running as a non admin

Discussion in 'Mac Apps and Mac App Store' started by BigDawgES, Apr 20, 2005.

  1. BigDawgES macrumors member

    BigDawgES

    Joined:
    Mar 31, 2003
    #1
    I've heard folk on the net advise mac users against setting their main account at "Administrator", with the logic that it's harder to mess with important parts of your OS if you're not an admin.

    My question is:
    Do I negate the aforementioned benefit if I supply a different user's admin log/pass every time I install new software? Is there a "preferred" method of installing software with this kind of setup?

    Thanks for your input!
    -Ethan
     
  2. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #2
    Ethan, I made this change to my system fairly recently, and got a lot of help from others here. You do lose the benefit in the sense that once you provide the password, you have given whatever installer you are running free reign. However, you know that it is happening because you were forced to authenticate.

    With that being said, I think this is still beneficial. There is one caveat I found. I think the "preferred" method is probably to use either fast-user-switching and/or logout/login and to login as your admin account and do this work, or else to change ownership of all the installed files to root, as opposed to just providing the authentication when you are requested to do so. The reason for this is that, although the authentication will use another account, the software will still be installed under your account, and will still be owned by your account. Other programs running on your computer in your (non-admin) account will therefore be able to make at least some modifications to the files, because you own them, even though they are in folders in the system which you do not own, because the application file itself is a folder which you do own.

    This is confusing (to me) so let me try an example. You do not own the /users directory. Therefore you cannot delete your home directory without superuser access. On the other hand, you do own your home directory. So even though your /users/YOU/Library folder is located within /users, which you do not own, you are able to modify it because it is located in your home directory, which you do own.

    The same applies to applications. Each OS X application is actually a folder. If you install firefox, you get:

    /applications/internet/firefox.app <-- this is the package that you dragged over from the disk image, which appears with an icon in Finder and is called simply "firefox."

    Inside this folder are other things, such as...

    /applications/internet/firefox.app/contents/macos/searchplugins

    Because you own firefox.app and everything inside it, you will be able to modify the searchplugins folder without authenticating.

    So that's the problem. If you actually fully log in as your admin account (or as root for that matter), that account will own the folder, and you will not be able to modify these files without authentication. In this case, firefox will not be able, for instance, to install new files to the searchplugins folder from your non-admin account.

    If you don't even want these files to be unknowingly changed when you are logged in as admin, then you need to take the additional step of changing the ownership of the .app folder and all subcontents to root:admin, which you do like this:

    sudo chown -R root:admin firefox.app

    for instance. You will need to do this from an admin account, because your non-admin account is (unless you change this) not on the sudo permission list. It doesn't matter if the pre-change ownership was your admin account or your non-admin account. The -R option is necessary to change all the files inside the app or folder (you do this on the rootmost folder).

    So actually, in conclusion, in the safest way, it doesn't matter whether you log in as your admin account or not, but after you install them, you should do the chown thing. If you want to be really anal about it, there are also folders in /library that your account will have ownership of, and should not, so I think you probably also have to do

    sudo chown -R root:admin /library

    while logged in as an admin... I'm not entirely sure that this last step will work without munging things up. Can anyone back me up on that?
     
  3. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #3
    Here is an article you may find interesting. No real fact, just opions. Its mentions that it isn't really unsafe to run as root. Its talking about linux, but some of it applies to OS X. I personally run OS and XP as an Admin and Linux as root.

    Here the actual page where they speak about root accounts.
     
  4. Westside guy macrumors 601

    Westside guy

    Joined:
    Oct 15, 2003
    Location:
    The soggy side of the Pacific NW
    #4
    Well, you gotta realize that the Linspire dude is talking about this because that's been the biggest criticism against Linspire - you're running as root by default. So understand that it is by no means unbiased; then I recommend you read the feedback to that article that's on Slashdot for the countervaling view.
     
  5. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #5
    I understand, thats why I said it was only one opinion. I agree with him a little though. What am I going to hurt running as Admin? I've been using computers enough to know what I'm putting on my computer. I also know enough not to delete system files. I perfer the ease of running as admin over the little security it supplies.
     
  6. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #6
    I could see this... It depends a lot on whether your system is "stable" in the sense of not needing a lot of new software. If it is, I think the benefit/cost ratio is much more advantageous than if it is not.

    OTOH, I think Mr. Linspire exaggerates somewhat. If your implementation of user access levels is set in such a way that the only options are root or such a degree of restriction that you cannot change your desktop background, then you have not designed a very good system. ;)
     
  7. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #7
    Administrator and root are two different levels of privilege. An Administrator account cannot damage the System. The root account can do anything--deliberately or accidentally.
     
  8. grapes911 Moderator emeritus

    grapes911

    Joined:
    Jul 28, 2003
    Location:
    Citizens Bank Park
    #8
    Of course they are different. Root can do anything. Admin can wipe out your Apps folder. It can sudo to Root and do anything. Admin can screw your system up, just not as easily. I (and most other people) would never deliberately destroy my own system. I also feel comfortable enough not to accidentally do it.
     
  9. mkrishnan Moderator emeritus

    mkrishnan

    Joined:
    Jan 9, 2004
    Location:
    Grand Rapids, MI, USA
    #9
    Yeah, I think this has a lot of truth -- it's more of a control thing for a lot of us command-line geeks :rolleyes: ... it's the idea that an application may make a change of which we are unaware in, say, the apps folder. The apps folder is really where it becomes problematic, because if one uses a primary admin account, these changes can be made without authenticating, so you may never know about them if a program makes them on your behalf.
     
  10. BigDawgES thread starter macrumors member

    BigDawgES

    Joined:
    Mar 31, 2003
    #10
    Thanks!

    Thank you all for your insight! I have a better idea of the situation now.
     
  11. Westside guy macrumors 601

    Westside guy

    Joined:
    Oct 15, 2003
    Location:
    The soggy side of the Pacific NW
    #11
    Bottom line

    The bottom line, I think, is this: If your regular account is a non-admin account, the only difference most users will see is they'll have to type in an admin account's username and password when attempting to do something that requires privilege. Admin accounts have that username filled in - they'll still have to type in their password.

    OS X makes running as a non-admin as painless as possible.
     

Share This Page