Re: Running a single acount in OS X Admin and User combined

From: Tom Stiller <tomstiller@xxxxxxxxxxx>
Date: Sun, 13 Nov 2005 21:15:03 -0500

In article <y9dd5l4cha8.fsf@xxxxxxxxxxxxxxxxxxxxx>,
William Mitchell <mitchell@xxxxxxxxxxxx> wrote:

> Jochem Huhmann <joh@xxxxxxx> writes:
>
> > sp@xxxxxxxxxxxxxxxxxxxxx (Király) writes:
> >
> > > I run out of a Standard account all the time, saving my admin account for
> > > testing, troubleshooing, etc. I almost never use the admin account and
> > > it is nearly always logged off. But I have modified /etc/sudoers so
> > > that I can become root from the command line in my Standard account if I
> > > need to.
> > >
> > > Is there any real difference, from a security standpoint, from what I
> > > have
> > > done, and simply running as an admin user all the time?
> >
> > Yes, you (and programs you run) don't have admin privileges and even
> > with sudo you need to supply a password. So there is no way that a evil
> > program can silently mess around with your system without your consent.
> >
>
> Do you know whether the admin account actually has any other actual
> privileges than being eligible for sudo? I suppose that the dialogs
> asking for an administrator's name and password might possibly check
> if the user named is a member of group "admin" - I can't check at the
> moment. Even if that were so, however it should just mean typing the
> name of the administrator account instead of the logged in account.

It's a member of the admin group.

--
Tom Stiller

PGP fingerprint = 5108 DDB2 9761 EDE5 E7E3
7BDA 71ED 6496 99C0 C7CF
.

Follow-Ups:
- Re: Running a single acount in OS X Admin and User combined
  - From: William Mitchell

References:
- Running a single acount in OS X Admin and User combined
  - From: Peter James
- Re: Running a single acount in OS X Admin and User combined
  - From: Garner Miller
- Re: Running a single acount in OS X Admin and User combined
  - From: William Mitchell
- Re: Running a single acount in OS X Admin and User combined
  - From: Király
- Re: Running a single acount in OS X Admin and User combined
  - From: Jochem Huhmann
- Re: Running a single acount in OS X Admin and User combined
  - From: William Mitchell

Prev by Date: Re: Using iSight camera 24 x 7... Eventually Fails
Next by Date: Re: UNIX command manual
Previous by thread: Re: Running a single acount in OS X Admin and User combined
Next by thread: Re: Running a single acount in OS X Admin and User combined
Index(es):
- Date
- Thread

Relevant Pages

Re: How good is Comodo Internet Security?
... Admin account + web browser + LUA token ... admin account opposed of running as iam now, which is JUST PURE admin level? ... While LUA gives added security, ... payload delivered by a buffer overrun (assuming the app was allowed to ...
(comp.security.firewalls)
Re: domain admin account impersontating
... i guees that the bottom line is that the domain admin account can be ... with the same username and password. ... Starting with Windows XP this became less simple, ...
(microsoft.public.windows.server.security)
RE: runas issue
... to Power Users per new company policy,so then only one local built-in admin ... user account was at one time an admin account and was changed to power user. ...
(microsoft.public.windowsxp.perform_maintain)
Re: Virus is getting domain account listing
... In 2003 you can change the process ID of the admin account. ... Play with the net user command at your command prompt and see what ... dictionary attack against every single account could happen. ...
(Focus-Microsoft)
Re: How to restore Admin account??
... Remote Operator group from Administrator User. ... SBS 2003 by default don't allow the Admin account to logon through TS? ... "Frank McCallister SBS MVP" wrote: ...
(microsoft.public.windows.server.sbs)