9-02-2008
Here's an easier way to shutdown -h now:
halt
Props to FH for that one.
Reply
Matt said 11:50AM on 9-02-2008
Leopard:
command-s
mount -uw /
ls users
passwd shortusernamehere
Tiger:
command-s
mount -uw /
sh /etc/rc
ls users
passwd shortusernamehere
Why the heck are you creating an admin user to change a password when you can do it IN single user mode for ANY account?
Reply
Dave said 6:57PM on 9-02-2008
So, um... what's to prevent someone from doing this to my Mac and gaining full control over my system? Isn't this a pretty significant security problem?
Reply