Admin Account
in [Mac Systems]
|
From: Barry Margolin on 13 Jun 2010 13:35 In article <roger-058290.07250413062010(a)freenews.netfront.net>, Roger <roger(a)roger.net> wrote: > In article > <barmar-12A56B.01372213062010(a)62-183-169-81.bb.dnainternet.fi>, > Barry Margolin <barmar(a)alum.mit.edu> wrote: > > > In article <roger-E3E211.21392612062010(a)freenews.netfront.net>, > > Roger <roger(a)roger.net> wrote: > > > > > I always heard I should start a secondary account on my MacBook (Snow > > > Leopard) for daily use. So I made an account for myself and use it for > > > everything. But recently I found if I log in to my original admin > > > account, I don't have "access" to my folders in my secondary account. > > > I've tried get info, unlocking, etc., but it still says "you have no > > > access." I also repaired permissions. (The folders in my secondary > > > account have a little round, red symbol with what looks like a white > > > dash or minus sign.) How did this happen? Is it likely to cause any > > > problems? > > > > That's normal. > > I guess I had a misconception about that then; I thought the admin had > complete control over the computer. You probably assumed that the OS X admin user is like the Unix "super user" (aka "root"), which does have unrestricted access. On OS X, admin users are simply members of the "admin" group. This group has write permission to a few system directories, such as /Applications and /Library. The other privilege it has is the ability to use "sudo"; this allows it to elevate itself to super user privileges, but only after entering its password. So it can *get* complete control over the computer when it needs it, but it doesn't run with it by default. And since you have to enter a password, it can't do this surreptitiously. So malware can't take control without the user helping it. -- Barry Margolin, barmar(a)alum.mit.edu Arlington, MA *** PLEASE post questions in newsgroups, not directly to me *** *** PLEASE don't copy me on replies, I'll read them in the group ***
From: Davoud on 13 Jun 2010 14:04 Kir�ly wrote: > I follow Apple's published security configuration guidelines and use a > non-admin account for everyday use. I see no reason to run all the time > in an admin account. What's the advantage? Convenience. In light of the small risk involved (suppose such an attack as you described occurs. What are the chances it'll happen to me first? One in millions. It'll probably be on NYT.com and CNN.com as well as the Mac news sites pretty quickly. Then I'll consider whether to do something different. Davoud -- I agree with almost everything that you have said and almost everything that you will say in your entire life. usenet *at* davidillig dawt cawm
From: =?ISO-8859-1?Q?Kir=E1ly?= on 13 Jun 2010 17:05 Davoud <star(a)sky.net> wrote: > Convenience. In light of the small risk involved (suppose such an > attack as you described occurs. What are the chances it'll happen to me > first? One in millions. Why not just run as root then? That's even more convenient. And it's not much riskier than running as admin. -- K. Lang may your lum reek.
From: =?ISO-8859-1?Q?Kir=E1ly?= on 13 Jun 2010 17:08 Barry Margolin <barmar(a)alum.mit.edu> wrote: > So it can *get* complete control over the computer when it needs it, but > it doesn't run with it by default. And since you have to enter a > password, it can't do this surreptitiously. So malware can't take > control without the user helping it. It depends on what the malware does. If it modifies a component of /Applications or /Library (like Safari, for example) it will do its thing with no user authentication if the user is logged in to an admin account. -- K. Lang may your lum reek.
From: Roger on 13 Jun 2010 17:08
In article <jollyroger-6BA0E2.08142913062010(a)news.individual.net>, Jolly Roger <jollyroger(a)pobox.com> wrote: > I'm still curious as to why the OP feels he needs to log into the admin > account to begin with, considering most everything one needs to do as > administrator can be done from a standard user account. I just thought something was screwed up, but it turns out it's normal. Thanks for all the info everyone! Rog --- news://freenews.netfront.net/ - complaints: news(a)netfront.net --- |