Admin accounts and home folders
yb66 opened this issue · comments
Hi,
Thanks for the guide. Do you think setting up a non-admin and running under that along with an admin account for other things should be added, after the installation section? Running anything with elevated permissions is asking for trouble, especially a user account.
It might be worth noting that there are ~/Applications and ~/Library/LaunchAgents and ~/Library/Frameworks folders that can all be used instead of installing things system wide.
I'm happy to put these in pull requests if you agree they're worth it.
Regards,
iain
I have thought about this and think the average, so-called "power user" would be too inconvenienced by using a full time unprivileged account, assuming one would have to log out and in or "fast user switch" between, for example, a user for web browsing and another for administering the system.
Is this the separation you had in mind?
There is also the Guest Account which might be considered. Most forget about it and leave their mac as is to 'friends'.
Sure, I see your point. Well, I'm using a non-admin account right now and do every day, I can't remember the last time I logged in directly to the admin account either via log in or fast user switch. When admin privileges are needed to do something, a prompt appears, it's even more convenient than sudo :)
The main thing I'd say is, everything on the list is optional, but this obviously makes a big difference to security, and I'm sure many people have a similar idea that running as non-admin is inconvenient on OSX, but honestly, I don't even notice. Maybe I worked administering Windows for too many years to find it strange! Put the other way, imagine saying you had to be logged in as root or admin to use the terminal, that would be a massive security hole…
Guest account's a good shout too, getting that set up correctly is a good idea.
YMMV, but it's worth thinking about. Or even trying :)
Sorry, but what do people here mean by "admin account"? Do they not mean an account in OS X that has a checkbox in the "Allow the user to administer the computer" in the account preferences?
I ask because such a user isn't actually running with elevated privileges when they log in and do their daily business. When elevated privileges are required, they're presented with a dialog window asking them to enter their credentials for a sudo-like action meant to give higher privileges to the process that needs it.
So if the above is true, then I don't really see what people mean by "admin account", considering the above is what @yb66 described that he is using (a non-admin account, yet he does get the prompt I described). Do you simply mean that you run an account without that checkbox enabled and use a second account which has it enabled, entering that accounts credentials when the dialog pops up? If yes, what is the actual difference between that and what I described above (if you know both accounts credentials)?
Just slightly confused by the discussion :)
I think I have an article, by better configuring KeyChain, you enhance security and should reach what I think you want to do... soon brb
@rawtaz Do you get a prompt to allow putting an application into /Applications?
@yb66 No, you're right about that. There's an admin group and it has more privileges than those which are not part of that group, indeed. I presume a non-admin account is not part of that group. I guess we only get the prompt when a process wants ti run with higher privileges, but the filesystem is more allowing by default. Thanks!
@rawtaz I've been running with 2 accounts since… since I moved from Windows, which would be Puma-ish time, so I'm actually not sure what running as admin all the time is like, which is why I asked :) I know there are other checks in place - the app signing and other prompts etc - but it's the principle I'm most concerned with.
At the very least, it protects you from doing some dumb things. Maybe that's something else I picked up from administering users too - forget about the malicious code, think how much damage the user could do! :)
I don't know where to post this...
NOTE I did not try/test most of them and several are probably outdated, just dig them out from my archives... quite a lot... since 1983 on Apple Lisa ;-)
http://www.hackmac.org/tutorials/from-standard-to-administrator/
http://www.hackmac.org/tutorials/how-to-create-a-new-administrator-account/
http://www.hackmac.org/tutorials/decrypt-os-x-user-account-passwords/
http://www.hackmac.org/tutorials/crack-lion-password-hashes/
http://www.hackmac.org/tutorials/access-single-user-mode-when-locked-in-os-x/
hackmac articles are still online, so I will stop here for them.
Some more work for @drduh to insert this information its amazing list :-)
Thanks
I have find back the articles about keychain (and a lot of other good advices).
There are several recommendations for using "different keychain", see ALL the article.
I think this can be an in-between solution of working as an Admin or a Non-Admin, without all the hassles non-admin can create.
@TraderStf There are no "hassles" to using non-admin accounts, unless you can tell me why my day is so much more difficult that yours ;-) I'm running as non admin right now, writing code, running it, committing it… where are the hassles?
As whether or not using extra keychains is a good idea (I believe it is, and I do) they're not mutually exclusive, like other options on the list.
@yb66, to tell the thruth, I answered by thinking to all the updates, installations but I never work like that so I bend in front of you ;-)
As @yb66 is saying there is no hassles, it would be useful to have a table comparing, the pro/con also can do/can not do, the account types:
Admin - non-admin - guest
Just an idea...
+1 for using a non-admin account. I've used one the entire time I've had my Mac (since 2012) and never had issues.
Hi,
I will try to make a non-admin account for the El Cap guide and see how it goes. Thanks for the suggestion.
For non admin accounts, since you can't sudo, I suggest using the login command to login as the admin user. This is a much cleaner environment than using su -u and easier that quick user switching. It is important to not leave a terminal open logged into admin accounts though. Any need for admin credentials in the GUI has a prompt, so I have never needed to use quick user switching.
@unixninja92 That's really interesting, I didn't know that existed, thanks. You can use sudo as non admin though, you just need to add the user account via visudo, which could be done via the admin account during set up (or using login, I suppose:) Here are some http://osxdaily.com/2014/02/06/add-user-sudoers-file-mac/.
@yb66 I feel like giving sudo to non-admins defeats the point of having a separate admin account. I don't think using the same non-admin password to gain any kind of root access is a good idea.
@unixninja92 That would depend on who you're giving access to. Every admin (person) should have an admin account and a standard account, and not giving an admin access to sudo would be strange, the whole point of sudo is temporary escalation of priveleges - it implies you're running a less priveleged account by its existence.
The password is a separate issue, and I don't see much of a problem having the same password for 2 accounts run by one person anyway.
+1 this is something that @rcarmo has always recommended in his How to Switch to the Mac guide. A number of his comments in 'Best Practices' are probably valid for inclusion.
Hey all,
Personally, I have found the use of a so-called non-admin account to be too cumbersome for my liking, as I frequently require elevated privileges to mess around with my Mac. I mentioned this issue in the Miscellaneous section, however I encourage anyone who feels strongly on this matter to muster up a PR with a well polished section on set up and use of such an account.
Thank you all again for the discussion and tips.