Would it make sense to change "admin" + "staff" permissions to "Read & Write"?

Discussion in 'macOS' started by lip5016, Oct 1, 2014.

  1. lip5016 macrumors regular

    Joined:
    Jul 11, 2014
    #1
    Would it make sense to change "admin" + "staff" permissions to "Read & Write" if you're the only one who is ever on your computer/your network/your WIFI ("Guest" disabled)?

    Would this help eliminate any conflicts in OSX and make my life easier? Any reason not to?
     
  2. Weaselboy Moderator

    Weaselboy

    Staff Member

    Joined:
    Jan 23, 2005
    Location:
    California
    #2
    It won't hurt anything, but it does allow any other user logged on to see the files in other accounts. What issue are you trying to overcome by doing this though?
     
  3. mfram macrumors 65816

    Joined:
    Jan 23, 2010
    Location:
    San Diego, CA USA
    #3
    You need to be more clear about where you are thinking of changing that setting. For example, if you change the setting on the top directory on your hard drive and ask it to apply to all files and subdirectories then the result will be a non-bootable system that you will have to re-install from scratch. Never change permissions on system folders.
     
  4. theBostonian Suspended

    Joined:
    Apr 15, 2012
    #4
    For security purposes I wouldn't.

    If you're security minded I would recommend having one admin account and then using another User account with limited access for your day to day business. If you ever need to install anything you can just write the username and password of the admin account when prompted.
     
  5. lip5016 thread starter macrumors regular

    Joined:
    Jul 11, 2014
    #5
    When I hear on all the forums, "security", when talking about this topic.. Are you referring to "security" as in internet haxorz that are looking to funk my ship up, or "security" like someone being at my house and looking at the stuff in my harddrives without me knowing?
     
  6. theBostonian Suspended

    Joined:
    Apr 15, 2012
    #6
    I mean security as in a malware gaining root access via piggybacking along a running process. It's rare but it's possible.

    Having a separate account for administrative tasks closes a potential attack vector.

    You can disable your username appearing in the login screen by going into System Preferences > Users & Groups > Login options and select Display login window as: Name and password.
     
  7. 556fmjoe macrumors 65816

    556fmjoe

    Joined:
    Apr 19, 2014
    #7
    The only time you'd need to change permissions on system files is if you already mistakenly changed them from their defaults. Not only does it not solve anything, it can create security holes by allowing processes exploited by an attacker to read and write files they shouldn't.
     
  8. old-wiz macrumors G3

    Joined:
    Mar 26, 2008
    Location:
    West Suburban Boston Ma
    #8
    Worse yet, fooling around with permissions without knowing how *NIX works is a good invitation to a system that won't boot.
     

Share This Page