Admin account security question

Discussion in 'macOS' started by ksgant, Mar 12, 2007.

  1. ksgant macrumors 6502a


    Jan 12, 2006
    There is an article at about "hardening" the security for OS X. In it, it suggests having a separate account for your admin...which you don't log into....and setting up a "normal" account for you to use everyday.

    I've been using my Mac with my account that I set up on day one...which is also the Admin account. Everything I do outside this change system wide preferences....requires the admin password to do. Why would I need to make a separate Admin account and use a "normal" account for day-to-day functions. I mean, it's the same thing, if I wanted to change something system-wide on a normal account, it will still ask for a password.

    I could see doing this if the Admin account = root, but it doesn't. But does anyone else out there just run in a Normal account and have a separate, rarely used Admin account?
  2. Chaszmyr macrumors 601


    Aug 9, 2002
    You'll definitely find some people around here that don't run their admin account. Ideally, it shouldn't really matter, but every once in a while a vulnerability comes along that can only be executed when logged into the admin account.
  3. osirisX macrumors regular

    Mar 1, 2007
    Sydney, Australia
    At first I ran my Mac like that. My account was the admin account. But then that account had some issues. By that time I had read somewhere that you should set up 2 accounts, 1 for yourself which is managed and 1 as an admin. So it set my Mac up like that. It is generally safer to run it like this. The only thing I find annoying is that the admin account's username isn't automatically filled out in the confirmation dialogues.
  4. rhoydotp macrumors 6502


    Sep 28, 2006
    i really don't think this is necessary. macosx, due to its unix root already has a "root" user that has all the authority to do unimaginable things to your machine. your "admin" account is an account that, while it really does not have full authority, can have authority via a "sudo" which gives it "admin" or root-like privileges. everytime it needs "admin" privileges, it will as ask you to type in the password. unless you allow some random code or virus to fool you into typing your password without you thinking about it, you should be fine.

    let me know if this makes sense. englis is my secondary language, you know :D
  5. 2ndPath macrumors 6502

    Feb 21, 2006
    Acutally there is more to the admin user than just the ability to use "sudo". An admin user is member of the unix group admin on Mac OS X. Members of this group have access to some system files and directories without needing to use sudo or the GUI equivalent. So there is additional security to be gained from using a separate account for daily use, which is not an admin account.
  6. rhoydotp macrumors 6502


    Sep 28, 2006
    thanks for pointing that out. i guess my point is, don't be stupid, you'll be fine with the admin account.

Share This Page