Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Perform Admin actions from a user account System
My normal OS X account is not the "Administrator" account. For daily use, I want as much protection as possible so that I don't screw up the system. However, there are times when I need Admin privileges or even root privileges. In the past, I used to logout of my user account and login to my Admin account to perform these tasks.

I've discovered an easier way for simple jobs. Since OS X is a true multiuser system I can be logged in more than once at the same time! I open a terminal window and from my user prompt, I type login admin_name where admin_name is the name of my Admin account. I then enter my Admin password when prompted and voila, I'm logged in as the Administrator.

From there, I can do anything I want with all of the privileges of my Admin account. And if I need temporary root privileges, I can use sudo. All the while, of course, I am still logged into the GUI with my normal user account.

When you are done in the terminal, type 'exit' or 'logout' to sequentially log out of each account that was logged in.
  • Currently 3.00 / 5
  You rated: 2 / 5 (4 votes cast)

Perform Admin actions from a user account | 13 comments | Create New Account
Click here to return to the 'Perform Admin actions from a user account' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
"su" command
Authored by: j-beda on Jul 25, '02 11:16:03AM

One can also use the "su" command doing something like "su fred" to become fred, which has the advantage of keeping you in the same directory as you were before the "su" command. "login" will cause you to go to the home directory of the account you are logging into.

I think that "su" stands for "set user" or something like that. I also think that for many unix systems "su root" is commonly used to get superuser privledges, but since Mac OS X doesn't have a "root" account by default, the "sudo" command is generally used to execute one command as superuser or "sudo tcsh" to get a login shell as superuser.

(Does the "preview" count as a comment submission? The system is asking me to wait for 60 seconds before hitting the "submit" button.)

[ Reply to This | # ]
su is better than login
Authored by: chabig on Jul 25, '02 12:26:21PM

Thanks for the tip on su. I just tried it and it is better than login for two very good reasons:

1) It does keep you at the same directory
2) It still lets you use the tcsh history. When I used login to change the user, I was not able to use my shell history any more.


[ Reply to This | # ]
Authored by: momerath on Jul 25, '02 11:24:29AM

The same effect can be duplicated by using su, which stands for "substitute user."

[ Reply to This | # ]
Authored by: Vanishing on Jul 25, '02 11:40:26AM

gee, and all those years I've been playing with linux i thought su meant SuperUser.

Now, suddenly it's got a new term definition (2 of 'em!)

Why doesn't anyone tell me about these things?

[ Reply to This | # ]
that's because
Authored by: spartan on Jul 25, '02 10:13:34PM

You may have been using Linux for years, but you've never tried to su to a normal user account
from either root or any normal user account? This is why the "accepted" definition (I know, it's
in the manpage) of calling it SuperUser isn't always accepted among oldguard unix geeks. It was
introduced to me as Switch User. Entering any name works of course, but none will default to
the root account. BSD way of things is better IMHO, and has been sudo for some time now (and
I am aware that Linux has been including it as well for a few years too).

[ Reply to This | # ]
Bad Idea! Use SUDO instead
Authored by: SOX on Jul 25, '02 02:38:46PM

yes that works but you should geet out of the habit.
use command sudo instead. sudo has two major advantages
first it is temporary and your priviledges will time out if you dont use them, which is plus for security. not to mention avoiding disasterously stupid mistakes (real sys admins know they should avoid being root except when required for just this reason.)
second it records your actions in a logfile. you can go back later and see what you did to yourself!
sudo is also polite in that it wont keep asking you for your password after the first occurence within the timeout period.
if you want to enter sudo mode but for longer than a single command then try
sudo su
sudo tsch

[ Reply to This | # ]
Bad Idea! Use SUDO instead
Authored by: Steff-X on Jul 25, '02 06:01:20PM

Just a precision with sudo: you cannot use sudo if your account is not listed in the sudoers file, which is the case for non-admin accounts. In this case, first use su to login as an admin user (admin users are listed in the sudoers file), then you can use sudo.

[ Reply to This | # ]
non-admin account unnecessary...
Authored by: mervTormel on Jul 25, '02 06:50:18PM

you may not realize this, but there is nothing magical about an admin account over non-admin accounts other than the ability to run the sudo command.

there are only two kinds of accounts in unix. root and not-root.

an account in group admin merely has the ability to run sudo.

any account can run su ; it's only requirement is the root password.



[ Reply to This | # ]
non-admin account unnecessary...
Authored by: timrob on Jul 25, '02 07:20:26PM

"any account can run su ; it's only requirement is the root password."

I'm not sure this is completely accurate. I believe the user must be in /etc/sudoers to be able to use su. At least that was how it used to be.
I haven't checked lately.


[ Reply to This | # ]
non-admin account unnecessary...
Authored by: momerath on Jul 25, '02 09:51:32PM

If you try to su while logged in as non-admin, it will tell you that you have to be in the group closest to root, "wheel," in order to su. And you do have to be in the special sudo file in order to sudo.

[ Reply to This | # ]
non-admin account unnecessary...
Authored by: soob on Jul 26, '02 10:19:12AM
> I believe the user must be in /etc/sudoers to be able to use su

this may be true for just su, but not true for su username. I use this regularly on my home machine which I keep logged in to a non-admin account. In order to do admin activities in Terminal, I first need to su admin, then I'm able to use sudo to get things done.

[ Reply to This | # ]
non-admin account unnecessary...
Authored by: maclaw on Jul 25, '02 11:29:07PM

there is more to the admin account than the ability to use sudo. it does, after all, add your username to the group "admin" as well. so if a file is owned by someowner:admin, with rw privileges for owner and group, but not for everyone, then an admin user could access this file while a non-admin user could not access this file (they would, by default, be a member of group "staff", not "admin"). if everyone was admin (i.e. there were no non-admin accounts) then this distinction would be eliminated even though it has nothing to do with the ability to obtain root privileges.

this type of grouping may be unimportant to some, but if you have certain data on the system that is appropriate for the privileged eyes of an admin, but not a regular user, then this is one example where it is important to distinguish between admin and non-admin accounts, not just between root and non-root.

[ Reply to This | # ]
non-admin account unnecessary...
Authored by: shneusk on Jul 26, '02 10:59:44AM

duh, there's more to OS X than Admin's can change stuff in the gui tools like System Preferences.

[ Reply to This | # ]