BigDawgES said:
Do I negate the aforementioned benefit if I supply a different user's admin log/pass every time I install new software? Is there a "preferred" method of installing software with this kind of setup?
Ethan, I made this change to my system fairly recently, and got a lot of help from others here. You do lose the benefit in the sense that once you provide the password, you have given whatever installer you are running free reign. However, you know that it is happening because you were forced to authenticate.
With that being said, I think this is still beneficial. There is one caveat I found. I think the "preferred" method is probably to use either fast-user-switching and/or logout/login and to login as your admin account and do this work, or else to change ownership of all the installed files to root, as opposed to just providing the authentication when you are requested to do so. The reason for this is that, although the authentication will use another account, the software will still be installed under your account, and will still be owned by your account. Other programs running on your computer in your (non-admin) account will therefore be able to make at least some modifications to the files, because you own them, even though they are in folders in the system which you do not own, because the application file itself is a folder which you do own.
This is confusing (to me) so let me try an example. You do not own the /users directory. Therefore you cannot delete your home directory without superuser access. On the other hand, you do own your home directory. So even though your /users/YOU/Library folder is located within /users, which you do not own, you are able to modify it because it is located in your home directory, which you do own.
The same applies to applications. Each OS X application is actually a folder. If you install firefox, you get:
/applications/internet/firefox.app <-- this is the package that you dragged over from the disk image, which appears with an icon in Finder and is called simply "firefox."
Inside this folder are other things, such as...
/applications/internet/firefox.app/contents/macos/searchplugins
Because you own firefox.app and everything inside it, you will be able to modify the searchplugins folder without authenticating.
So that's the problem. If you actually fully log in as your admin account (or as root for that matter), that account will own the folder, and you will not be able to modify these files without authentication. In this case, firefox will not be able, for instance, to install new files to the searchplugins folder from your non-admin account.
If you don't even want these files to be unknowingly changed when you are logged in as admin, then you need to take the additional step of changing the ownership of the .app folder and all subcontents to root:admin, which you do like this:
sudo chown -R root:admin firefox.app
for instance. You will need to do this from an admin account, because your non-admin account is (unless you change this) not on the sudo permission list. It doesn't matter if the pre-change ownership was your admin account or your non-admin account. The -R option is necessary to change all the files inside the app or folder (you do this on the rootmost folder).
So actually, in conclusion, in the safest way, it doesn't matter whether you log in as your admin account or not, but after you install them, you should do the chown thing. If you want to be really anal about it, there are also folders in /library that your account will have ownership of, and should not, so I think you probably also have to do
sudo chown -R root:admin /library
while logged in as an admin... I'm not entirely sure that this last step will work without munging things up. Can anyone back me up on that?
