Tuesday, February 1, 2011

Restoring admin rights

I've not had a reason to do this recently, but was curious so I decided to try. I wanted to give myself admin rights from the command line, specifically single user mode.

For those of you who don't know, single user mode is a command line only way to interact with the system as root, in most cases its possible without a password. Hold command+s when booting and see what it looks like! (if you get scared, just type "exit")

Once in single user mod (SUM), you can interact with the system by using commands. So, in this case, I want to add my user "rusty" to the admin group on the machine... This is what I did.

First, start computer in SUM - hold command+s at boot

Second, after you see the prompt (root#) type "/sbin/mount -uw /" (there are two spaces in there, its important not to loose them!)
Hit Return.

Third, I need to start the Directory Services, I do so by typing:
launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist
Hit Return.

Fourth, Now that Directory Services is started, I can make the appropriate changes use dscl.
To add my "rusty" account to the admin group, I use:
dscl . append /Groups/admin GroupMembership rusty

Once you are done making changes, exit SUM using the command "exit"

There are lots of other cool tricks with dscl, give it a try and post some of your favorites!


arubdesu said...

(after the mount command)
rm /var/db/.AppleSetupDone
and after the setup assistant I have a fresh admin user I can do anything I need to. Yes, that adds a user to the local node that would need cleaning up, but easy for me to remember

Rusty Myers said...


Excellent hint! I use that a lot when I've got no admin accounts on the machine. Its a quick, gui driven way to restore admin rights.