Admin or normal account

Discussion in 'macOS' started by Seppola, Aug 8, 2009.

  1. Seppola macrumors newbie

    Joined:
    Aug 7, 2009
    Location:
    Norway
    #1
  2. t0mat0 macrumors 603

    t0mat0

    Joined:
    Aug 29, 2006
    Location:
    Home
    #2
    Day to day, it makes more security sense, right?
     
  3. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #3
    Depends how much security you want/need. There's been a couple of threads on this before. I use a standard account exclusively. Never need to login into my admin account. It's also necessary for where I work for my work machine. In the end, it's up to you. There's not a ton out there that can hurt a Mac.
     
  4. Seppola thread starter macrumors newbie

    Joined:
    Aug 7, 2009
    Location:
    Norway
    #4
    Thanks, but what are the differences exactly?
     
  5. angelwatt Moderator emeritus

    angelwatt

    Joined:
    Aug 16, 2005
    Location:
    USA
    #5
    A standard account doesn't have as many permissions. Installing/copying files into the Applications folder will require you to enter your admin account info (which can be done while logged in as a standard user). Certain System Preferences will require you to enter your admin credentials (though some even require admin users). Things like that. Talking about everything would take too long and likely wouldn't be things that effect you.
     
  6. gusious macrumors 65816

    gusious

    Joined:
    Dec 2, 2007
    Location:
    Greece
    #6
    I say admin account as long as you know what you're doing but as all the other said it's more safe to use normal account. I have an admin account.:)
     
  7. kasakka macrumors 68000

    Joined:
    Oct 25, 2008
    #7
    I use an admin account as well because I just can't be bothered to type my password every time I change some simple setting.
     
  8. J the Ninja macrumors 68000

    Joined:
    Jul 14, 2008
    #8
    Admins can:

    Write to /Applications
    Write to /Library
    Read several log files normal users cannot
    Change system prefs without authenticating (this one can be disabled)
    Run sudo
    Authenticate (technically, that is just running sudo, so this goes under the previous one)


    There are some other things I missed, I'm sure, but those are the major ones. Really, I don't think running as admin day-to-day is a big deal. In fact, the admin account is MEANT to be a day-to-day account, that is the whole point. It's an account with some extra privileges you might need regularly, plus the authority to get the remaining privileges by proving it's you (via sudo)
     
  9. mslide macrumors 6502a

    Joined:
    Sep 17, 2007
    #9
    I use an admin account. It's really more a personal preference thing. All running a standard account means, for the average Mac user, is that you'll have to type in a password a few more times than if you used an admin account. Running either one, on a day to day basis, is really not much better/worse than the other as long as you understand the implications. The other reason I like to use the admin account all the time is so I can run sudo, which I tend to do often.

    Now, would I want my wife's account to be an admin account? No. She has no reason to install apps or do things that require elevated privileges.
     
  10. Steve-M macrumors regular

    Joined:
    Jun 12, 2009
    #10
    The concept of using a standard, non administrator account, for your daily use is strictly from a security stand point. If you are doing your daily thing from an account that has system wide write permission, any virus, trojan, or spyware that you run into will also have system wide write permission. On the other hand, if your daily account is a standard user account, any malicious program you run into will not be able to write beyond the home folder of the account your logged into. Thus the malicious program will be at the very least handicapped, if not disabled.

    That being said, Mac OS X does have some security precautions built in to help protect the system. For example, nothing gets installed with out your administrator password being entered. I prefer my daily account to be a standard account. The only real difference you will notice in OS X is that you will have to enter your administrator name and password, vs. just the password, and you can not sudo. There are ways around the later, the easiest would be to su into your administrator account before issuing sudo.
     
  11. MarkMS macrumors 6502a

    Joined:
    Aug 30, 2006
    #11
    This is why everyone who doesn't know what they are doing should use a Standard account for daily use. I've exclusively use Standard accounts only on all of my machines, even though I know the implications of using an Admin account. I even advise and help set this up for my family and friends. It takes a few seconds to enter your credentials into the dialogue box, but it's worth it.

