How to get Admin rights in OSX Leopard using single user mode…

Home / Apple / How to get Admin rights in OSX Leopard using single user mode…

Here is a quick way to gain access to that leopard machine you don’t remember the admin password to. Yes I know this can be used by all the kiddies out there, but lets hope they are smarter than that. To start, reboot the machine into single user mode by holding down command-s before the chime (on the white screen with gray apple logo). Once in single user mode you need to mount the HD in read-write mode using the following commands:
/sbin/fsck -fy
/sbin/mount -uw /

Then we need to start the directory services by issuing the following:
launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist
First thing we need to do is to create the new userid (I call it newadminusername, you can use whatever you want). It is important to assign the user a Realname (which is the long name under OSX), a UID in 5xx range (I use 599 in this example) and assign the user to group 80 (which is the admin group):
dscl . create /Users/newadminusername
dscl . create /Users/newadminusername RealName “Test Admin User”
dscl . create /Users/newadminusername UniqueID 599
dscl . create /Users/newadminusername PrimaryGroupID 80

Next we need to use the dscl command to make our newadminusername part of the admin group in open directory using the following command:
dscl . append /Groups/admin GroupMembership newadminusername
To check and make sure it worked lets look at the list of users in the admin group using the following command:
dscl . read /Users/newadminusername
and make sure newadminusername is setup correctly.
dscl . read /Groups/admin
and make sure newadminusername is listed as part of this group. The output of the commands on my machine for my test userid “tester” (I chose tester as my “newuseradmin”):
Brain:~ root# dscl . read /Groups/admin
AppleMetaNodeLocation: /Local/Default
GeneratedUID: ABCDEFAB-CDEF-ABCD-EFAB-CDEF00000050
GroupMembership: root mayromlou tester
Password: *
PrimaryGroupID: 80
RealName: Administrators
RecordName: admin
RecordType: dsRecTypeStandard:Groups
SMBSID: S-1-5-32-544
Brain:~ root# dscl . read /Users/tester
AppleMetaNodeLocation: /Local/Default
AuthenticationAuthority: ;ShadowHash; ;Kerberosv5;;tester@LKDC:SHA1.532A60C783871C50CE0DAF911171860F528DE20F;LKDC:SHA1.532A60C783871C50CE0DAF911171860F528DE20F;
GeneratedUID: A248AE2D-DCA4-41AF-B3C9-91F96CB42091
Password: ********
PrimaryGroupID: 80
RealName:
Test User
RecordName: tester
RecordType: dsRecTypeStandard:Users
UniqueID: 599

If everything is good to go reset the users password:
passwd newadminusername
Reboot by typing reboot from the command line. You can now use your newadminusername to login and admin the machine. Once you’ve got access back to the machine through your regular account, you might want to undo all the stuff we have done above (just to keep things neat and tidy). If you decide to do that, reboot into single user mode again by holding down command-s before the chime (on the white screen with gray apple logo). Once in single user mode you need to mount the HD in read-write mode using the following commands:
/sbin/fsck -fy
/sbin/mount -uw /

Then we need to start the directory services by issuing the following:
launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist
Then we need to undo all the steps we did above to create the newadminusername ID. That can be done simply by issuing the following commands:
dscl . delete /Groups/admin GroupMembership newadminusername
dscl . delete /Users/newadminusername

That’s it…..You’re done……

43 Comments

  • Many

    Hi Jackie,

    Assuming this is YOUR machine you are trying to break into, the procedure here does not work under Tiger. I used to do the following procedure for Tiger…….It should work still under the latest update. It will basically make your machine think it's had OSX installed on it just now.

    1) Boot your machine into Single user mode by holding down Command-S (apple-S).
    2) Issue the following commands (without double quotes), followed by Enter:
    "mount -uaw"
    "cd /var/db"
    "rm .applesetupdone"
    3) This "hidden" file (.applesetupdone) we just deleted tells OSX that the initial setup has already been done. By deleting it, we are "forcing" OSX to do the initial setup process all over again. During this process we create a "dummy" user account. This dummy account will have admin privileges, so we can use it to RESET the password on the other account (the account you can't remember the password for).

    So Reboot the machine (using "reboot" command or "shutdown -h now") and setup your dummy account, reset the "real" accounts password and optionally delete the dummy account once you get access to the "real" account.

