Would it make sense to change "admin" + "staff" permissions to "Read & Write"?

Discussion in 'macOS' started by lip5016, Oct 1, 2014.

  1. lip5016 macrumors regular

    Jul 11, 2014
    Would it make sense to change "admin" + "staff" permissions to "Read & Write" if you're the only one who is ever on your computer/your network/your WIFI ("Guest" disabled)?

    Would this help eliminate any conflicts in OSX and make my life easier? Any reason not to?
  2. Weaselboy Moderator


    Staff Member

    Jan 23, 2005
    It won't hurt anything, but it does allow any other user logged on to see the files in other accounts. What issue are you trying to overcome by doing this though?
  3. mfram macrumors 65816

    Jan 23, 2010
    San Diego, CA USA
    You need to be more clear about where you are thinking of changing that setting. For example, if you change the setting on the top directory on your hard drive and ask it to apply to all files and subdirectories then the result will be a non-bootable system that you will have to re-install from scratch. Never change permissions on system folders.
  4. theBostonian Suspended

    Apr 15, 2012
    For security purposes I wouldn't.

    If you're security minded I would recommend having one admin account and then using another User account with limited access for your day to day business. If you ever need to install anything you can just write the username and password of the admin account when prompted.
  5. lip5016 thread starter macrumors regular

    Jul 11, 2014
    When I hear on all the forums, "security", when talking about this topic.. Are you referring to "security" as in internet haxorz that are looking to funk my ship up, or "security" like someone being at my house and looking at the stuff in my harddrives without me knowing?
  6. theBostonian Suspended

    Apr 15, 2012
    I mean security as in a malware gaining root access via piggybacking along a running process. It's rare but it's possible.

    Having a separate account for administrative tasks closes a potential attack vector.

    You can disable your username appearing in the login screen by going into System Preferences > Users & Groups > Login options and select Display login window as: Name and password.
  7. 556fmjoe macrumors 65816


    Apr 19, 2014
    The only time you'd need to change permissions on system files is if you already mistakenly changed them from their defaults. Not only does it not solve anything, it can create security holes by allowing processes exploited by an attacker to read and write files they shouldn't.
  8. old-wiz macrumors G3

    Mar 26, 2008
    West Suburban Boston Ma
    Worse yet, fooling around with permissions without knowing how *NIX works is a good invitation to a system that won't boot.

Share This Page

7 October 1, 2014