    OS X is become a bigger platform and hackers are slowly beginning to exploit the system. It's better to be prepared now than wait until later. "Socially-engineered" trojans are already on the prowl for OS X machines. Along with the "open safe files after downloading" setting in Safari, OS X can be overtaken by hacker if the user isn't careful. This can become even worse if there is an active exploit that Apple doesn't know about or decides to wait to patch it up.

    Just the other day I was reading about someone looking for the Health club shooters blog and stumbled on a site which automatically downloaded a .dmg. He had the open Safe files setting in Safari turned on and it actually opened the .dmg and started the installer without asking him. Luckily, he caught on that it was some weird app and canceled the installer. Most computer illiterate people would have clicked through until the dialogue box was gone.

    EDIT: +1 to what Steve-M said.
     
  12. Steve-M macrumors regular

    Joined:
    Jun 12, 2009
    #12
    Case in point, never surf the web as root.
     
  13. maflynn Moderator

    maflynn

    Staff Member

    Joined:
    May 3, 2009
    Location:
    Boston
    #13
    Personally, I've always logged in as the admin on my computers, be they windows, OSX or Linux (Ubuntu). I never log in as root, as the risk of messing something up is great but as for admin. It seems to make too much sense, at least for me.
     
  14. mslide macrumors 6502a

    Joined:
    Sep 17, 2007
    #14
    I agree, however, there's a big difference between an OSX admin account and the root account.
     
  15. Steve-M macrumors regular

    Joined:
    Jun 12, 2009
    #15
    This is true, but with the use of sudo, one can do anything from a admin account that root can do. I guess it just boils down to personal preference. :)
     
  16. J the Ninja macrumors 68000

    Joined:
    Jul 14, 2008
    #16
    So disable the sudo timeout and use a good password. You can also change the commands that users from group admin can run away from the default of "ALL"
     
  17. Emmanuel macrumors newbie

    Joined:
    Aug 11, 2009
    Location:
    Massachsetts, USA
    #17
    If I remember correctly, administrative users are part of the "admin" group, I have also heard people call it the "wheel" group. Basically it allows those users to do some admin level tasks.

    It's actually the same as in Ubuntu Linux on the technical side. The root account is disabled, and all administrators use "sudo" (or the graphical equivalent) to get higher privileges.
     
  18. Steve-M macrumors regular

    Joined:
    Jun 12, 2009
    #18
    It is a very basic security precaution not to use a administrator account for your daily account. The above quote is one reason why.
     
  19. J the Ninja macrumors 68000

    Joined:
    Jul 14, 2008
    #19
    admin and wheel are two different groups.
     
  20. Consultant macrumors G5

    Consultant

    Joined:
    Jun 27, 2007
    #20
    This part is completely false. In OSX, no matter what account type you are using, any operation that happens outside the user folder will have to be authenticated.
     
  21. dmmcintyre3 macrumors 68020

    Joined:
    Mar 4, 2007
    #21
    I choose nether. I run as root all the time my computer is on. Never have to type my password at all except on login
     
  22. J the Ninja macrumors 68000

    Joined:
    Jul 14, 2008
    #22
    :O
     

    Attached Files:

  23. MisterMe macrumors G4

    MisterMe

    Joined:
    Jul 17, 2002
    Location:
    USA
    #23
    I believe that this poster is beyond help. Lest anyone else be tempted, running as root is an incredibly bad idea. Having run MacOS X since it went online in 2001, I have never had the need to enable my root account. The minor inconvenience incurred in typing my password is a small price to pay for the insurance that I never need to worry about malware.
     
  24. Steve-M macrumors regular

    Joined:
    Jun 12, 2009
    #24
    Please see below.
     
  25. Steve-M macrumors regular

    Joined:
    Jun 12, 2009
    #25
    I wondered what apple had to say about using a administrator account for daily use. I'm going to quote apples leopard security guide below. You can download and read it for yourself here.

    And from page 61

     

Share This Page