    Have Fun,
    Many

  • NoweinZ

    Manny, i tried your method in the above comment successfully.
    Thank you SO MUCH.

  • Anonymous

    Hi Many, sadly your method doesn´t work for my 10.4.11 on a mac mini,
    after "cd /var/db" it says something like file not found, I tried as well other unix hints I found on the Internet, like :
    "rm -f/private/var/db/.AppleSetupDone"
    or :
    "rm/var/db/.AppleSetupDone"
    but none of these worked for me.
    I also varied spelling from
    "/.AppleSetupdone" to
    "/ .AppleSetupDone" and "/.applesetupdone" but none of them worked. It answered always "with no such file or directory found"

  • Many

    Hi Anonymous,

    I think you might have a problem with the command and the spacing of it (unless you were in a hurry when you typed your question).

    The correct command should be "cd /var/db" (there is a space between cd and /. Then you issue "rm -f .applesetupdone" (again with space between rm and – and f and .).

    Also the above commands are NOT to be used with double quotes. I just put them in there.

    Let me know if this helps at all.

  • DJ

    Is there any way I could seriously mess up my computer by trying this? Also, my friend says Snow Leopard is the latest version of OSX (I know I have the latest version.) Would I use the Leopard method or the Tiger method?

  • Many

    Hi DJ,

    As long as you're careful about the spacing and such in the commands, you should be okay. In the Leopard version the worst that happens is that the solution wont work and you end up with a "misspelled" userid in the user database.

    In Tiger it's a bit more sensitive…..you should type things in exactly as stated or you could possibly be deleting the wrong file.

    As far as Snow Leopard goes…..yes and no. It is the latest OSX version, but it's not available for purchase yet (It's in beta). It will not be available until September/October timeframe.

    That said if you've got the latest version then you have Leopard, which is version 10.5. If you have the older 10.4 version then it would be Tiger. If you can recall what your Dock looked like on the screen, if it had a 3-D effect to it (icons kinda floating in the air) then you had Leopard (the newest version). If they were just flat looking icons, then you more than likely had Tiger (10.4).

    Hope this helps…..

    TTYL
    Many

  • DJ

    Thanks! Also…what if there are other accounts on the computer? I am considering using this to gain access to the shared documents folder for the network in order to transfer mp3s and such from my other computer. Will this still work or is there another method I should use? Thanks again!

  • Many

    Hi DJ,

    Should work fine. Since the method is really inserting a new admin account into the machine, I was cautioning you about misspelling and the possibility of ending up with a extra admin account you might not want to have around.

    TTYL
    Many

  • Anonymous

    K so I did all of the commands listed and I checked the admin users with that command and it showed the new admin account and after I rebooted there was no new admin account. Is there supposed to be one or is it just a new admin password that is created? Thank you!

  • Many

    Hi Anonymous,

    I've revised the instructions. Seems like somewhere along the line Leopard was updated to accept interactive logins from UID's in the range of 5xx only.

    Also somewhere along the line my instructions got truncated for some reason….Not sure, but I think it happened when I re-edited the instructions a while back.

    Anyways, I've fixed everything. This new version works 100%. I've just tried it on a virgin 10.5.7 machine and got to login to the new account. The system whines about no homedirectory, but lets you login anyways. You can also see the new userid under the accounts preference panel.

    Please follow this new way……you should be able to do everything in here (including the new append command) assuming you use the same (not working) userid you used before.

    Let me know if this doesn't work.

    TTYL
    Many

  • Anonymous

    I used the new instructions but when I used the last command to read all the admins I didn't find the new user that I had put up. But I did see the original account I had made and the attempt accounts I had created in the previous instructions. Thanks again!

  • Anonymous

    I used the new instructions but when I used the last command to read all the admins I didn't find the new user that I had put up. But I did see the original account I had made and the attempt accounts I had created in the previous instructions. Thanks again!

  • Anonymous

    running 10.5 – did this and it seemed to work, it set up the new account… BUT when i enter the password i set up it doesnt accept it.
    the only thing that didn't go exactly as you described was that when i ran the test to see if the account had been set up it only showed about half the information you showed…
    in frustration i tried it again – with a new user name and a new unique ID but keeping the 'testuser' part… i was extremely careful entering the password – but no love.
    any suggestions?
    cheers for posting this.
    bennett

  • Many

    Hi Anonymous,

    YES, I made a mistake copying from my shell window into blogger. In the third (white) command window there were two commands at the end that referenced "testuser". That's wrong, they should be the same as whatever you used for "newadminusername". Also pay attention to the checking/verification command. My "newadminusername" was called tester, so use the right username in the "dscl . read" command.

