Would it make sense to change "admin" + "staff" permissions to "Read & Write"?

lip5016

macrumors regular
Original poster
Jul 11, 2014
174
26
Would it make sense to change "admin" + "staff" permissions to "Read & Write" if you're the only one who is ever on your computer/your network/your WIFI ("Guest" disabled)?

Would this help eliminate any conflicts in OSX and make my life easier? Any reason not to?
 

Weaselboy

Moderator
Staff member
Jan 23, 2005
30,341
10,105
California
It won't hurt anything, but it does allow any other user logged on to see the files in other accounts. What issue are you trying to overcome by doing this though?
 

mfram

macrumors 65816
Jan 23, 2010
1,064
142
San Diego, CA USA
You need to be more clear about where you are thinking of changing that setting. For example, if you change the setting on the top directory on your hard drive and ask it to apply to all files and subdirectories then the result will be a non-bootable system that you will have to re-install from scratch. Never change permissions on system folders.
 

theBostonian

Suspended
Apr 15, 2012
317
238
For security purposes I wouldn't.

If you're security minded I would recommend having one admin account and then using another User account with limited access for your day to day business. If you ever need to install anything you can just write the username and password of the admin account when prompted.
 

lip5016

macrumors regular
Original poster
Jul 11, 2014
174
26
For security purposes I wouldn't.

If you're security minded I would recommend having one admin account and then using another User account with limited access for your day to day business. If you ever need to install anything you can just write the username and password of the admin account when prompted.
When I hear on all the forums, "security", when talking about this topic.. Are you referring to "security" as in internet haxorz that are looking to funk my ship up, or "security" like someone being at my house and looking at the stuff in my harddrives without me knowing?
 

theBostonian

Suspended
Apr 15, 2012
317
238
When I hear on all the forums, "security", when talking about this topic.. Are you referring to "security" as in internet haxorz that are looking to funk my ship up, or "security" like someone being at my house and looking at the stuff in my harddrives without me knowing?
I mean security as in a malware gaining root access via piggybacking along a running process. It's rare but it's possible.

Having a separate account for administrative tasks closes a potential attack vector.

You can disable your username appearing in the login screen by going into System Preferences > Users & Groups > Login options and select Display login window as: Name and password.
 

556fmjoe

macrumors 68000
Apr 19, 2014
1,917
1,614
The only time you'd need to change permissions on system files is if you already mistakenly changed them from their defaults. Not only does it not solve anything, it can create security holes by allowing processes exploited by an attacker to read and write files they shouldn't.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.