Exclusive LG phones only from AT&T
About OS X account types and running in "admin" mode.
OS X is a multiuser and privilege-based computing environment that sequesters functionality based on various account types, such as administrator and standard accounts. This allows some users to have more system configurability options than other users, but the difference can be a bit confusing to people who are not used to how accounts are set up in OS X.
Apple Discussion user "Daylene" writes:
"I'm a brand new convert to Mac from Windows. In browsing through some threads, I read about not using your computer in admin mode. I'm still learning a lot about using the Mac and had no idea I was using admin mode (at least I think so because I didn't do anything but set up my Mac and register it)."
In OS X, all accounts are authenticated by a local directory ("NetInfo" up through 10.4, and "Open Directory/LDAP" in 10.5) that contains usernames and encrypted passwords, as well as group membership, which is how much of the system accessibility and limitations are assigned to user accounts. The system uses "POSIX" (legacy) and "Access Control List" (modern) methods of assigning user and group permissions to files and folders, and while there can be a variety of account types based on the specific permissions setup for groups to which accounts can be members of, in OS X there are four basic account types:
- Managed
Managed, or "standard," accounts are the basic account types in the system. Items that belong to the account are sequestered to the home folder for that account, and while the user for that account can create items in shared resources, such as external disks, they are limited by what they can and cannot do in the system based on the privileges given to them. In general, the user will only be able to write to shared resources such as other account drop boxes and external disks. Other resources will have read-only access for managed accounts, such as the Applications folder in which managed accounts cannot add items, but they can open items.
- Administrator
Administrator accounts are set up exactly like managed accounts. They have home folders in the same location and observe the same limitations as managed accounts when running applications, creating files, and other routine tasks. The primary difference is that they belong to the "administrators" group, and therefore can authenticate to change items on the disk that do not belong to them. As such, they can make changes to the system (installing system-wide applications, change system settings, and alter other user's files) if they first authenticate.
It isn't the account itself that specifically has the privileges to alter things, but rather the "admin" group is what holds the capability to change items. As members of this group, administrator accounts just inherit this capability, and this is why any account can be easily promoted to or demoted from administrator status without having to make systemwide changes so a specific account can access resources.
- Root
The "root" account is a special account that is set up by the kernel. This account is not an administrator account because it does not belong to the admin group. In fact, it does not need to belong to any groups in order to have privileges to system resources. Instead, it can be seen as the "system" itself. When the system loads and starts the various boot applications before any user has logged in, it runs these applications as the "root" user.
The root user is always running, since this is the system; however, for security, you cannot log in by default, even though this can be done if you specifically enable the root user in "Directory Utility." If you log in as root, you will be running the system as a user that has absolutely no restrictions and can open and edit ANY file on the system. This risks harming the system if you do not know exactly what you are doing.
- Guest
The "guest" account is a very limited account that can be seen as a temporary managed account. Like standard "managed" accounts, the guest can access all items that it is specifically granted permissions for, but by default when the guest logs out, all items created by it are deleted by the system.
Since administrator accounts are basically the same as managed accounts when running normal computing tasks, there is no harm in running day-to-day activity as an administrator. The only additional risk is if you carelessly supply administrative authentication to tasks, which can be done more easily when running as an administrator than when running as a managed user. This is primarily because the administrator's credentials can be stored in the keychain for that account, and therefore provide easy administrative access to any program you have let access your keychain.
The Bottom Line:
Overall, there is no additional risk in running as an administrator versus with a managed account, provided you are careful with your authentication credentials.
When people say to not run as an "administrator," usually they are referring to the "root" account. Logging in as "root" is exceptionally risky because there are no holds barred for the root account, and as such you can severely compromise your system even through indirect actions. There is no point in enabling the root account beyond temporarily doing so for rare and specific administrative duties that cannot be done by the administrative group. Since OS X does not enable this user by default, you should not have to worry about running in "admin" mode. Just be careful about the programs to which you provide your authentication credentials.
The key here is to be cautious about providing ANY program with your administrative passwords, regardless of what account you are in. Before giving any program your administrative passwords, ensure you trust the program and know exactly what you and the specific program are doing. For the most part, the only time you will be required to input an administrator password is when you install a program.
