Upgrading an account to administrative?
in [Mac Systems]
|
From: Lloyd Parsons on 8 Apr 2010 09:26 In article <barmar-4F01D4.00155608042010(a)62-183-169-81.bb.dnainternet.fi>, Barry Margolin <barmar(a)alum.mit.edu> wrote: > In article <4bbd45d7$0$20915$2c56edd9(a)usenetrocket.com>, > John Albert <j.albert(a)snet.net> wrote: > > > Hello all - > > > > I'm going to be setting up a Mac laptop for my sister, who's > > never used a computer of any kind before. > > > > I will create the initial (administrative) account for > > myself (I won't be using the computer except for getting it > > set up and helping her where she needs help), and creating a > > second, "ordinary user" (i.e., NON-administrative) account > > for her. > > > > In time, though, I'm hoping she will aquire enough skills to > > become her own administrator. > > > > Can an ordinary-user account be "upgraded" later on to > > administrative privileges, or will I then have to create an > > entirely new account for her? > > Why not create a separate account called "Administrator"? Use this for > your initial setup, and when she's ready teach her how to switch to it > when she wants to do administrative tasks. That's one way. But changing to admin is a one-click change I believe. -- Lloyd
From: John Albert on 8 Apr 2010 09:28 RE: "Why not create a separate account called "Administrator"? Use this for your initial setup, and when she's ready teach her how to switch to it when she wants to do administrative tasks." Yep, that's the answer. I guess I couldn't reason "in the third person". On both my Macs, the only accounts I've ever created were auto-login for myself as administrative. Never gave me any problems set up that way, though I could foresee it giving an inexperienced user problems.... Thanks to all who replied. - John
From: Jeffrey Goldberg on 8 Apr 2010 14:43 John Albert wrote: > I'm going to be setting up a Mac laptop for my sister, who's never used > a computer of any kind before. > > I will create the initial (administrative) account for myself (I won't > be using the computer except for getting it set up and helping her where > she needs help), and creating a second, "ordinary user" (i.e., > NON-administrative) account for her. That sounds like a good plan unless she will want to install things in /Applications when that happens you will have to change your approach. > In time, though, I'm hoping she will aquire enough skills to become her > own administrator. > > Can an ordinary-user account be "upgraded" later on to administrative > privileges, Yes. > or will I then have to create an entirely new account for her? No you will not need to create a special account. You may, however, want to keep her running as a regular user but give her the password to an admin account when she needs to install things. This is how I am set up. I run as an ordinary user, but when I run an installer or want to move something into /Applications I am prompted for an admin username and password. Cheers, -j -- Jeffrey Goldberg http://goldmark.org/jeff/ I rarely read HTML or poorly quoting posts Reply-To address is valid
From: Jolly Roger on 8 Apr 2010 16:37 In article <4bbdd9ff$0$19684$2c56edd9(a)usenetrocket.com>, John Albert <j.albert(a)snet.net> wrote: > RE: > "Why not create a separate account called "Administrator"? > Use this for your initial setup, and when she's ready teach > her how to switch to it when she wants to do administrative > tasks." > > Yep, that's the answer. I guess I couldn't reason "in the > third person". > > On both my Macs, the only accounts I've ever created were > auto-login for myself as administrative. Never gave me any > problems set up that way, though I could foresee it giving > an inexperienced user problems.... Why is it a good idea to avoid logging directly into your administrator account in Mac OS X? Well, besides the fact that you can do most any administrative task from a non-administrative account, there are security reasons. Anyone with significant experience administering a Unix-like operating system will tell you it's always a good idea to run with as few escalated privileges as possible, because (a) it reduces the *chances* of privilege escalation accidents, and (b) it reduces the *impact* of privilege escalation accidents that do occur. Could you use an administrative account daily without adverse effects? Sure - you might even do it for months or years without incident. It's the one time it matters that you may want to be concerned about. For instance, I can't tell you how many times I've seen Mac users ask for help because they accidentally deleted some file on their system they might not have deleted so easily had they not been logged into an administrative account. The thing to keep in mind is this: when you are logged in as administrator, everything you do and every program you run (directly or indirectly, purposefully or inadvertently) is executed with administrative privileges - meaning you automatically has access to more parts of the system than standard users. So if you make a mistake while changing, moving, or deleting system files, or worse, if you unknowingly run a trojan / worm in your administrative account, you can damage and alter critical system files with little or no acknowledgment from the system. Remember that lots of files and folders in Mac OS X are owned by the "admin" group, of which every administrative account is a member. The "Applications" folder is one example of such a folder. When you are logged in as a normal user, Mac OS X will not allow you to modify such parts of the system without first entering the user name and password of an administrative account. This is an additional layer of security you won't have if you are running as administrator. In contrast, when you are logged in as administrator, Mac OS X allows you to change, move, and delete such files and folders without question. BTW, I think the reason Apple doesn't give this advise to all Mac users is probably because the long explanation needed to convey the reasons for it and how to do it would probably not be very well received. Most users don't know enough about security issues to understand, and frankly, most just don't want to be bothered. Apple probably could automate the creation of an initial administrative account and a non-administrative account, but if users aren't properly educated about the issues involved, there's no guarantee they would actually use them properly. It's more involved than just offering a one-liner of advise in a user's guide. ; ) -- Send responses to the relevant news group rather than email to me. E-mail sent to this address may be devoured by my very hungry SPAM filter. Due to Google's refusal to prevent spammers from posting messages through their servers, I often ignore posts from Google Groups. Use a real news client if you want me to see your posts. JR
From: Jeffrey Goldberg on 8 Apr 2010 19:19 Jolly Roger wrote: > In article > <barmar-4F01D4.00155608042010(a)62-183-169-81.bb.dnainternet.fi>, > Barry Margolin <barmar(a)alum.mit.edu> wrote: >> Why not create a separate account called "Administrator"? Use this for >> your initial setup, and when she's ready teach her how to switch to it >> when she wants to do administrative tasks. > > That's exactly what i do for all of my family members. That's also what I do, except that my admin user is called "bofh" Cheers, -j -- Jeffrey Goldberg http://goldmark.org/jeff/ I rarely read HTML or poorly quoting posts Reply-To address is valid
First
|
Prev
|
Next
|
Last
Pages: 1 2 3 4 Prev: CUPS-PDF and Snow Leopard Next: How to make mac shut down faster SOLUTION |