Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Admin User | 20 comments | Create New Account
Click here to return to the 'Admin User' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Admin User
Authored by: PDubNYC on Mar 03, '09 10:24:18AM

Although I have all of my users in my office using non-admin accounts, I certainly disagree that EVERYONE should be using a standard account. I would go insane with permissions issues if I weren't running as an Admin user everyday.

That's my 2 cents, but thanks anyways for your forced advice.

and how about just running softwareupdate -l in Terminal

You are making things so much more difficult than they have to be.



[ Reply to This | # ]
Admin User
Authored by: neill on Mar 03, '09 11:41:03AM

>>I would go insane with permissions issues if I weren't
>>running as an Admin user everyday.

How hard is it to just type in an admin account name and password when requested. Granted . . . it's harder than just being an admin user all the time . . .and it pops up when you (for instance) try to copy something to the Applications folder; but it really doesn't happen all that often. Given the much greater access that an admin user has and the possibility (admittedly relatively low) of a worm/trojan/what-have-you coming in that tries to do bad things . . .I gave up long ago and moved all of my home machine accounts to non admin (except my file server which stays logged in all the time as admin so that Time Machine will properly handle parts of my backup routines). Everything else runs day to day as normal user; authenticating as necessary.



[ Reply to This | # ]
Admin User
Authored by: frgough on Mar 03, '09 11:52:36AM

How much more secure is it to have to type in admin name and password instead of just password?

Even with a non-admin privileges, my trojan can play merry hob with your personal data.



[ Reply to This | # ]
Admin User
Authored by: Anonymous on Mar 04, '09 10:50:13AM
No, the issue is that some actions do not require a password when using an administrative user account.

[ Reply to This | # ]
Admin User
Authored by: frgough on Mar 05, '09 07:21:55AM

Like what?



[ Reply to This | # ]
Admin User
Authored by: ansiwen on Mar 06, '09 10:57:39AM

Exactly, ONLY with your personal data, and it cannot modify system wide executables in /Applications or /Library



[ Reply to This | # ]
Admin User
Authored by: leamanc on Mar 03, '09 06:45:50PM

I have to agree with this sentiment, as far as OS X is concerned. And, to a lesser extent, even with Windows in the Vista/UAC era. You are going to be prompted to death for anything that could be potentially harmful ("yes, OS X, I really want to open up that HTML file I downloaded!").

And running as a non-admin user, you will still be prompted for admin credentials when running as a standard user; it's just that your username won't be filled in. Since most people are going to reflexively put in their credentials (just like in Vista, where they will reflexively confirm all UAC prompts), you might as well run as admin anyway.

Since trojans are the biggest security threat to OS X, and they don't necessarily require admin privileges, I see no point to restricting yourself to a standard user if you are competent enough to run a computer.

Running as a non-admin user is fine for your kids, but if you are the owner of the computer, go ahead and run as admin. It's YOUR computer, you should administrate it. There are just too many things you are deprived of as a non-admin user that owners of a computer need to do.

Standard users are also OK for a work/lab environment, as long as it is a desktop, but anybody with a portable will invariably need to do something as an admin when out on the road--create a new network Location, change the time zone, install your corporate VPN client. Either you make these people admins or you end up giving up your admin password over the phone.

Which leads me to one thing Windows has that I wish OS X had: the "power user," which sits in between the standard user and the admin. Or at least, I wish Apple would allow standard users to have arbitrary permissions assigned...and no, parental controls doesn't count, and managed clients via OS X Server and Workgroup Manager doesn't do me much good for those travelers with laptops.



[ Reply to This | # ]
Admin User
Authored by: Anonymous on Mar 04, '09 10:53:53AM
As I pointed out to frgough above, administrative user accounts are not necessarily prompted for a password when performing potentially harmful actions.

I'm not advocating that everyone run as a non-admin user -- just setting you straight on a misconception.

[ Reply to This | # ]

Admin User
Authored by: ansiwen on Mar 06, '09 11:44:38AM

You are mixing two things up here. Just to administrate your computer you don't have to use an admin account all the time. It is a general and wise security rule that you take privileges only when you need them and drop them as soon as possible.

Coming from the Unix side I was using a non-admin account as a matter of course from the very beginning. There is absolutely no problem in doing so.



[ Reply to This | # ]
Admin User
Authored by: ansiwen on Mar 06, '09 10:48:13AM

If you agree, that there are "permission issues" with using an admin account, you will also agree that there is a difference in permissions of an admin- and a non-admin account. (In fact, the difference is just being in the "admin" group or not.) It does not matter at all, what threat scenario you're looking at (viruses, trojans, the user itself...), the attack surface is always significantly lower if you are not working with an admin account. And there is no difference in security demands for normal or admin users, although there are some "administrators" who think they don't need the same security as their users.



[ Reply to This | # ]