Creating and using restricted accounts on Mac OS X
Suzumiya Haruhi: the ultimate superuser!
As a person used to using Unix-like systems such as FreeBSD on a regular basis, I know how important it is to use a restricted account for day to day use, and an all powerful administrative root account only when system maintenance needs to be performed. It is the absolute golden rule for every Unix system.
In the world of Mac OS X the story is somewhat different. In a similar fashion to Windows installations, when you install Mac OS X a user account is created with the name of your choice: the problem is the resulting account is an "administrator" with which you can modify most aspects of the system with little to no restriction (differs somewhat from a root user, but that’s for another post). This of course flies right in the face of the golden rule.
Creating the accounts
Fortunately it is possible to modify your existing account for regular use and create an administrative account:
- Launch the Accounts preference pane and click the "[+]" in the lower left hand side. You may need to click the lock icon to make changes.
- Create a new administrative account by filling in a name (I chose "Senpai"!), a solid password and make sure you set the "New Account" type to "Administrator". Click "Create Account".
- You may be asked if you want to disable "Automatic login". Definitely a good idea.
- Disable administrative access rights in your current account by selecting it in the account column and uncheck the "Allow user to administer this computer".
- Hide your admin account by clicking "Login Options" and changing the "Display login window as:" radio button to "Name and password".
- Log out of your account, and log back in to save changes.
Now whenever you log into Mac OS X, enter your now restricted account username and password.
Accounts preference pane in System Preferences
- Whenever you want to install a new piece of software by dragging it’s icon to the Applications folder, Mac OS X will ask for your admin username and password, just as it would if you were using an installation assistant. This means applications can’t install without your explicit permission.
- If ever a trojan horse or malicious application installed itself on your system (barring extenuating circumstances) it would be limited to your standard account which means it’s potential to cause damage would be greatly restricted.
- The potential for you to cause unintentional damage to the file system or system files is greatly reduced because you simply not allowed to do it. Often you’re the greatest threat to your system!
- The best thing about this arrangement is that you never actually ever have to login to your admin account at all, you just use it’s username and password whenever you want to make changes to the system.
It’s a shame that Apple doesn’t create standard/restricted accounts by default for people. Fortunately it’s not a hard thing to change, and once you do you’re well on your way to hardening the security of your Mac.
One thing to keep in mind is that if you use the Terminal, as a restricted user you don’t have "wheel" priveliges anymore. To be able to use the
sudo command, first login to your admin account by entering su [account name].
For more information, check out the Apple Knowledge Base article on creating user accounts, the Wikipedia article on superusers and the FreeBSD Handbook page on superusers for a general overview on on why it’s a good idea to use restricted accounts on Unix systems.