Running as admin vs running as limited user

Discussion in 'macOS' started by SecurityTinker, Jul 30, 2008.

  1. SecurityTinker macrumors newbie

    Joined:
    May 11, 2008
    #1
    Alright, so I've read in many places that for daily computing, it is best not to use an administrator account because you can easily destroy this or corrupt that.

    I can easily see why this is good practice in Windows, with logged in admin users never getting any further prompts when they want to install software or change system settings, but with OSX, even if you're logged in as an admin, you still have to authorize in the same way as you do if you were using a limited account. The only administrative action that I've found you can do on a logged in OSX admin account without a password is moving files into the /Applications directory. Are there any more?

    If there aren't, I really don't see why you should go through the trouble of creating a whole new account just for administration and demoting the account named after you, the administrator.
     
  2. ChrisA macrumors G4

    Joined:
    Jan 5, 2006
    Location:
    Redondo Beach, California
    #2
    First off it is not much "trouble". It takes all of 30 seconds and you only have to do it once.

    From a user interface point of view, as you have found out there is not much difference. But when thinking about security you have to think not about the normal day to day things but about what happens when things go wrong. The goal is to prevent a minor security hole from being exploited to cause a major problem.

    What happens is that all the programs you run, the programs they in turn run all run as the same user that you logged in as. So if somehow someone slips something in that is bad (a Trojan) then it runs as that user. If you logged in as "admin" then you have a powerful Trojan on your system but if you logged in as a limited user the Trojan would be less powerful and could do less damage.

    One could also ask "What's the point of air bags in a car? " They are kind of pointless, until you need them.
     
  3. FSUSem1noles macrumors 68000

    FSUSem1noles

    Joined:
    Feb 23, 2006
    Location:
    Ft. Lauderdale
    #3
    There's a little more to it then just moving files or modifying the dock.

    If you run a program on your Mac it inherits the permissions of the user. A piece of malware running as an admin process can write/delete/create/edit a lot more files than one running as a regular user. So malware running as a regular user process can only trash/change the regular users private files UNLESS it is explicitely given a priveleged users password. It is a significant amount of protection that can be had with little inconvenience to the user.

    More importantly if you let other people use your computer it's just "safer" to have them logged on as a "non-admin" account..
     
  4. SecurityTinker thread starter macrumors newbie

    Joined:
    May 11, 2008
    #4
    So that means I should run as a limited user just in case that one program I run finds a way to modify this or that without password authentication, right?
     
  5. wrldwzrd89 macrumors G5

    wrldwzrd89

    Joined:
    Jun 6, 2003
    Location:
    Solon, OH
    #5
    If you are concerned about this, yes - this is a good idea, and will severely limit the damage any such program can do.
     
  6. FSUSem1noles macrumors 68000

    FSUSem1noles

    Joined:
    Feb 23, 2006
    Location:
    Ft. Lauderdale
    #6
    Hey, it could happen.. someone I know had ended up getting something through iChat that had corrupted the system and since he was using an Admin account, had to go through and reinstall the whole OS..
     
  7. SecurityTinker thread starter macrumors newbie

    Joined:
    May 11, 2008
    #7
    Ouch...I'm convinced now. The whole thing is still a bit awkward though. What would you call the admin account that you make? The name "Administrator" is pretty bland.
     
  8. Queso macrumors G4

    Joined:
    Mar 4, 2006
    #8
    "Administrator" is also too obvious. Name it whatever you want, after a planet, your favourite type of pizza, or a car. The important thing is you remember what it is for when you need it :)
     
  9. FSUSem1noles macrumors 68000

    FSUSem1noles

    Joined:
    Feb 23, 2006
    Location:
    Ft. Lauderdale
    #9
    I don't keep it named Administrator I use my full name and give it Admin Priviliges.. The limited user, I use my screenname, which is also my email, aim, etc,etc..
     
  10. jerryobrecht macrumors newbie

    Joined:
    Aug 22, 2002
    #10
    Follow-up Question to "Running as admin vs running as limited user"

    Hi. This is an interesting thread, and hope you all don't mind me asking a related question...

    I have two accounts on my Mac (running 10.4.11): the Me account which is an Administrator account, and then a System Administrator account (at least that is what it is titled in the window in which you select a user account to log into. The System Administrator account I created by enabling "root" within the, I think, Net Info preference tool. My questions are: "Is the System Administrator account truly root (when I log in, I type in "root" as the account name)?" and "Why would the OS title the account choice as System Administrator rather than root (for security perhaps)?"

    Thanks,
    Jerry
     
  11. theyellowdart macrumors regular

    Joined:
    Jul 29, 2008
    Location:
    The Mitten State
    #11
    OS X does a pretty solid job of properly implementing user security, even for an Administrator user.