One final note, since from any account you can authenticate as an administrator, many people will just play it safe and run as a standard account, reserving the administrator account only for installing programs, updating the system, and altering system settings. Ultimately this is the safest way to run the system, but the additional level of safety really only depends on how much you trust yourself with dishing out authentication credentials.
Resources
Unfortunately, 98% of the people on this planet are idiots; for proof, just watch the news everyday.
Managed Accounts
These accounts have full access to their own home folder, and can read items in the Shared user folder and create new ones. They cannot delete other users' Shared items.
In addition, they can be "managed" by an Administrator, who is able to deny access to certain features and resources. For example, they may be denied access to specific applications, or the Utilites folder. The most locked down version is the "Simple Finder" where even access to their own home folder is curtailed.
Administrator Accounts
In addition to their own home folder and the Shared folder, Admins have full access to all the folders at the top of the Mac <i>except the System folder</i>. As such they can drag n' drop install or delete apps in the Applications folder without having to authenticate. They can also modify the Library manually; moving, editing or deleting files or complete folders without hindrance. Whilst this cannot cause massive instability in the system, it can prevent apps from running, by removing their Application Support folder, or it can changing the basic parameters that users share, such as printer or network settings or shared preferences.
As such, the Administrator has considerable power when running normally and will only be required to authenticate when trying to modify base system files, which require temporary Root access. Various application installer programs may require authentication.
Whenever I turn on my Mac, I can access whatever I need - without entering a password. As such, which type of account am I using?
You are the admin. Go to system pref's - accounts.
---
Chris Jones
An administrator account.
In my experience, setting up an admin account, then unchecking "User can administer this computer" on the everyday account, adds some significant security with relatively little overhead. Normally, the biggest deal is having to enter the admin account name, as well as its password. And for those of us who use the shell "su <admin account>" in order to "sudo..." is only slightly annoying :-)
dave
+1. I always run as a non-admin. I have a separate admin account.
+2.
I'm another Dave agreeing with this Dave.
I've always set up my Macs with N+1 accounts, where N is the number of people sharing the machine. There is exactly one account with Admin privileges and all the rest are normal users (now called "Managed" accounts).
Even when, N=1, i.e., I'm the only user of a Mac, I work almost exclusively in the Managed account. It seems that one likely MO for successful malware would be to install a malicious app. If I were in the admin account, the Mac would install new apps with no questions asked. In the user account, I'd have to open the door for the hackers and I don't think I would be easily fooled.
I think the author of the article should have come out much more in favor of using Managed accounts everyday and endure the slight hassle of authenticating to install apps or change system-wide prefs. Practically speaking, sometimes people need a little "are you sure?"-type speed bump to slow them down from making bad decisions. Authentication is a good speed bump for that. Getting people to memorize TWO passwords may make that superior approach unworkable for some.
One more thought: If you know what you're doing and are comfortable running shell commands as root, here's how to get to that level of power and danger from a normal (managed) account:
<code>
1. su <i>admin account name</i>
enter its password
2. sudo -s
enter admin account password again
</code>
The "sudo -s" command runs a full shell with complete root privileges.
But -be very careful- if you do this! And don't forget to exit out of both the root shell ('sudo -s') and the admin account ('su <i>admin account name')
dave
With my administrator account, I am able to access the System Library at the lowest level (root?) of my HD. Are there items/folders in the System folder other than the Library?
<i>So when my daughter has her PowerBook set up to require a password in order to access apps and files, she has set up a user account - one level beyond the administrator account?</i>
Take a look at System Preferences>Accounts, click the triangle to revel the other accounts and their access abilities. (Admin or Standard)
If the account your daughter logs into says "Admin" underneath, then it's a Administrative account.
Admin level has Administrative abilities, it's the one first set up when you get a new Mac. It requires a password when setup occurs with a new machine, but when turning on the machine and logging in it might not use it. (this can be changed of course, check login options)
Admin is the second most powerful level (under "root" the most powerful, which is not enabled by default so you don't even see it). Admin can move, delete and change applications around, create new users and install OS X updates etc. This is rather risky for the new computer user as they could do something to breach their security or just hose the machine.
