It’s happened to me more than once that I’ve needed to configure something on a managed Mac laptop at work for which I have no admin access. Normally you can just track down your network administrator, but if it’s after hours or you are traveling, there’s another option: escalate your own account privileges by adding yourself to the admin group.
To add yourself to the admin group, you’ll need to reboot into single user mode and run a couple commands. Here’s how:
First, boot the machine and hold down Command-S until it boots into single user mode. Then, mount the hard disk in read-write mode (and check it for errors) with the following two commands:
/sbin/fsck -fy
/sbin/mount -uw /
We’ll be using the dscl command to add your username to the admin group, but first you need to start directory services or it will return an error:
launchctl load /System/Library/LaunchDaemons/com.apple.DirectoryServices.plist
To list the users in the admin group, use the following dscl command:
dscl . read groups/admin users
You won’t see your username, of course, because you aren’t an admin. To add yourself, run the following:
dscl . append groups/admin users yourusername
You can double check that your username is in the list now, then type reboot to restart the machine. When you log in, you’ll see that you’re now in the admin group, with permission to install apps or change any system settings.
10 thoughts on “Gain admin rights in OS X Leopard”
Comments are closed.
TUAW had a similar, shorter, slightly noisier (the first boot video) version of the same idea:
http://www.tuaw.com/2008/09/01/tuaw-tip-create-an-os-x-admin-user-without-a-disc/%20[http://www.tuaw.com/2008/09/01/tuaw-tip-create-an-os-x-admin-user-without-a-disc/
However, it should be noted that there’s a typo in the terminal commands.
It should read
$ mount -uw /
$ rm /var/db/.AppleSetupDone
$ shutdown -h now
http://users.ez-net.com/~jasonb/secureit.html
not sure if this works on the latest versions. also check here:
http://www.securemac.com/macosxsingleuser.php
If you have a decent sysadmin, the machine will have a firmware password set, and the machine won’t allow a single-user boot. You can find out if it does have one set by booting holding down the “option” key at startup, and it will prompt for a password if there is one set.
Awesome tip Jason! I featured it on The Daily Hack…keep up the great work, man. :-)
Charlie Flowers
DailyHack.net
twitter.com/charlie
This worked great but people be careful to put all the spaces in where they go or else the command will not be recognized. By the way thanks for putting this up your a life saver!