[pwrmacg4]

when I visited linux users group long time ago, they said not to run as root. Is it ok to use the mac as an "administrator" from security standpoint, or better to run as a user.

[Simon]

root ≠ Administrator

[Gavin]

In other words, yes, you are safe to run as an Admin.

[bearcatrp]

I wouldn't. Safer to have 2 accounts and run as a regular user. Use the admin account for troubleshooting.

[slpdLoad]

Originally Posted by bearcatrp 

I wouldn't. Safer to have 2 accounts and run as a regular user. Use the admin account for troubleshooting.

I've heard this same argument before, and there's some merit to it. You run as a regular user, but since you know the admin password, you won't be stopped from doing anything you like. The difference is that if a program or something goes awry, it can only affect that account and doesn't have administrator access by default.

In general though you're pretty safe running as admin. The default account you get when you got your machine from apple is the Admin account so the system is tested with the assumption that that's how you'll be using the machine.

[MacosNerd]

I've run as an administrator on my OSX machine since 10.0 days. As Simon states root ≠ Administrator.

[Big Mac]

There are some security benefits to not running as Admin, but for most it's almost a non-issue.

[Chuckit]

Originally Posted by Simon 

root ≠ Administrator

But it's fairly trivial for an administrator to gain root privileges, and most of the security holes in OS X have involved problems with administrators. You're better off running as few programs as administrator as possible. In practice, most people run as administrators and don't get bitten, but it is less secure.

[JKT]

It is only secure to run as admin until someone finds a way to exploit it and then your system is wide open. Running as non-admin reduces the risk to your own user account.

[chris v]

Some programs, especially games, want to read & write to their directory in the /Applications folder, and I've found this to be a hindrance when running from an non-administrative account. Standard accounts have read-only access to /Applications.

Keep the firewall on, don't open links in junk mail, and keep your system up to date, and running as admin should be fine. Running as root is dangerous because you can accidentally delete system files. Not so with Admin.

[MacosNerd]

Originally Posted by chris v 

Some programs, especially games, want to read & write to their directory in the /Applications folder, and I've found this to be a hindrance when running from an non-administrative account. Standard accounts have read-only access to /Applications.

I agree, when I tried using a standard account, I found I needed to log out and back in as an administrator frequently enough that it was of little value.

[Big Mac]

That's Windows type behavior that should not be tolerated.

[Chuckit]

Originally Posted by MacosNerd 

I agree, when I tried using a standard account, I found I needed to log out and back in as an administrator frequently enough that it was of little value.

You don't need to log out and back in to fix what chris v said. You just need to change permissions on the game folder, which can be done from the Get Info window in a standard account. I've found very few occasions where it's necessary to log in as an administrator.

[MacosNerd]

To each his own, I feel its much better option to use the admin account and I've never once regretted running as an admin. Whilst trying the user account was more problematic.

[turtle777]

Originally Posted by Chuckit 

But it's fairly trivial for an administrator to gain root privileges, and most of the security holes in OS X have involved problems with administrators.

Are you sure those security holes only worked when working as an Admin, as compared to a regular user ?

I thought the security holes where NOT limited to some kind of user account.

-t

[JKT]

Originally Posted by Chuckit 

You don't need to log out and back in to fix what chris v said. You just need to change permissions on the game folder, which can be done from the Get Info window in a standard account. I've found very few occasions where it's necessary to log in as an administrator.

You don't even need to do that - just install the game into your user account /Applications folder (create one if there isn't one already).

[patrix]

No amount of system security will prevail more than using your brain and knowing what's happening on your system (like the other person said, not clicking random links etc).

I'm also really questioning the age-old wisdom of:

The difference is that if a program or something goes awry, it can only affect that account and doesn't have administrator access by default.

Sure this is great wisdom for a multi-user machine or a server.. But if you're the only owner of the machine, and all your data is affected by whatever goes awry, it doesn't matter if the whole system still stands up lol. My data is more important than the system.

(hence I do backups)


Patrix

[tridentinecanon]

just another vote for admin=ok

[chris v]

Originally Posted by JKT 

You don't even need to do that - just install the game into your user account /Applications folder (create one if there isn't one already).

Doesn't work too well if you've got three kids with their own limited accounts who want to all play the same game, unless you install it three times. Changing the permissions is an alternative, but why all the paranoia?

Can someone point to an actual exploit that occurs only to someone logged in as admin? Everything that needs to install or delete anything in the /system directory still throws up a password dialog.

[mmurray]

I ran as admin from the beginning of 10 up until about a year ago and never had any issues. Last year I decided to try running a non-admin account and the only issue I had was when I wanted to check the system logs in console and wasn't allowed to see them. I am not a game player. I don't look in console often so I have persisted with the non-admin account. My reasoning is that it's a laptop which I use away from home and so if it gets stolen I would like the person who took it to find getting access to my data as hard as possible! In addition it doesn't cause me any problems running as non-admin so even if the security increase is marginal why not do it. I also have my keychain on a separate password -- that is a bit of a pain as I have to keep entering that password.

One thing I discovered it is better not to do is call the account `admin' that caused some strange issues around deleting the account later. I ended up calling it my initials followed by admin as one word and the same password as my standard user account

Works for me but I can see the games thing could be a pain.

Michael

[MacosNerd]

Originally Posted by mmurray 

I ran as admin from the beginning of 10 up until about a year ago and never had any issues.

I too have been using the apple default setup and so that means my account has been an administrator. No problems from doing this.

My reasoning is that it's a laptop which I use away from home and so if it gets stolen I would like the person who took it to find getting access to my data as hard as possible! In addition it doesn't cause me any problems running as non-admin so even if the security increase is marginal why not do it. I also have my keychain on a separate password -- that is a bit of a pain as I have to keep entering that password.

Its actually quite easy for someone to reset a password, so you're not really buying anything. The thief needs to pop in an OSX install disc and reset the password. Easy as pie.

One thing I discovered it is better not to do is call the account `admin' that caused some strange issues around deleting the account later. I ended up calling it my initials followed by admin as one word and the same password as my standard user account
Works for me but I can see the games thing could be a pain.

I don't know too many people who call their account admin, most use a variant on their name. The problem stems from the UNIX underpinnings.

I also read somewhere that Photoshop Elements (the new version I think) doesn't like to run in a non-admin account. Why continue to monkey with permissions for software that you want to run when you can out of the box (as an administrator)

[jmiddel]

I have always ran in admin mode with nary a problem. I am behind a firewall and router, and I do not open or install anything that has not been scrutinized, as chris v recommends above, but I would do this running under any type of account, it's just basic good practice.

[JKT]

Originally Posted by chris v 

Doesn't work too well if you've got three kids with their own limited accounts who want to all play the same game, unless you install it three times. Changing the permissions is an alternative, but why all the paranoia?

Makes no difference here - the person posting about this originally stated that the game can't run properly unless it has write permission to the Applications folder - I assume you don't let your three kids run as admins so what difference does it make, they still wouldn't be able to use this game (personally, it sounds like a POS bit of coding to me and I wouldn't want to run a game that badly written).