Results 1 to 7 of 7

Thread: Root / Admin / users

  1. #1
    Join Date
    Dec 2006
    Posts
    81

    Default Root / Admin / users

    Hi guys. I had come across this article which made me wonder if I really understood what root really is.

    http://www.pkids.net/help/apple/EnableRoot.html

    According to the article, OSX has the root disabled by default. How does this relate to being Admin, i.e. administrative privileges / having to enter password for installations, etc. I had been under the assumption that running as Admin (where I authorize admin privileges when asked - that doesn't seem disabled), that this is root?

    Secondly, do you have a separate User account for, let's say, being on the internet? I've seen many references to not running as root, particularly on internet, so it's time I really learn what that entails. And about User Accounts: is it a good idea to have more than one for different tasks; such as one for internet, one for general apps, one for graphics or whatever so there are less processes tasking the CPU? This would also divide the stuff in the user libraries, so would that be beneficial in any way?

    Thanks.

  2. #2
    Join Date
    Feb 2001
    Location
    on the landline, Mr. Smith
    Posts
    7,787

    Default

    :First, admin is not root.

    admin is closer to making a sudo call for many actions. You know how there are lots of spots where you need to authenticate, even as admin? Nearly all of that authenticating would not happen as root. I run tech drives from root for example, and only need a password for software that has authentication coded into it.

    Apple has quite a sophisticated design to balance locking down the OS, and giving close to root access for admin users. I don't claim to understand all of it. To be sure, a best practice is to not run a Mac as root. Especially when doing anything web related.

    Here is some old but still helpful evidence:

    http://macgurus.com/forums/showthrea...in+permissions

    For max security, I would recommend:

    1. Leave root disabled
    2. Do installs, updates, and service as admin
    3. Do everything else as a standard (non admin) user.
    "Imagine if every Thursday your shoes exploded if you tied them the usual way. This happens to us all the time with computers, and nobody thinks of complaining." -- Jef Raskin

  3. #3
    Join Date
    Dec 2006
    Posts
    81

    Default

    Quote Originally Posted by unclemac View Post
    :
    Here is some old but still helpful evidence:

    http://macgurus.com/forums/showthrea...in+permissions

    For max security, I would recommend:

    1. Leave root disabled
    2. Do installs, updates, and service as admin
    3. Do everything else as a standard (non admin) user.
    Ah, OK. Thank you. I'm glad to finally be asking these things that I wondered about but never asked, and to know now that I haven't been root all this time. For me to learn:

    1) Is "Everyone" the "group/wheel" referred to in your link? If that was read and write, is it now root? Can root accidentally be enabled?

    2) While on the internet, I had always made a practice if something asked for authentication, I would flip the switch on the modem to disconnect me temporarily until the password went through. Is that really necessary?

    3) About your #3: Does this mean that your regular computing work is done under another user account that's non-admin? or what exactly do you mean / do for this?

    4) And while on the subject of users acct, is there good reason to having more than one user account for different areas of work, such as internet, graphics, whatever, for either efficiency, keeping it leaner, etc?

  4. #4
    Join Date
    Dec 2006
    Posts
    81

    Default

    P.S. a simplified question on your number 3:

    First, sorry for the bombardment of questions above. I've not thought to have more than one account for myself!

    I'm assuming you mean to create another user account (standard or shared?) for daily work. In order to access the apps/docs which initially were installed in the admin acct, do you change permissions on them, reinstall them in that user account, or alias them? I'm not sure I understand how (daily non-admin as in your #3) without it becoming an inconvenience, so there must be something you do.

    This would be for one user (me), not many people with whom privacy is a concern.

  5. #5
    Join Date
    Aug 2001
    Location
    Grangeville, ID USA
    Posts
    9,142

    Default

    Personally I run as admin user all the time. Especially so if I am the sole user. I have the same root user password on all computers here and at home. And can log in and modify things as I need - not very bloody often! It has to be something pretty unusual for me to have to log in as root.

    All workstations always run as admin. The only account here that isn't is for my 10 year old kid. He can get on any computer he wants as long as he uses a plain users account.

    Rick
    molṑn labe'
    "I am a mortal enemy to arbitrary government and unlimited power. I am naturally very jealous for the rights and liberties of my country, and the least encroachment of those invaluable privileges is apt to make my blood boil."
--Ben Franklin

  6. #6
    Join Date
    Feb 2001
    Location
    on the landline, Mr. Smith
    Posts
    7,787

    Default

    Rick is doing what 98% of Mac (and Win) users do. I do too, most of the time.

    Leave Root disabled. You don't need it unless you are hacking around. I do recommend a second admin account in case you run into trouble, but it is not necessary.

    I think you are over thinking this a bit. We don't mind the questions, but really, unless you have specific security issues, or are sharing the machine with family and friends, there is only need for one admin account. Based on your first questions, I was thinking you had some specific user or security questions or problems. My bad for running with that.

    As for how multiple accounts work......I would suggest you get your single admin account running and happy, then make a test standard account, and log in as that user. You can see how all the apps work, and all the data (each user's home directory) is kept separate and isolated. Test away.
    "Imagine if every Thursday your shoes exploded if you tied them the usual way. This happens to us all the time with computers, and nobody thinks of complaining." -- Jef Raskin

  7. #7
    Join Date
    Jan 2002
    Location
    NW Montana
    Posts
    8,197

    Default

    Rick is doing what 98% of Mac
    Including me....

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •