About Adam Knight
Location
Austin, TX
Home page/site
http://www.hopelessgeek.com/
Author Biography
Adam Knight is one of the founders of Mac Geekery and is a geek at heart. Programmer by day, hacker by night, his daily life revolves around the Macintosh platform, which he has been a user and programmer for since the early days of System 7 when his LCII replaced his Apple //c.
In-between tech jobs, he’s managed to learn the basics of any web hacker: PHP, MySQL, Perl, Apache, Linux, *BSD, and the intricacies of ./configure —prefix=~/bombshelter/. Today, codepoet is concentrating on blogging again, writing some software for the Mac by himself (including Notae) and for his company (such as Photonic) and has a few other toys coming out soon. Bug him over AIM or email [link fixed].
Chronos’ StickyBrain, and now its replacement SOHO Notes, (and the supplied OpenBase) will not work with a non-admin account. There aren’t many apps like this, thankfully. I do have one or two others I use that require an admin account, but I don’t use them often, so I don’t recall the names.
It still makes sense to leave the original, UID 501 account as unmodified as possible, and not use it except for app installs. That way, if one’s daily-use account gets hosed beyond usability, you always have a backup, admin account you know will boot.
The UID of the backup account is irrelevant if you’re using it for alternative login reasons and can just as easily be 1025 or later like secondary accounts are. What matters is that the account should be an admin. That’s about it.
No argument there. 501 was just a convenient example #.
Here’s what’s keeping me in my admin account – if, say, I’m on my laptop and want to log in to my desktop computer I can either choose an non-admin account to log into and only have access to what’s inside that account, or I can log into an admin account and get that, plus all the volumes mounted on my desktop Mac.
In other words, how can I log in to a non-admin account but still have access to all the volumes where I keep my stuff? Short of getting myself a network drive?
Just a guy made of dots and lines.
A quick google search shows that you can use a program called SharePoints for this task if you don't want to edit NetInfo directly... Caution: I've not used this program before as I have use Mac OS X Server on one of my computers at home.
-- unxgeek@unxgeek.us "Smile," they said, "it could be worse." So I did, and it was.
-- "Smile," they said, "it could be worse." So I did, and it was.
Ah, cool, that works nicely (although the app itself seems a bit crashy). Thanks!
—
Just a guy made of dots and lines.
Just a guy made of dots and lines.
If I’m in the practive of granting admin access to any installer I run (because, after all, I’m trying to install that program, and so I’m going to do whatever I think is necessary to get that project finished), how does it help to not run as an admin all the time?
Won’t granting admin access to an installer allow it to do everything that it would be allowed to do if I were already running as an admin? Or, is it the case that if I run as a normal user but enter my admin password to do installs then the installer can’t do as much as it would under a ‘real’ admin account?
The dialog is telling you something. It’s saying “this package is about to do some stuff as root, are you sure you want that?” That should make you stop and think: “What could this possibly need root for?” before entering your information.
It doesn’t for a lot of people, and that’s fine. The real possibility for damage exists not in that method, but in this: say I make a package that uses
niclto create a user and group for me, the attacker, and then I ran around running it on all my coworker’s machines. Nothing stops me, other than people being smart and locking down their computers, which no one does. Say I made it more nefarious and installed keyloggers or new network services, etc. Nothing stops me from doing this. Hell, nothing prompts me. I don’t need to reboot to single-user mode or do anything else, I can just run the installer and move through without the password and run my package, and scripts, as root.That should be impossible.
“Zac” (IF thats his real name
had the same question I was wondering too… it seems to me that there is NO difference between using an admin account and entering your password when asked to install something and using a non-admin account and entering an admin account password when asked to install something. In each case you get a request for password first, then enter it, and the installer does what its supposed to do (or something rather evil in your example).
Whats the difference and why is the non-admin account less dangerous if you’re gonna assume the best and give the password in both cases??
bri-bri
“magneto phone? that is NOT a magneto phone!”
“magneto phone? that is NOT a magneto phone!”
You’re not always asked if you’re running as an admin. That’s the difference.
I just did this, and I removed my admin rights without going to the admin account, I just use it to authenticate the removal of my admin rights.
By the way, registering to this site to post a comment is a bit painful, as the “you can either login or register to post comments” has broken links (when one is not logged in), so one needs to hunt for the correct page.
I was not aware of that. I’ll fix it, thanks.
Cool, I did that, following your advice.
I also create an Applications folder in my home (it inherit the icon by itself).
And I’m installing whenever I can in this folder ( also very convignent for backup)
... but …
I’ve now two separate folder holding all my apps : the standard one on the root of my HD, and mine sitting in my home.
How can I “merge” visually those two, so I don’t have to search at different places for my apps ?
Great blog/website, more podcast please!
PhS
hi
how do i can get my admin password and username?how do i can get my ip address and my port to reach internet as free without limit time at my office .
Post new comment