Standard Accounts are below Admin accounts in power level, they can access user stuff, run (but not change) most applications and support files. This is safest for nearly everyone as changes to the applications and support files requires a Admin name and password first (even while logged in as a Standard User!). Standard Users can delete and change files created by themselves running applications, but not the applications themselves unless they first authenticate as a Admin name and password.
Guest account is just that, a temporary account for someone other than the main user to use the computer then delete after they are finished. It has the least power and is reset after log out.
In my other post I describe how to set up the initial Admin account when the machine is first set up to a Standard Account (so everything is still preserved) by creating another account that is a Admin.
<i>This is necessary when users of portable devices do not want anyone accessing sensitive info. Right?</i>
A log-in password only protects use of the account from others who don't have the password. It's not iron clad, as there are various methods to bypass and access data on the hard drive. High encryption of the data and storage on a portable device like a USB key or a cd/dvd in your pocket or safe is the only method to protect highly sensitive information, provided your machine hasn't been compromised by someone with a keystroke logger. So protecting access your machine you decode your encrypted data is also important. Don't connect the machine to the inter net or any network for the most security.
But for general use of low or non-sensitive information, a login password and turning on Filevault in System Preferences>Security should be fine.
<i>With my administrator account, I am able to access the System Library at the lowest level (root?) of my HD.</i>
"Root" means "root user" it's not a file level, it a permissions access level. Any file could be changed to only allow "root user" to access. Root user = system.
And yes you can with Admin password, change the permissions of System files, but I think recently Apple locked some essential System files from Admin level changes because now so many applications are demanding admin password to install. (stupid of course)
If you can't access the file or folder, click it and Finder>Get Info and change the permissions to your user or everyone (warning! this is dangerous and could hose your machine) so you can see what it is. Change it back to the original settings or risk problems.
<i>Are there items/folders in the System folder other than the Library?</i>
Yep, invisible stuff. There are programs that will show everything in a folder, invisible or not.
Invisible for good reason naturally. Their names start with a period.
Think of compartmentalized security as a series of shells. If a new web exploit appears that is able to download a malicious application directly to your Applications folder without your knowledge, replacing the original, wouldn't you want to be able to prevent something like this from happening?
The author of this article only assumes what the user can do wrong if they run as Administrator all the time. They don't take into account limiting the reach of a new exploit.
Apple isn't perfect, OS X has had some serious security flaws and there are some serious Safari exploits available right now. For instance Apple still hasn't fully fixed the meta-data exploit, sure Safari warns one if they are downloading a application, but the exploit still exists.
What if someone figured out how to use one of the new Safari exploits in combination with the meta-data exploit? Yep, your Applications folder could see a few changes, then the next time you run some application like iTunes, it asks for your administrative password and proceeds to sudo-root your machine. Bingo, your pwned.
Now if your Applications folder was protected from changes because you normally log-in as a User, then it takes a Admin Name and Password to make changes there, preventing a exploit from changing it. A extra shell of security.
When you first set up your machine, OS X sets up the first user as a Admin, to change that do this:
1: Quit all apps and save files.
2: Go to System Preferences and Accounts
3: Create a new user with a admin sounding name (Joe Admin for instance)
4: Set this new user as admin and give it a good password (random letters and numbers in a pattern you can remember)
5: Now log out of your present user and into the new Admin Account.
6: System Preferences change the first user (the one you set up the machine with) to normal user (not admin)
7: Log out of Admin and into User and everything will be the same, except now if you want to make changes to the Application folder and other folders (except your user folders) it will need a Admin name and password.
OS X gives one the sense of security, but a unwitting user can easily destroy all that through their lack of understanding how computers, the internet and wireless systems work.
sounds like this is the procedure everyone should use on their laptops.
For various versions of OS X
http://www.nsa.gov/ia/guidance/security_configuration_guides/operating_systems.shtml
- by Glasgow April 21, 2009 3:42 AM PDT
- > When people say to not run as an "administrator," usually they are referring to the "root" account.
- Like this Reply to this comment
-
(18 Comments)NO, THEY ARE NOT. They mean what they're saying.
When people say to not run as an "administrator," usually they mean "do not use an admin account for your everyday use". How much plainer would you like it expressed?