    Hopefully this will work. Sorry about the confusion.

    TTYL
    Many

  • Tony

    "Many said…
    Hi Jackie,

    Assuming this is YOUR machine you are trying to break into, the procedure here does not work under Tiger. I used to do the following procedure for Tiger…….It should work still under the latest update. It will basically make your machine think it's had OSX installed on it just now.

    1) Boot your machine into Single user mode by holding down Command-S (apple-S).
    2) Issue the following commands (without double quotes), followed by Enter:
    "mount -uaw"
    "cd /var/db"
    "rm .applesetupdone"
    3) This "hidden" file (.applesetupdone) we just deleted tells OSX that the initial setup has already been done. By deleting it, we are "forcing" OSX to do the initial setup process all over again. During this process we create a "dummy" user account. This dummy account will have admin privileges, so we can use it to RESET the password on the other account (the account you can't remember the password for).

    So Reboot the machine (using "reboot" command or "shutdown -h now") and setup your dummy account, reset the "real" accounts password and optionally delete the dummy account once you get access to the "real" account.

    Have Fun,
    Many"

    THANK YOU VERRRRRRRRYYYYYYY MMMMUUUUCCCCCHHHHHH!!!!!!!!!

  • Many

    Hi Hagan,

    Sorry about the delay on this reply. I have read your private email, but thought that someone else might find the discussion useful, so I'm replying here instead. I have not personally tried this method on Snow Leopard. That said, I've had a person at work who's followed it and told me that it worked. I know that's not much of an answer, but at this point it's all I have to offer. I'm at a conference until next Monday, but if you like I can install Snow Leopard on a test machine at work and give the method a try.

    If you do decide to go ahead and use the guide, please let me know if there is something missing or needs correction, so I can make the appropriate changes.

    Thanks,
    Many

  • Stuart

    Fantastic, just used it on 10.5.7 and it worked a charm.
    Keep up the great work.

  • Hagan

    Many,

    Thanks for your help. I can confirm that this works on Snow Leopard OSX 10.6.2, although it is a little buggy…(safari won't open, etc.), it works for the purpose intended.

    Also, while typing in each of the "dscl" commands, you will get a line saying that it is already loaded or something, but just continue with the next command. It sounds like an error, but I don't guess it is because it worked.

    Thanks again,
    Hagan

  • Many

    Hi Hagan,

    Well, glad it (sorta) worked……hopefully it helped get around the issue you were having. I'm getting a new machine soon (it's been ordered) with 10.6 and will give it a whirl to see if anything needs to be modified/added.

  • Hagan

    Yep, thanks for the help. Please update when you get your new machine and let us know if there is a better way to do things in Snow Leopard. I would appreciate it!

    Thanks,
    Hagan

  • Dyzio

    touch /var/db/.AppleSetupDone <=– this gets rid of the file not found error you people keep getting dunno how but it does.do that then do the other one "rm" one

  • Many

    Dyzio,

    Nope, you don't need to touch the file. If it doesn't exist the process still works fine. The rm command just spits out a error saying file not found or something like that.

    If you really want to NOT get the error (not that the error does anything bad), then yes you can use the command you suggested. But I find it redundant as your command creates the file and the next rm command removes it. It really achieves nothing other than getting rid of the error (which has nothing to do with the process).

    Anyways, nice addition though. Thanks.

    TTYL
    Many

  • Anonymous

    Hi Many,
    I am at a loss with my G5 Mac. I disabled the automatically login option in system preferences thinking I would just get a login screen on my next boot. Turns out the tech that worked on this computer last created two admin accounts with the same password. Now, I get a blue screen when it turns on and it flashes a bit and acts like it's desperately working on signing in, but all I can see is my mouse that moves all over. I have tried /sbin/fsck -fy….which tells me my hard drive is OK. Then I type /sbin/mount -uw / which just gives me the localhost:/ root# again. When I type rm /var/db/.AppleSetupDone it informs me that the file does not exist…which is what I was trying to delete anyway, but now I am not sure what to do… Any suggestions? I know the username and the password, but yet there is no login screen to input them into!!

