Instantly share code, notes, and snippets.

Embed
What would you like to do?
#!/bin/bash
# modified from original by Rich Trouton
# https://github.com/rtrouton/rtrouton_scripts/tree/master/rtrouton_scripts/block_root_account_login
ERROR=0
# Set root password to some uuid, eg. 1730DFA3-C59B-447C-BAE8-3C3F052862A4
rootpassword=$(uuidgen)
/usr/bin/dscl . -passwd /Users/root "$rootpassword"
if [ $? -ne "0" ]; then
echo "Could not set root password"
ERROR=1
else
echo "Set root password"
fi
# Disable root login by setting root's shell to /usr/bin/false.
# The original UserShell value is as follows:
#
# /bin/sh
#
# To revert it back to /bin/sh, run the following command:
# /usr/bin/dscl . -change /Users/root UserShell /usr/bin/false /bin/sh
rootshell=$(/usr/bin/dscl . -read /Users/root UserShell | awk '{print $2}')
if [[ -z "$rootshell" ]]; then
# If root shell is blank or otherwise not set,
# use dscl to set /usr/bin/false as the shell.
echo "Setting blank root shell to /usr/bin/false"
/usr/bin/dscl . -create /Users/root UserShell /usr/bin/false
else
# If root shell is set to an existing value, use dscl
# to change the shell from the existing value and set
# /usr/bin/false as the shell.
echo "Changing root shell from $rootshell to /usr/bin/false"
/usr/bin/dscl . -change /Users/root UserShell "$rootshell" /usr/bin/false
fi
exit "$ERROR"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment