Running as admin vs running as limited user

[SecurityTinker]

Alright, so I've read in many places that for daily computing, it is best not to use an administrator account because you can easily destroy this or corrupt that.

I can easily see why this is good practice in Windows, with logged in admin users never getting any further prompts when they want to install software or change system settings, but with OSX, even if you're logged in as an admin, you still have to authorize in the same way as you do if you were using a limited account. The only administrative action that I've found you can do on a logged in OSX admin account without a password is moving files into the /Applications directory. Are there any more?

If there aren't, I really don't see why you should go through the trouble of creating a whole new account just for administration and demoting the account named after you, the administrator.

 

[ChrisA]

Alright, so I've read in many places that for daily computing, it is best not to use an administrator account because you can easily destroy this or corrupt that.

I can easily see why this is good practice in Windows, with logged in admin users never getting any further prompts when they want to install software or change system settings, but with OSX, even if you're logged in as an admin, you still have to authorize in the same way as you do if you were using a limited account. The only administrative action that I've found you can do on a logged in OSX admin account without a password is moving files into the /Applications directory. Are there any more?

If there aren't, I really don't see why you should go through the trouble of creating a whole new account just for administration and demoting the account named after you, the administrator.

First off it is not much "trouble". It takes all of 30 seconds and you only have to do it once.

From a user interface point of view, as you have found out there is not much difference. But when thinking about security you have to think not about the normal day to day things but about what happens when things go wrong. The goal is to prevent a minor security hole from being exploited to cause a major problem.

What happens is that all the programs you run, the programs they in turn run all run as the same user that you logged in as. So if somehow someone slips something in that is bad (a Trojan) then it runs as that user. If you logged in as "admin" then you have a powerful Trojan on your system but if you logged in as a limited user the Trojan would be less powerful and could do less damage.

One could also ask "What's the point of air bags in a car? " They are kind of pointless, until you need them.

 

[FSUSem1noles]

Alright, so I've read in many places that for daily computing, it is best not to use an administrator account because you can easily destroy this or corrupt that.

I can easily see why this is good practice in Windows, with logged in admin users never getting any further prompts when they want to install software or change system settings, but with OSX, even if you're logged in as an admin, you still have to authorize in the same way as you do if you were using a limited account. The only administrative action that I've found you can do on a logged in OSX admin account without a password is moving files into the /Applications directory. Are there any more?

If there aren't, I really don't see why you should go through the trouble of creating a whole new account just for administration and demoting the account named after you, the administrator.

There's a little more to it then just moving files or modifying the dock.

If you run a program on your Mac it inherits the permissions of the user. A piece of malware running as an admin process can write/delete/create/edit a lot more files than one running as a regular user. So malware running as a regular user process can only trash/change the regular users private files UNLESS it is explicitely given a priveleged users password. It is a significant amount of protection that can be had with little inconvenience to the user.

More importantly if you let other people use your computer it's just "safer" to have them logged on as a "non-admin" account..

 

[SecurityTinker]

So that means I should run as a limited user just in case that one program I run finds a way to modify this or that without password authentication, right?

 

[wrldwzrd89]

So that means I should run as a limited user just in case that one program I run finds a way to modify this or that without password authentication, right?

If you are concerned about this, yes - this is a good idea, and will severely limit the damage any such program can do.

 

[FSUSem1noles]

So that means I should run as a limited user just in case that one program I run finds a way to modify this or that without password authentication, right?

Hey, it could happen.. someone I know had ended up getting something through iChat that had corrupted the system and since he was using an Admin account, had to go through and reinstall the whole OS..

 

[SecurityTinker]

Hey, it could happen.. someone I know had ended up getting something through iChat that had corrupted the system and since he was using an Admin account, had to go through and reinstall the whole OS..

Ouch...I'm convinced now. The whole thing is still a bit awkward though. What would you call the admin account that you make? The name "Administrator" is pretty bland.

 

[Queso]

Ouch...I'm convinced now. The whole thing is still a bit awkward though. What would you call the admin account that you make? The name "Administrator" is pretty bland.

"Administrator" is also too obvious. Name it whatever you want, after a planet, your favourite type of pizza, or a car. The important thing is you remember what it is for when you need it

 

[FSUSem1noles]

Ouch...I'm convinced now. The whole thing is still a bit awkward though. What would you call the admin account that you make? The name "Administrator" is pretty bland.

I don't keep it named Administrator I use my full name and give it Admin Priviliges.. The limited user, I use my screenname, which is also my email, aim, etc,etc..

 

[jerryobrecht]

Follow-up Question to "Running as admin vs running as limited user"

Hi. This is an interesting thread, and hope you all don't mind me asking a related question...

I have two accounts on my Mac (running 10.4.11): the Me account which is an Administrator account, and then a System Administrator account (at least that is what it is titled in the window in which you select a user account to log into. The System Administrator account I created by enabling "root" within the, I think, Net Info preference tool. My questions are: "Is the System Administrator account truly root (when I log in, I type in "root" as the account name)?" and "Why would the OS title the account choice as System Administrator rather than root (for security perhaps)?"

Thanks,
Jerry

 

[theyellowdart]

OS X does a pretty solid job of properly implementing user security, even for an Administrator user.

Now, I would never recommend having an Administrator account without a password,or with a very basic password, since an intelligent script/program can exploit that any day of the week and completely bypass the user security in place. But, using an Admin account as an everyday account, coupled with a strong password... and understanding to be careful when a program asks for your password, you can be pretty safe.

So, while it's a decent habit to use your computer as a limited user rather than an Administrator, it's not as important as it would be on say... Windows XP and prior, or Vista with UAC disable. In those cases it would be the same as logging into your machine as root.

My questions are: "Is the System Administrator account truly root (when I log in, I type in "root" as the account name)?" and "Why would the OS title the account choice as System Administrator rather than root (for security perhaps)?"

yes, the System Administrator account truly is root. And the account long name is just System Administrator, with a short name of root. So it's not security at all, just how apple named it (Since root techincally is the System Administrator)

 

[wrldwzrd89]

Hi. This is an interesting thread, and hope you all don't mind me asking a related question...

I have two accounts on my Mac (running 10.4.11): the Me account which is an Administrator account, and then a System Administrator account (at least that is what it is titled in the window in which you select a user account to log into. The System Administrator account I created by enabling "root" within the, I think, Net Info preference tool. My questions are: "Is the System Administrator account truly root (when I log in, I type in "root" as the account name)?" and "Why would the OS title the account choice as System Administrator rather than root (for security perhaps)?"

Thanks,
Jerry

To answer your questions:
1: Yes, this is truly the root account. Leaving it enabled is not wise unless you absolutely require it for some administrative task.
2. Yes, it probably is done for security reasons. It's probably also done to distinguish it from regular administrators, and to make the name more user-friendly to those who see the log in screen.

 

[FSUSem1noles]

Hi. This is an interesting thread, and hope you all don't mind me asking a related question...

I have two accounts on my Mac (running 10.4.11): the Me account which is an Administrator account, and then a System Administrator account (at least that is what it is titled in the window in which you select a user account to log into. The System Administrator account I created by enabling "root" within the, I think, Net Info preference tool. My questions are: "Is the System Administrator account truly root (when I log in, I type in "root" as the account name)?" and "Why would the OS title the account choice as System Administrator rather than root (for security perhaps)?"

Thanks,
Jerry

Yes, System Administrator is Root.. and I wouldn't be logging into the Root account to do everyday computing..

 

[theyellowdart]

To answer your questions:
1: Yes, this is truly the root account. Leaving it enabled is not wise unless you absolutely require it for some administrative task.

I kinda disagree, having your root account enabled isn't a big security risk (as long as it uses a secure password), in reality... it really isn't a security risk at all. Even with it disabled someone can still use su to gain root privilages on a machine, even with root disabled.

Yes, System Administrator is Root.. and I wouldn't be logging into the Root account to do everyday computing..

This I strongly agree with, that is a BAD BAD security habit a few co-workers got in the habit of doing for whatever inane reason.

 

[Queso]

System Administrators are members of the in-built sudoers group, which means they can temporarily promote their access rights to root equivalence by entering their password. However, by default they still have a lower access level than root.

EDIT: Just read that post again, and yep, it's THE System Administrator account he's talking about there....yeah, that one's root.

 

[GGJstudios]

Hey, it could happen.. someone I know had ended up getting something through iChat that had corrupted the system and since he was using an Admin account, had to go through and reinstall the whole OS..

"getting something through iChat"... can you explain? Did they:

1. Accept a file transfer from someone, then
2. Launch the file by clicking on it, then
3. Type in their admin password to allow the installation to proceed?

Or did something just "take over" their system while on iChat with no intervention on their part? Is there an example of malware that can run on a Mac without the user actively accepting the download, launching the installation and entering their password? I'd like to know specifics, if that is the case.

 

[FSUSem1noles]

This I strongly agree with, that is a BAD BAD security habit a few co-workers got in the habit of doing for whatever inane reason.

Wow! that's unreal..

I have my root account enabled, just because e I prefer using the GUI over command line..

 

[theyellowdart]

System Administrators are members of the in-built sudoers group....

Correct me if I'm wrong, but isn't it Administrators are members of the sudoers group. not "System Administrators"?

I believe the only user account that is classified as a system administrator, and in the system administrator group is indeed root. I may be wrong on that one though.

Wow! that's unreal..

I have my root account enabled, just because e I prefer using the GUI over command line..

Yea, don't get me started on that one.

 

[FSUSem1noles]

"getting something through iChat"... can you explain? Did they:

1. Accept a file transfer from someone, then
2. Launch the file by clicking on it, then
3. Type in their admin password to allow the installation to proceed?

Or did something just "take over" their system while on iChat with no intervention on their part?

They were sent a file from a friend who didn't know the file was infected..

So, it's not like you can just say, well, don't download or accept something from someone you don't know..

Because you can just as easily get something from someone you do know, who is unsuspecting..

 

[Queso]

Correct me if I'm wrong, but isn't it Administrators are members of the sudoers group. not "System Administrators"?

I corrected myself, but left the original text in the post to avoid confusion if someone then quoted it. Administrators is right.

 

[iShater]

Wow! that's unreal..

I have my root account enabled, just because e I prefer using the GUI over command line..

Any root should be only using the terminal.

I know folks who not only use the admin accounts on system, it is a shared account/password with others.

 

[theyellowdart]

I corrected myself, but left the original text in the post to avoid confusion if someone then quoted it. Administrators is right.

Ahh, didn't see the edit.

 

[GGJstudios]

They were sent a file from a friend who didn't know the file was infected..

So, it's not like you can just say, well, don't download or accept something from someone you don't know..

Because you can just as easily get something from someone you do know, who is unsuspecting..

Still, they would have had to launch the file, then type in their password to install it. The point is, just running daily as Administrator (not root) doesn't make you vulnerable to malware, unless you actively install something that you're not certain is safe.

 

[theyellowdart]

Any root should be only using the terminal.

I know folks who not only use the admin accounts on system, it is a shared account/password with others.

That's not to far off from this:

 

[FSUSem1noles]

Any root should be only using the terminal.

I know folks who not only use the admin accounts on system, it is a shared account/password with others.

LoL... yeah, yeah..

lol, shared admin account! I love it!!!