  • Many

    Hello Anonymous,

    I hate to be the bearer of bad news — specially today — but it sounds like your "login" process is crashing. I'm assuming you're running Tiger here….right?

    I've seen this exact symptom twice before on our servers at work. For some unknown reason a couple of files on the filesystem get corrupted and then the login process stops loading.

    As you've seen already the single user mode works fine, but all the commands I listed will not fix your problem. Try rebooting and this time instead of holding down command-s hold down command-v. This should force the machine to boot in verbose mode. At some point during this you'll see a bunch of errors (that potentially repeat). See if you can get me those errors.

    I really can't remotely fix the machine, but I might be able to diagnose it.

  • Anonymous

    Thank you for replying back so quickly. I am a little embarrassed to admit I don't know if this is Tiger or not. I know it is not leopard. I believe it was OS 10.3.5.
    I used the command v on rebooting and it listed a long long list of errors that ran by extremely fast. Most of which said optical USB mouse family specific matching failure
    Extend USD keyboard family specific matching fails and something about Root Hub Simulation

    then the screen goes blue and then black again and it says:
    IP packet filtering initialized divert enabled rule-based forwarding enabled
    IPV6 packet filtering initialized
    Then, the blue screen comes back, altering with the black screen back and forth.

    I appreciate your help. Since this is my work computer I have been desperately trying to just get back into it to change the automatic login. That does not look very promising at this point and I guess I will be needing to run the install disc. If there is any advice you can give me before running the install disc it would be so nice, as I dread re-installing all the fonts and programs needed to do my work on Monday. :)
    Thanks again.

  • Many

    Hi Anonymous,

    Hmmm…..I was hoping for some other error……Something like:

    com.apple.loginwindow……error something or other…..

    Well, seeing as the blue and black screen alternatively cycle, I would say the login process is crashing. Why, I'm not so sure.

    The only other thing I can contribute is, before you reinstall the machine, boot it from the CD/DVD and go into Disk Utilities and run repair permissions. Then once that's done, give it a reboot and see if it'll come back. Highly unlikely, but I do remember wrong permisssions doing nasty things sometimes under 10.4 and lower.

    Sorry, but that's all I can come up with…..hopefully that will fix it.

    TTYL
    Many

  • BC

    Just wanted to let you know I used this on a 10.6.2 AMD hackintosh that was crashing at the Migration Assistant page of initial setup and it worked like a charm. Thank you very much!

  • Anonymous

    Hi Many,

    I am a mother of two and have a daughter who I believe is associating with some less than reputable characters. She has locked me out of her laptop and I would like to monitor who she's talking to. Can I use this method to set up another admin account and install monitoring software and then hide the account?

    Many thanks

  • John Connor

    Hi there,

    I did the process to reset the admin (apple-s; "mount -uaw"; etc.) exactly as written in Leopard 10.5 on a G5 PowerPC Power Mac. After restarting, I get the chime, the apple, and then it goes to a blank grey screen, where I can move the cursor around but nothing else. HELP, PLEASE? I've read through the forum and cannot find a solution.

    Thank ya kindly,
    Grant

  • Many

    Hi John,

    I would try to hold down Apple-v right before the chime to force the machine into verbose mode. That way you can see if there are errors happening (bad files and such). It might help solve the issue. Sounds like a bad drive or corrupted file on the system somewhere.

    Hope this helps….

    TTYL
    Many

  • John Connor

    Hi Many,

    Thanks so much for responding! I did what you said and these are some of the suspicious things I noticed. Any ideas??

    *Extension “com.apple.driver.ApplePMU” has immediate dependencies on both com.apple.kernel and com.apple.kpi components: use only one style
    jnl: unknown-dev: replay_journal: from: 21000304 to: 557568 (joffset 0x750000)

    *Mar 17 16:07:20 Grant fseventsd[82]:event logs in /.fseventsd out of sync with volume. Destroying old logs. (162 23 299)

    *Grant mDNSResponder [57]: WARNING: Sandbox_init error Could not Set Mach lookup policy for service com.bsd/dirhelper err=1100

    *Could not Set Mach lookup policy for service com.distributed_notifications.2

    *Could not Set Mach lookup policy for service com.apple.ocspd

    *Could not Set Mach lookup policy for service com.apple.mDNSResponderHerlp

    *Could not Set Mach lookup policy for service com.apple.SystemConfiguration.configd er

    *even logs in /.fseventsd out of sync with volume. Destroying old logs.

