Run as root or not?

Discussion in 'Mac Basics and Help' started by Forkjulle, Aug 22, 2012.

  1. Forkjulle macrumors regular

    Joined:
    Aug 1, 2012
    #1
    I read in another forum that after getting a Mac, one should create another login account (without admin privileges) so that one doesn't log in as root (for security reasons).

    Is this necessary?
     
  2. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #2
    The default user account is not root, but an admin account, which is perfectly fine to use on a daily basis. It is not necessary to set up a different account than the one you started with, unless you're adding another user.
     
  3. simsaladimbamba

    Joined:
    Nov 28, 2010
    Location:
    located
    #3
    A normal Admin account is not running with root privileges. Running a normal Admin account is nothing to be feared of, as everything that wants access to system files or folders asks for a password anyway.
     
  4. killerrobot macrumors 68020

    killerrobot

    Joined:
    Jun 7, 2007
    Location:
    127.0.0.1
    #4
    No, it's not necessary.
    Yes, it does add an extra layer of security.
     
  5. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #5
    What layer? There is no security advantage to setting up a separate non-admin account.
     
  6. Forkjulle thread starter macrumors regular

    Joined:
    Aug 1, 2012
    #6
    So, admin and root are not the same? Okay. (I come from an Ubuntu background.)
     
  7. lostngone macrumors demi-god

    lostngone

    Joined:
    Aug 11, 2003
    Location:
    Anchorage
    #7
    The Mac admin account and root are two different things. By default root is disabled.

    Yes you can create a new non-admin user and run as that user.

    In most cases root should stay disable and if you need elevated privileges just use "sudo -i"
     
  8. killerrobot, Aug 22, 2012
    Last edited: Aug 22, 2012

    killerrobot macrumors 68020

    killerrobot

    Joined:
    Jun 7, 2007
    Location:
    127.0.0.1
    #8
    It asks you to type in the admin account name as well as the password, instead of just the password for any system changes.

    Pretty useless I know, but it's an extra "step". Also, I think it all really depends on if you're the sole user of the computer or not. If you're sharing it with others, then it's best to use a standard at all times and keep the admin user/password combo to yourself if you're the admin.

    Also, a simple google search shows not running even as admin even though it doesn't have root access if preferable security wise (if you want to believe them or not its up to you).
    https://www.google.com/search?q=adv...s=org.mozilla:en-US:official&client=firefox-a
     
  9. GGJstudios, Aug 22, 2012
    Last edited: Aug 22, 2012

    GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #9
    A standard user can install some apps for that user without entering an admin password, so there is no extra step in many cases.
    If you're sharing with others, it's best to set up a separate account for each user, whether your account is standard or admin. Again, no advantage to running standard.

    Yes, I know many people claim it's preferable, but they're just repeating what they heard. I think many carry over this line of thought from Windows, where there is more of a security difference. They don't provide any proof that there is an advantage on Mac OS X.

    There is no security benefit to running a standard vs an admin account.
     
  10. killerrobot macrumors 68020

    killerrobot

    Joined:
    Jun 7, 2007
    Location:
    127.0.0.1
    #10
    A standard user is almost always asked to authenticate (enter admin username and password) when installing a new app while an admin is not. That's the extra step of protection. Unless they changed this in Mountain Lion, it has always been that way as far as I remember under OSX.

    Is it worth the extra step of protection if you're the only user and you know what you're doing? Probably not. However with more and more malware available, it's an added step of security. Again, it's up to the user if they want it or not.

    EDIT: I noticed you placed "some" in front of apps, which I agree with. However, it is not all, and that's an added step of security.
     
  11. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #11
    That's not true. Create a standard user account. Download, install and launch iStat Pro. Download and launch All2MP3. This is just 2 examples where no password is requested or required. Some apps will ask for a password; many don't.
     
  12. killerrobot macrumors 68020

    killerrobot

    Joined:
    Jun 7, 2007
    Location:
    127.0.0.1
    #12
    I edited my "always" to an "almost always" realizing this. Download Adium and it requests a password. I imagine it requests to authenticate if it has to write anything to the system library as opposed to just the user library.

    So, I'll rewrite my original post.

     
  13. chown33 macrumors 604

    Joined:
    Aug 9, 2009
    #13
    Running as non-admin should add an authentication step when deleting standard installed-with-the-OS programs.

    How many times have people come here and posted "I accidentally deleted my System Preferences? Where do I get a replacement?".
     
  14. munkery, Aug 22, 2012
    Last edited: Aug 22, 2012

    munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #14
    Any app that installs without password authentication in an admin account can be installed in a standard account by adding an Applications folder in the user's home directory and then installing apps in that Application folder instead of the default Applications folder.

    Sources referring to the admin accounts on Mac being dangerous always refer to files being modified by malware that require password authentication to modify. For example, files in the /System folder.

    The logic being if a user can authenticate the change then it is a dangerous account type. So, if your the admin you don't want non-admins to have that capability.

    But on a single user system where the user will know the admin password even if running as a standard user it makes no difference because the user can authenticate using the admin account credentials from the standard account.

    Sources making admin accounts on Mac sound like a security risk seem to make it sound like the referred to modifications occur without password authentication, which is untrue.
     
  15. munkery, Aug 22, 2012
    Last edited: Aug 22, 2012

    munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #15
    All default (installed-with-the-OS) apps can't be modified or deleted. The user isn't even asked to authenticate.

    The apps can still be modified if you "Show package contents" of the application bundle and make changes to the files within the bundle. You will be prompted for password authentication to complete the changes.

    I believe this started with Lion? In SL, these apps could be modified or deleted with password authentication.

    Mac App Store apps require password authentication to modify and delete since the introduction of the Mac App Store.
     

    Attached Files:

  16. munkery macrumors 68020

    munkery

    Joined:
    Dec 18, 2006
    #16
    BTW, Ubuntu account types are the same as OS X.

    Root is deactivated but can elevate privileges via sudo, which requires admin password.
     

Share This Page