Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'A vulnerability with the screensaver password lock' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
A vulnerability with the screensaver password lock
Authored by: GaelicWizard on Jun 04, '04 04:12:52PM

You should never give out admin rights to anybody, except the administrator. This is Multi-user environments 101 (and UNIX 101, and Linux 101, but seems to be missing from Mac OS X 101...)

Most of you out there are quite happy to make admin user after admin user, but this is just BEGGING for trouble. Not from the human being behind that user, necessarily, but because all kinds of unexpected issue arise, like a virus or worm or applescript that a website might provide has admin privs!!! Or users being able to screw something up accidentally, or a list of other reasons that are listed so many times across the web (and even on this site) that I won't keep going.

Nobody should be an administrator except the administrator, and it should be a separate account! On my machine and all the machines I set up for friends or administer at work, whether XP or X or *nix have one administrator account, and ALL other accounts are limited. (on *nix this is a no-brainer since there is root and non-root already, so there is no extra work needed.)

If there is need for more than one administrator, then ask yourself why these two people need *separate* admin accounts, since they both already have non-admin user accounts for all their non-admin activity.

---
Pell



[ Reply to This | # ]
A vulnerability with the screensaver password lock
Authored by: Aristotle on Jun 06, '04 05:30:17PM

Admin users on OSX are not quite the same as XP Administrator users which is analogous too the wheel group. I agree that you should only give out Admin access to trusted users but if you are trusting them with with sensitive data in a corporate environment already, giving them admin access on their own machine is no big deal. Admin on OSX is more like Power user group under XP except you can escalate to root through sudo.



[ Reply to This | # ]