    *Grant ntpdate[100]: no servers can be used, exiting

    *IPv6 packet filtering initialized, default to accept, logging disabled.

    *ALF ALERT: sockwall_cntl_updaterules ctl_enqueuedata rts err 55

    *Grant mds[76]: (Error) Server: mdsync launch failer: (ipc/rcv) timed out

  • Many

    Hi John,

    Hmmm…..weird….mds is the spotlight service…..it sounds like it's barfing :-). I have two suggestions short of taking it to the apple store (it might be a hardware issue — potentially a bad drive). But first try to boot into safe mode and see if that works (hold down shift key before the chime kicks in). If this works there is a good chance that it's just a soft barf (ie: something is corrupt). In that case if it all looks good in safe mode, then an archive and install, preserving users should be reasonably painless. Simply insert your installation disk and try that plus any other updates. Hopefully this will fix the problem.

    If not (or if you can't get into safe mode) I would probably advise that you take a trip to the apple store and have them have a look.

    Hopefully this won't be required :-).

    TTYL
    Many

  • Anonymous

    Hi Many

    I have a OSX 10.5.6 I just did all the steps but after rebooted it the computer got stuck in the configuration process, I mean first it starts very well, (gray screen, then welcome screen, then it says select your main language, your region, keyboard, then says do you already own a Mac???, I select Do not transfer my information now, then i select a wireless service and then appears CONFIGURING YOUR COMPUTER. I waited about an hour, but nothing happened. I've tried many times

    Please help me
    Did I mess it up??

    RJM

  • Anonymous

    Hi Many

    I have a OSX 10.5.6 I just did all the steps but after rebooted it the computer got stuck in the configuration process, I mean first it starts very well, (gray screen, then welcome screen, then it says select your main language, your region, keyboard, then says do you already own a Mac???, I select Do not transfer my information now, then i select a wireless service and then appears CONFIGURING YOUR COMPUTER. I waited about an hour, but nothing happened. I've tried many times

    Please help me
    Did I mess it up??

    RJM

  • Anonymous

    Thanks Many, you're a lifesaver!

    I recently setup Mac OS X 10.5 Server and after I installed the 10.5.8 v1.1 update, the server had lost all records of my administrator login! The home directory was still in place but no matter what I tried, I couldn't login (or SSH, screen share, etc).

    After about an hour of hair pulling and confusion I found this blog and the steps got me back into action.

    Somehow, the software update had removed all DS entries of the admin login from /Users/username , but there was still a record in /Groups/admin GroupMembership. It was very weird.

    Last thing I had to do was add an entry to point the admin account back to the home directory:

    dscl . create /Users/username NFSHomeDirectory /Users/username

    and strip ACLs from the home directory (chmod -R -N /Users/username). It got unlinked somewhere along the way and the ACLs were preventing the home folder from being accessible.

    Cheers!
    Dan

  • Anonymous

    Hi there Many,

    I've been trying to recover my admin passwd on my macbook pro 17" running on os x10.6. I have tryed everything, even creating a new adminuser like you ran us through. Though to no avail, it's just not showing up when I prompt for the groups to show newadminuser!
    Have you any suggestions? I have tried all time honerd backdoor codes to no avail!

    Regards

    Mike

  • e

    10.4.11 Suddenly won’t accept user password on well populated and long used partition. There are about 7GB space remaining.

    Tried everything. Decided to make new sysadmin by deleting *SystemSetup* and going through registration again. System sticks at registration screen concerning internet connection method.or before that at screen for importing information from another partition or computer.

    Thanks for answering these questions for people. Mine is: as I am setting a new administrator name and password, is there a way to bypass the bulk of the registration steps? (Passwd method is not working on command+s)

  • e

    I should add that single user will not boot in a recursive cycle after a number of failed attrmpts to find root user. “Sleeping and trying again.”

  • Ash

    Hey guys,

    I couldn’t log onto my admin when I’m 101% sure that the password is correct. I can’t use the install CD because it just spits it out after a few seconds. So I’m trying to change the password for my account so I can access my old files ( I didn’t back it up.) Then I went into single user mode and I’m getting an error:
    DS Error: -14009 (eDSUnknownNodeName)
    and goes back to command line.
    I mean I already know my user name, but still no luck. If this works I can get all my old files back by changing my passwd. Any ideas??

Leave a Reply