How do I downgrade user account to non-admin?

jbaughjbaugh
Posted:
in macOS edited January 2014
I've been using OS X since its public beta. I've always run my user account with administrative privileges. Now I see that everyone (Apple included) recommends that the user account used for routine daily computer activities should be a non-administrative account.



What's the easiest and safest way to convert my user account to a non-administrative account? I don't want to have to reconfigure my user account and all of its settings from scratch.

John
«1

Comments

  • Reply 1 of 22
    speed_the_collapsespeed_the_collapse Posts: 99member
    Create a new account, make it the admin, and go back to your account and make your account a standard one.
  • Reply 2 of 22
    jbaughjbaugh Posts: 28member
    Thanks, speed...etc.

    Easy as falling off a log.

    I was afraid I was asking a stupid question. But the first time I tried that I didn't see the "allow user to administer this computer" checkbox. But there it is as plain as the nose on my face.

    John
  • Reply 3 of 22
    speed_the_collapsespeed_the_collapse Posts: 99member
    No problem. The only stupid questions are the ones not asked.
  • Reply 4 of 22
    whyatt thrashwhyatt thrash Posts: 421member
    "There are no stupid questions, just stupid people"

    - That professor dude from South Park



  • Reply 5 of 22
    welshdogwelshdog Posts: 1,897member
    Quote:

    Originally posted by speed_the_collapse

    Create a new account, make it the admin, and go back to your account and make your account a standard one.



    So I'm logged in as standard user.



    I want to install an application.



    What happens? Do I have to log out, log back in as admin and then install?



    Seems like a pain.
  • Reply 6 of 22
    admactaniumadmactanium Posts: 812member
    i don't think there's a significant advantage to using the computer regularly as a regular user rather than admin because you'd have to type in your admin password to install anything. since right now the only way os x gets malware is by voluntarily entering your admin password, it's all up to you to keep track of what you install.
  • Reply 7 of 22
    a_greera_greer Posts: 4,594member
    Quote:

    Originally posted by WelshDog

    So I'm logged in as standard user.



    I want to install an application.



    What happens? Do I have to log out, log back in as admin and then install?



    Seems like a pain.



    No, it will pop up a prompt for admin password, like what happens when you unlock a locked control pannel in system prefs when logged in as admin
  • Reply 8 of 22
    jabohnjabohn Posts: 582member
    Quote:

    Originally posted by admactanium

    i don't think there's a significant advantage to using the computer regularly as a regular user rather than admin because you'd have to type in your admin password to install anything. since right now the only way os x gets malware is by voluntarily entering your admin password, it's all up to you to keep track of what you install.



    I agree with this. Every mac i've worked on has been run as an administrator. What your not supposed to run under is the root user.
  • Reply 9 of 22
    jbaughjbaugh Posts: 28member
    Here's what Apple has to say about this subject:



    Mac OS X Security Out of the Box

    Following the initial install, Mac OS X is fairly secure. A few simple tweaks make it even more secure. But before we get to those changes, there are a few things you should notice during the install process.



    Administrative Accounts

    The first account created on a Mac OS X system is an administrative account. If possible, this account should not be the account you commonly use; it should be reserved for making changes to the system and installing system-wide applications. After installing Mac OS X, go into the Users item in System Preferences create a new account without administrative access. For your common tasks, log in as that user.



    This is an excerpt from the following URL:



    http://developer.apple.com/internet/...rityintro.html



    If I understand this correctly, Apple encourages the regular use of a non-administrative account for highest level of security.

    John
  • Reply 10 of 22
    fahlmanfahlman Posts: 740member
    Quote:

    Originally posted by WelshDog

    So I'm logged in as standard user.



    I want to install an application.



    What happens? Do I have to log out, log back in as admin and then install?



    Seems like a pain.



    You'll be presented with a dialog box to input the admin user name and associated password. If entered correctly the application will install.
  • Reply 11 of 22
    icfireballicfireball Posts: 2,594member
    It's a great security feature that almost all critical changes require a password.
  • Reply 12 of 22
    admactaniumadmactanium Posts: 812member
    Quote:

    Originally posted by icfireball

    It's a great security feature that almost all critical changes require a password.



    i agree. but the thing is, when you want to install something in your non-admin account you're still going to type in the admin password to install it. so what's the big difference other than you'd have to type in your admin username as well as admin password? as far as i can tell it just doesn't make that much difference for security and it definitely doesn't make any difference for security against trojans, or user-action-required macros. if you're going to make the mistake of installing that trojan, you still have to type in the admin password in both accounts.
  • Reply 13 of 22
    i-am-an-elfi-am-an-elf Posts: 107member
    yes but how do oyu get it to save all your prefs documents applications movies music and everything else to the new account?
  • Reply 14 of 22
    ichiban_jayichiban_jay Posts: 660member
    *slams head against wall*



    YOU DON'T!



    You create a new account that has admin access... Then you remove admin power from the account you are currently using! This way you still have all your files, settings, and watever. You just don't have admin access on your primary account anymore. This way when you want to install anything it asks for your administrator password, even for dragging an icon into the applications folder.



    Why would you want to transfer all your files and stuff to the new administrator account? It would defeat it's purpose if you use the new administrator account as your primary account.
  • Reply 15 of 22
    admactaniumadmactanium Posts: 812member
    huh. so i guess this trojan doesn't require a password if you're running as admin. i stand corrected. guess i'll make me some admin accounts now.
  • Reply 16 of 22
    mr beardsleymr beardsley Posts: 365member
    The reason you would not want to use an admin account for day to day use is because anyone in the admin group has write privileges to the /Applications directory by default. If you are worried about your /Applications directory being modified without you knowing, it is best to use a standard user account.
  • Reply 17 of 22
    fahlmanfahlman Posts: 740member
    What is the command in the terminal that will show the the owner of all the files in the Applications directory?
  • Reply 18 of 22
    welshdogwelshdog Posts: 1,897member
    Quote:

    Originally posted by admactanium

    huh. so i guess this trojan doesn't require a password if you're running as admin. i stand corrected. guess i'll make me some admin accounts now.



    Yes, correct. I didn't realize this at first. Admin privileges allow some things in the App folder to be modified without asking for password.



    This article made it very clear to me:



    http://www.chaosmint.com/macintosh/a...rability.shtml
  • Reply 19 of 22
    javacowboyjavacowboy Posts: 864member
    Quote:

    Originally posted by WelshDog

    Yes, correct. I didn't realize this at first. Admin privileges allow some things in the App folder to be modified without asking for password.



    This article made it very clear to me:



    http://www.chaosmint.com/macintosh/a...rability.shtml



    Last week if you told me to do this, I would have told you you were crazy since OS X is secure by design.



    But after this recent spate of vulnerabilities, I decided it's best not to take any chances.



    It makes things more annoying when using the command line. Now I need to su into my admin account and then sudo (with my admin user password) whenever I want to run a command that affects my system or any file/directory under the admin group.



    It also has a psychological effect when the prompt asks your for your username AND password. It makes you pause to think instead of blindly entering your password.



    Still, it might lead to a sort of crying wolf syndrome, where you're installing a program that you would expect to modify only your Applications directory that tries to modify a critical system directory. If you had access to Applications, this would have raised a red flag that something was seriously wrong, but since all operations require a username/password, it doesn't.
  • Reply 20 of 22
    lundylundy Posts: 4,466member
    Quote:

    Originally posted by fahlman

    What is the command in the terminal that will show the the owner of all the files in the Applications directory?



    ls -la /Applications/





    The file owner is the third column from the left. Most will say "root". The next column is the group owner. Most will say Admin.
Sign In or Register to comment.