It's been suggested that, since the root
account now appears in the accounts database on macOS 10.13.1+ by "default" (by accident it seems), it might be a good security measure to disable shell access for that account.
Will doing so disable the ability to boot into Single User Mode?
Best Answer
As @fd0 already commented, "single user mode uses /private/etc/passwd for login authentication, not Open Directory":
but
So single user mode will happily read the content of
/etc/passwd
and start aroot
shell with/bin/sh
even if you set the shell to false withdscl
.