    Now, I would never recommend having an Administrator account without a password,or with a very basic password, since an intelligent script/program can exploit that any day of the week and completely bypass the user security in place. But, using an Admin account as an everyday account, coupled with a strong password... and understanding to be careful when a program asks for your password, you can be pretty safe.

    So, while it's a decent habit to use your computer as a limited user rather than an Administrator, it's not as important as it would be on say... Windows XP and prior, or Vista with UAC disable. In those cases it would be the same as logging into your machine as root.

    yes, the System Administrator account truly is root. And the account long name is just System Administrator, with a short name of root. So it's not security at all, just how apple named it (Since root techincally is the System Administrator)
     
  12. wrldwzrd89 macrumors G5

    wrldwzrd89

    Joined:
    Jun 6, 2003
    Location:
    Solon, OH
    #12
    To answer your questions:
    1: Yes, this is truly the root account. Leaving it enabled is not wise unless you absolutely require it for some administrative task.
    2. Yes, it probably is done for security reasons. It's probably also done to distinguish it from regular administrators, and to make the name more user-friendly to those who see the log in screen.
     
  13. FSUSem1noles macrumors 68000

    FSUSem1noles

    Joined:
    Feb 23, 2006
    Location:
    Ft. Lauderdale
    #13
    Yes, System Administrator is Root.. and I wouldn't be logging into the Root account to do everyday computing..
     
  14. theyellowdart macrumors regular

    Joined:
    Jul 29, 2008
    Location:
    The Mitten State
    #14
    I kinda disagree, having your root account enabled isn't a big security risk (as long as it uses a secure password), in reality... it really isn't a security risk at all. Even with it disabled someone can still use su to gain root privilages on a machine, even with root disabled.


    This I strongly agree with, that is a BAD BAD security habit a few co-workers got in the habit of doing for whatever inane reason.
     
  15. Queso macrumors G4

    Joined:
    Mar 4, 2006
    #15
    System Administrators are members of the in-built sudoers group, which means they can temporarily promote their access rights to root equivalence by entering their password. However, by default they still have a lower access level than root.

    EDIT: Just read that post again, and yep, it's THE System Administrator account he's talking about there....yeah, that one's root.
     
  16. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #16
    "getting something through iChat"... can you explain? Did they:

    1. Accept a file transfer from someone, then
    2. Launch the file by clicking on it, then
    3. Type in their admin password to allow the installation to proceed?
    Or did something just "take over" their system while on iChat with no intervention on their part? Is there an example of malware that can run on a Mac without the user actively accepting the download, launching the installation and entering their password? I'd like to know specifics, if that is the case.
     
  17. FSUSem1noles macrumors 68000

    FSUSem1noles

    Joined:
    Feb 23, 2006
    Location:
    Ft. Lauderdale
    #17
    Wow! that's unreal..

    I have my root account enabled, just because e I prefer using the GUI over command line..
     
  18. theyellowdart macrumors regular

    Joined:
    Jul 29, 2008
    Location:
    The Mitten State
    #18
    Correct me if I'm wrong, but isn't it Administrators are members of the sudoers group. not "System Administrators"?

    I believe the only user account that is classified as a system administrator, and in the system administrator group is indeed root. I may be wrong on that one though.


    Yea, don't get me started on that one. :D
     
  19. FSUSem1noles macrumors 68000

    FSUSem1noles

    Joined:
    Feb 23, 2006
    Location:
    Ft. Lauderdale
    #19
    They were sent a file from a friend who didn't know the file was infected..

    So, it's not like you can just say, well, don't download or accept something from someone you don't know..

    Because you can just as easily get something from someone you do know, who is unsuspecting..
     
  20. Queso macrumors G4

    Joined:
    Mar 4, 2006
    #20
    I corrected myself, but left the original text in the post to avoid confusion if someone then quoted it. Administrators is right.
     
  21. iShater macrumors 604

    iShater

    Joined:
    Aug 13, 2002
    Location:
    Chicagoland
    #21
    Any root should be only using the terminal. ;) :D

    I know folks who not only use the admin accounts on system, it is a shared account/password with others. :eek:
     
  22. theyellowdart macrumors regular

    Joined:
    Jul 29, 2008
    Location:
    The Mitten State
    #22

    Ahh, didn't see the edit. :D
     
  23. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #23
    Still, they would have had to launch the file, then type in their password to install it. The point is, just running daily as Administrator (not root) doesn't make you vulnerable to malware, unless you actively install something that you're not certain is safe.
     
  24. theyellowdart macrumors regular

    Joined:
    Jul 29, 2008
    Location:
    The Mitten State
    #24
    That's not to far off from this:
     

    Attached Files:

  25. FSUSem1noles macrumors 68000

    FSUSem1noles

    Joined:
    Feb 23, 2006
    Location:
    Ft. Lauderdale
    #25
    LoL... yeah, yeah.. :p

    lol, shared admin account! I love it!!!
     

Share This Page