Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'non-admin account unnecessary...' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
non-admin account unnecessary...
Authored by: mervTormel on Jul 25, '02 06:50:18PM

you may not realize this, but there is nothing magical about an admin account over non-admin accounts other than the ability to run the sudo command.

there are only two kinds of accounts in unix. root and not-root.

an account in group admin merely has the ability to run sudo.

any account can run su ; it's only requirement is the root password.

regards,

-mt



[ Reply to This | # ]
non-admin account unnecessary...
Authored by: timrob on Jul 25, '02 07:20:26PM

"any account can run su ; it's only requirement is the root password."

I'm not sure this is completely accurate. I believe the user must be in /etc/sudoers to be able to use su. At least that was how it used to be.
I haven't checked lately.

Tim



[ Reply to This | # ]
non-admin account unnecessary...
Authored by: momerath on Jul 25, '02 09:51:32PM

If you try to su while logged in as non-admin, it will tell you that you have to be in the group closest to root, "wheel," in order to su. And you do have to be in the special sudo file in order to sudo.



[ Reply to This | # ]
non-admin account unnecessary...
Authored by: soob on Jul 26, '02 10:19:12AM
> I believe the user must be in /etc/sudoers to be able to use su

this may be true for just su, but not true for su username. I use this regularly on my home machine which I keep logged in to a non-admin account. In order to do admin activities in Terminal, I first need to su admin, then I'm able to use sudo to get things done.

[ Reply to This | # ]
non-admin account unnecessary...
Authored by: maclaw on Jul 25, '02 11:29:07PM

there is more to the admin account than the ability to use sudo. it does, after all, add your username to the group "admin" as well. so if a file is owned by someowner:admin, with rw privileges for owner and group, but not for everyone, then an admin user could access this file while a non-admin user could not access this file (they would, by default, be a member of group "staff", not "admin"). if everyone was admin (i.e. there were no non-admin accounts) then this distinction would be eliminated even though it has nothing to do with the ability to obtain root privileges.

this type of grouping may be unimportant to some, but if you have certain data on the system that is appropriate for the privileged eyes of an admin, but not a regular user, then this is one example where it is important to distinguish between admin and non-admin accounts, not just between root and non-root.



[ Reply to This | # ]
non-admin account unnecessary...
Authored by: shneusk on Jul 26, '02 10:59:44AM

duh, there's more to OS X than Terminal.app. Admin's can change stuff in the gui tools like System Preferences.



[ Reply to This | # ]