Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Would it make sense to change "admin" + "staff" permissions to "Read & Write"?

L

lip5016

macrumors regular
Original poster
Jul 11, 2014
173
26
Would it make sense to change "admin" + "staff" permissions to "Read & Write" if you're the only one who is ever on your computer/your network/your WIFI ("Guest" disabled)?

Would this help eliminate any conflicts in OSX and make my life easier? Any reason not to?
 
It won't hurt anything, but it does allow any other user logged on to see the files in other accounts. What issue are you trying to overcome by doing this though?
 
You need to be more clear about where you are thinking of changing that setting. For example, if you change the setting on the top directory on your hard drive and ask it to apply to all files and subdirectories then the result will be a non-bootable system that you will have to re-install from scratch. Never change permissions on system folders.
 
For security purposes I wouldn't.

If you're security minded I would recommend having one admin account and then using another User account with limited access for your day to day business. If you ever need to install anything you can just write the username and password of the admin account when prompted.
 
theBostonian said:
For security purposes I wouldn't.

If you're security minded I would recommend having one admin account and then using another User account with limited access for your day to day business. If you ever need to install anything you can just write the username and password of the admin account when prompted.
Click to expand...

When I hear on all the forums, "security", when talking about this topic.. Are you referring to "security" as in internet haxorz that are looking to funk my ship up, or "security" like someone being at my house and looking at the stuff in my harddrives without me knowing?
 
lip5016 said:
When I hear on all the forums, "security", when talking about this topic.. Are you referring to "security" as in internet haxorz that are looking to funk my ship up, or "security" like someone being at my house and looking at the stuff in my harddrives without me knowing?
Click to expand...

I mean security as in a malware gaining root access via piggybacking along a running process. It's rare but it's possible.

Having a separate account for administrative tasks closes a potential attack vector.

You can disable your username appearing in the login screen by going into System Preferences > Users & Groups > Login options and select Display login window as: Name and password.
 
The only time you'd need to change permissions on system files is if you already mistakenly changed them from their defaults. Not only does it not solve anything, it can create security holes by allowing processes exploited by an attacker to read and write files they shouldn't.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back