Re: Running a single acount in OS X Admin and User combined

From: William Mitchell <mitchell@xxxxxxxxxxxx>
Date: 13 Nov 2005 17:30:23 -0500

Jochem Huhmann <joh@xxxxxxx> writes:

> sp@xxxxxxxxxxxxxxxxxxxxx (Király) writes:
>
> > I run out of a Standard account all the time, saving my admin account for
> > testing, troubleshooing, etc. I almost never use the admin account and
> > it is nearly always logged off. But I have modified /etc/sudoers so
> > that I can become root from the command line in my Standard account if I
> > need to.
> >
> > Is there any real difference, from a security standpoint, from what I have
> > done, and simply running as an admin user all the time?
>
> Yes, you (and programs you run) don't have admin privileges and even
> with sudo you need to supply a password. So there is no way that a evil
> program can silently mess around with your system without your consent.
>

Do you know whether the admin account actually has any other actual
privileges than being eligible for sudo? I suppose that the dialogs
asking for an administrator's name and password might possibly check
if the user named is a member of group "admin" - I can't check at the
moment. Even if that were so, however it should just mean typing the
name of the administrator account instead of the logged in account.

--
Bill Mitchell
Dept of Mathematics, The University of Florida
PO Box 118105, Gainesville, FL 32611--8105
mitchell@xxxxxxxxxxxx (352) 392-0281 x284
.

Follow-Ups:
- Re: Running a single acount in OS X Admin and User combined
  - From: Tom Stiller

References:
- Running a single acount in OS X Admin and User combined
  - From: Peter James
- Re: Running a single acount in OS X Admin and User combined
  - From: Garner Miller
- Re: Running a single acount in OS X Admin and User combined
  - From: William Mitchell
- Re: Running a single acount in OS X Admin and User combined
  - From: Király
- Re: Running a single acount in OS X Admin and User combined
  - From: Jochem Huhmann

Prev by Date: Re: MS Office run as administrator?
Next by Date: Re: MS Office run as administrator?
Previous by thread: Re: Running a single acount in OS X Admin and User combined
Next by thread: Re: Running a single acount in OS X Admin and User combined
Index(es):
- Date
- Thread

Relevant Pages

Re: How good is Comodo Internet Security?
... Admin account + web browser + LUA token ... admin account opposed of running as iam now, which is JUST PURE admin level? ... While LUA gives added security, ... payload delivered by a buffer overrun (assuming the app was allowed to ...
(comp.security.firewalls)
Re: domain admin account impersontating
... i guees that the bottom line is that the domain admin account can be ... with the same username and password. ... Starting with Windows XP this became less simple, ...
(microsoft.public.windows.server.security)
RE: runas issue
... to Power Users per new company policy,so then only one local built-in admin ... user account was at one time an admin account and was changed to power user. ...
(microsoft.public.windowsxp.perform_maintain)
Re: Virus is getting domain account listing
... In 2003 you can change the process ID of the admin account. ... Play with the net user command at your command prompt and see what ... dictionary attack against every single account could happen. ...
(Focus-Microsoft)
Re: How to restore Admin account??
... Remote Operator group from Administrator User. ... SBS 2003 by default don't allow the Admin account to logon through TS? ... "Frank McCallister SBS MVP" wrote: ...
(microsoft.public.windows.server.sbs)