|
|
bad to run as admin?
|
|
|
|
Forum Regular
Join Date: Jan 2005
Status:
Offline
|
|
when I visited linux users group long time ago, they said not to run as root. Is it ok to use the mac as an "administrator" from security standpoint, or better to run as a user.
|
|
|
|
|
|
|
|
|
Posting Junkie
Join Date: Nov 2000
Location: in front of my Mac
Status:
Offline
|
|
|
•
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Oct 2000
Location: Seattle
Status:
Offline
|
|
In other words, yes, you are safe to run as an Admin.
|
You can take the dude out of So Cal, but you can't take the dude outta the dude, dude!
|
|
|
|
|
|
|
|
Senior User
Join Date: Dec 2005
Location: Minnesota
Status:
Offline
|
|
I wouldn't. Safer to have 2 accounts and run as a regular user. Use the admin account for troubleshooting.
|
2010 Mac Mini, 32GB iPod Touch, 2 Apple TV (1)
Home built 12 core 2.93 Westmere PC (almost half the cost of MP) Win7 64.
|
|
|
|
|
|
|
|
Mac Elite
Join Date: Jun 2006
Status:
Offline
|
|
Originally Posted by bearcatrp
I wouldn't. Safer to have 2 accounts and run as a regular user. Use the admin account for troubleshooting.
I've heard this same argument before, and there's some merit to it. You run as a regular user, but since you know the admin password, you won't be stopped from doing anything you like. The difference is that if a program or something goes awry, it can only affect that account and doesn't have administrator access by default.
In general though you're pretty safe running as admin. The default account you get when you got your machine from apple is the Admin account so the system is tested with the assumption that that's how you'll be using the machine.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2007
Status:
Offline
|
|
I've run as an administrator on my OSX machine since 10.0 days. As Simon states root ≠ Administrator.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
There are some security benefits to not running as Admin, but for most it's almost a non-issue.
(
Last edited by Big Mac; Apr 21, 2008 at 10:29 AM.
)
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status:
Offline
|
|
Originally Posted by Simon
root ≠ Administrator
But it's fairly trivial for an administrator to gain root privileges, and most of the security holes in OS X have involved problems with administrators. You're better off running as few programs as administrator as possible. In practice, most people run as administrators and don't get bitten, but it is less secure.
|
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2002
Location: London, UK
Status:
Offline
|
|
It is only secure to run as admin until someone finds a way to exploit it and then your system is wide open. Running as non-admin reduces the risk to your own user account.
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Jan 2001
Location: The Sar Chasm
Status:
Offline
|
|
Some programs, especially games, want to read & write to their directory in the /Applications folder, and I've found this to be a hindrance when running from an non-administrative account. Standard accounts have read-only access to /Applications.
Keep the firewall on, don't open links in junk mail, and keep your system up to date, and running as admin should be fine. Running as root is dangerous because you can accidentally delete system files. Not so with Admin.
|
When a true genius appears in the world you may know him by this sign, that the dunces are all in confederacy against him. -- Jonathan Swift.
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2007
Status:
Offline
|
|
Originally Posted by chris v
Some programs, especially games, want to read & write to their directory in the /Applications folder, and I've found this to be a hindrance when running from an non-administrative account. Standard accounts have read-only access to /Applications.
I agree, when I tried using a standard account, I found I needed to log out and back in as an administrator frequently enough that it was of little value.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2000
Location: Los Angeles
Status:
Offline
|
|
That's Windows type behavior that should not be tolerated.
|
"The natural progress of things is for liberty to yield and government to gain ground." TJ
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Oct 2001
Location: San Diego, CA, USA
Status:
Offline
|
|
Originally Posted by MacosNerd
I agree, when I tried using a standard account, I found I needed to log out and back in as an administrator frequently enough that it was of little value.
You don't need to log out and back in to fix what chris v said. You just need to change permissions on the game folder, which can be done from the Get Info window in a standard account. I've found very few occasions where it's necessary to log in as an administrator.
|
Chuck
___
"Instead of either 'multi-talented' or 'multitalented' use 'bisexual'."
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2007
Status:
Offline
|
|
To each his own, I feel its much better option to use the admin account and I've never once regretted running as an admin. Whilst trying the user account was more problematic.
|
|
|
|
|
|
|
|
|
Clinically Insane
Join Date: Jun 2001
Location: planning a comeback !
Status:
Offline
|
|
Originally Posted by Chuckit
But it's fairly trivial for an administrator to gain root privileges, and most of the security holes in OS X have involved problems with administrators.
Are you sure those security holes only worked when working as an Admin, as compared to a regular user ?
I thought the security holes where NOT limited to some kind of user account.
-t
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2002
Location: London, UK
Status:
Offline
|
|
Originally Posted by Chuckit
You don't need to log out and back in to fix what chris v said. You just need to change permissions on the game folder, which can be done from the Get Info window in a standard account. I've found very few occasions where it's necessary to log in as an administrator.
You don't even need to do that - just install the game into your user account /Applications folder (create one if there isn't one already).
|
|
|
|
|
|
|
|
|
Junior Member
Join Date: Sep 2006
Status:
Offline
|
|
No amount of system security will prevail more than using your brain and knowing what's happening on your system (like the other person said, not clicking random links etc).
I'm also really questioning the age-old wisdom of:
The difference is that if a program or something goes awry, it can only affect that account and doesn't have administrator access by default.
Sure this is great wisdom for a multi-user machine or a server.. But if you're the only owner of the machine, and all your data is affected by whatever goes awry, it doesn't matter if the whole system still stands up lol. My data is more important than the system.
(hence I do backups)
Patrix
|
|
|
|
|
|
|
|
|
Registered User
Join Date: Feb 2008
Location: BIrmingham, AL
Status:
Offline
|
|
just another vote for admin=ok
|
|
|
|
|
|
|
|
|
Addicted to MacNN
Join Date: Jan 2001
Location: The Sar Chasm
Status:
Offline
|
|
Originally Posted by JKT
You don't even need to do that - just install the game into your user account /Applications folder (create one if there isn't one already).
Doesn't work too well if you've got three kids with their own limited accounts who want to all play the same game, unless you install it three times. Changing the permissions is an alternative, but why all the paranoia?
Can someone point to an actual exploit that occurs only to someone logged in as admin? Everything that needs to install or delete anything in the /system directory still throws up a password dialog.
|
When a true genius appears in the world you may know him by this sign, that the dunces are all in confederacy against him. -- Jonathan Swift.
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Sep 2000
Location: Adelaide, Australia
Status:
Offline
|
|
I ran as admin from the beginning of 10 up until about a year ago and never had any issues. Last year I decided to try running a non-admin account and the only issue I had was when I wanted to check the system logs in console and wasn't allowed to see them. I am not a game player. I don't look in console often so I have persisted with the non-admin account. My reasoning is that it's a laptop which I use away from home and so if it gets stolen I would like the person who took it to find getting access to my data as hard as possible! In addition it doesn't cause me any problems running as non-admin so even if the security increase is marginal why not do it. I also have my keychain on a separate password -- that is a bit of a pain as I have to keep entering that password.
One thing I discovered it is better not to do is call the account `admin' that caused some strange issues around deleting the account later. I ended up calling it my initials followed by admin as one word and the same password as my standard user account
Works for me but I can see the games thing could be a pain.
Michael
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jun 2007
Status:
Offline
|
|
Originally Posted by mmurray
I ran as admin from the beginning of 10 up until about a year ago and never had any issues.
I too have been using the apple default setup and so that means my account has been an administrator. No problems from doing this.
My reasoning is that it's a laptop which I use away from home and so if it gets stolen I would like the person who took it to find getting access to my data as hard as possible! In addition it doesn't cause me any problems running as non-admin so even if the security increase is marginal why not do it. I also have my keychain on a separate password -- that is a bit of a pain as I have to keep entering that password.
Its actually quite easy for someone to reset a password, so you're not really buying anything. The thief needs to pop in an OSX install disc and reset the password. Easy as pie.
One thing I discovered it is better not to do is call the account `admin' that caused some strange issues around deleting the account later. I ended up calling it my initials followed by admin as one word and the same password as my standard user account
Works for me but I can see the games thing could be a pain.
I don't know too many people who call their account admin, most use a variant on their name. The problem stems from the UNIX underpinnings.
I also read somewhere that Photoshop Elements (the new version I think) doesn't like to run in a non-admin account. Why continue to monkey with permissions for software that you want to run when you can out of the box (as an administrator)
|
|
|
|
|
|
|
|
|
Grizzled Veteran
Join Date: Dec 2001
Location: Land of Enchantment
Status:
Offline
|
|
I have always ran in admin mode with nary a problem. I am behind a firewall and router, and I do not open or install anything that has not been scrutinized, as chris v recommends above, but I would do this running under any type of account, it's just basic good practice.
|
|
|
|
|
|
|
|
|
Professional Poster
Join Date: Jan 2002
Location: London, UK
Status:
Offline
|
|
Originally Posted by chris v
Doesn't work too well if you've got three kids with their own limited accounts who want to all play the same game, unless you install it three times. Changing the permissions is an alternative, but why all the paranoia?
Makes no difference here - the person posting about this originally stated that the game can't run properly unless it has write permission to the Applications folder - I assume you don't let your three kids run as admins so what difference does it make, they still wouldn't be able to use this game (personally, it sounds like a POS bit of coding to me and I wouldn't want to run a game that badly written).
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
Forum Rules
|
|
|
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
|
HTML code is Off
|
|
|
|
|
|
|
|
|
|
|
|