In article ,
Howard Brazee wrote:
> An Apple Genius asked me why I use an Admin account popping up windows
> to get approval so often. I really didn't have an answer except to
> say that I took the advice from someone (Jolly Roger) who knows a hell
> of a lot more about Macs than I do.
>
> These windows ask for password & userid, where my wife's computer only
> asks for password.
>
> It is irritating when things don't work as instructed (instructors
> assume I have the default computer) - especially when the instructors
> have us use Unix commands.
>
> I suppose my computer is probably safer. I don't know. Heck, I
> don't know enough to ask the right questions even).
>
> But I'd like to be able to better answer that question next time it
> comes up. What dangers would I have if my regular account was the
> same as most everybody else's?
I've pasted this umpteen times here, so I'm sure with just a little
creative searching in Google Groups you might have found it. Anyhow,
here it is again:
Removing Administrator Privileges From Your Normal Account
The initial user account Mac OS X creates during installation is indeed
an administrator account, because after all, you do need to have an
administrative account on the machine. A lot of Mac users probably don't
realize it, but you can accomplish all administrative tasks from a
non-administrative account in Mac OS X. Mac OS X prompts normal users
for the username and password of an administrator when you attempt to do
something that requires escalated privileges. So while you do need to
*have* an administrator account, there's really not much of a reason to
log in as administrator for day-to-day use.
Why is it a good idea to avoid logging directly into your administrator
account in Mac OS X? Well, besides the fact that you can do most any
administrative task from a non-administrative account, there are
security reasons. Anyone with significant experience administering a
Unix-like operating system will tell you it's always a good idea to run
with as few escalated privileges as possible, because (a) it reduces the
*chances* of privilege escalation accidents, and (b) it reduces the
*impact* of privilege escalation accidents that do occur.
Could you use an administrative account daily without adverse effects?
Sure - you might even do it for months or years without incident. It's
the one time it matters that I advise Mac users to be concerned about.
For instance, I can't tell you how many times I've seen Mac users ask
for help because they accidentally deleted some file on their system
they might not have deleted so easily had they not been logged into an
administrative account.
The thing to keep in mind is this: when you are logged in as
administrator, everything you do and every program you run (directly or
indirectly, purposefully or inadvertently) is executed with
administrative privileges - meaning it automatically has access to more
parts of the system than normal users. So if you make a mistake while
changing, moving, or deleting system files, or worse, if you unknowingly
run a trojan / worm in your administrative account, you can damage and
alter critical system files with little or no acknowledgment from the
system.
Remember that lots of files and folders in Mac OS X are owned by the
"admin" group, of which every administrative account is a member. The
"Applications" folder is one example of such a folder. When you are
logged in as a normal user, Mac OS X will not allow you to modify such
parts of the system without first entering the user name and password of
an administrative account. This is an additional layer of security you
won't have if you are running as administrator. In contrast, when you
are logged in as administrator, Mac OS X allows you to change, move, and
delete such files and folders without question.
BTW, I think the reason Apple doesn't give this advise to all Mac users
is probably because the long explanation needed to convey the reasons
for it and how to do it would probably not be very well received. Most
users don't know enough about security issues to understand, and
frankly, most just don't want to be bothered. Apple probably could
automate the creation of an initial administrative account and a
non-administrative account, but if users aren't properly educated about
the issues involved, there's no guarantee they would actually use them
properly. It's more involved than just offering a one-liner of advise in
a user's guide. ; )
IMO, the secure thing to do is to create an account just for
administration, then remove administrator privileges from your
day-to-day account. Here's how to do it:
First, open and unlock the System Preferences > Accounts panel.
1. Open System Preferences.
2. Click Accounts.
3. Click the lock icon to unlock the panel (if needed).
Next, create a new administrator account:
1. Click the [+] button. A new user account sheet appears.
2. If you are running Mac OS X 10.5 or later, from the New Account menu
at the top, choose Administrator.
3. In the Name text box, enter a name, such as "Administrator" (without
quotes). While I personally find "Administrator" to be handy, there is
nothing special about this name. Just pick something you can remember.
4. In the Short Name text box, enter a short name, such as "admin"
(without quotes). While I personally find "admin" to be handy, there is
nothing special about this name. Just pick something you can remember.
5. In the Password text box, enter a secure password. If you need help
creating a secure password, click the little key icon to the right of
this text box, and an assistant will help you come up with a secure
password. Personally, I prefer to use an entire phrase (with appropriate
spacing, capitalization, and punctuation) as my password. I try to pick
phrases that contain one or two numbers or special characters. The goal
is to pick a password phrase that you will easily remember, and easy to
type, but will be difficult to guess.
6. In the Verify text box re-enter the secure password.
7. If you are running Mac OS X 10.4 or earlier, check the "Allow user to
administer this computer" checkbox.
8. Click Create Account.
Next, remove administrator abilities from your normal user account:
1. Log out of your normal user account, and log into the new
administrative account you just created.
2. Open System Preferences.
3. Click Accounts.
4. Click the lock icon to unlock the panel (if needed).
5. From the account list on the left side of the Accounts panel,
highlight your normal user account name.
6. Clear the "Allow user to administer this computer" checkbox.
7. Log back into your normal user account.
That's it. Now whenever you are asked for an administrator account's
credentials, you can enter the administrator user name and associated
secure password.
--
Send responses to the relevant news group rather than email to me.
E-mail sent to this address may be devoured by my very hungry SPAM
filter. Due to Google's refusal to prevent spammers from posting
messages through their servers, I often ignore posts from Google
Groups. Use a real news client if you want me to see your posts.
JR
>> Stay informed about: Admin account 
FAQ
Search
Profile
Private Messages
Log in
