Using a non-admin account for security purposes

In addition, and arguably the best precaution, have a separate account with administrator rights and use that only to install software. The account you use on a daily basis should NOT have administrator rights. That way, if some malware wants to install something you wil get a prompt to provide the administrator password and you can, and should, cancel immediately and investigate.

3 Likes

Security is a layered approach. And yes, running software from an account with the minimum privileges necessary for it to run (meaning a non-administrator for most things) is a key layer.

Under normal circumstances, you should never have to actually log in to an administrator account. As long as it exists (and Apple’s GUI tools for user management won’t let you delete the last administrator), then that’s enough.

If you do anything that requires administrative privileges (e.g. install software or modify some system settings), you will be presented with an authentication dialog. Type in an administrator’s short user-name and password and you’re good to go.

The only downside here is that the sudo command (used from command-line shells to execute a single command as root) is only usable by users in the admin group (that is, administrators), using Apple’s default configuration:

But you can work around that by explicitly granting yourself sudo access via its configuration mechanism. For example, I created a file /etc/sudoers.d/011_david which grants me sudo access without being in the admin group:

You can do the same on your system. Just replace “david” with the short user name of the account you normally use.

Note that sudo will still ask you for a password the first time you use it in a given session (and after about 5 minutes of not using it), so it’s still pretty secure.

Or, if you don’t want to do that, you can use the su command to switch your terminal session to another user (e.g. your admin user). Do what you need from there and then exit back again. For example (if your administrator account is named administrator):

$ su administrator
Password:

Enter the administrator account’s password when prompted. You are now running as administrator (for that terminal session only). Do what you need from there, including use of the sudo command, as you require.

When you’re done, exit from the su session:

$ exit

And you’re back to your own account with its original permissions.

4 Likes

I have done this security practice - taken from old days of programming.

However I have found that Apple often wants the Administrator logon to be used instead of a user logon - something to do with Apple ID. Given Apple’s claims about security prowess, I find Apple’s inability to let users keep private their Administrator account details to be baffling. Moreover, Apple employees never explain to Mac purchasers the value of having a separate Administrator account.

In practice, with modern MacOS, I think having a separate account is a huge hassle with little security benefit. Yes, in theory, it’s “more secure.” But so much is locked away from user access these days, the admin accounts are easily secure enough that the difference is imperceptible. But if you use a non-admin account, you get lots of prompts to enter an admin username and password. As well as being a huge pain, I think this completely undermines the supposed extra security from running as a non-admin. You get conditioned to entering your admin username/password all the time, so this:

just seems normal and the average user is likely to simply enter the admin username/password.

I’ve yet to see a good argument for normal people to regularly run as a non-admin on modern MacOS. I think it’s really a holdover from Unix & Linux in the past (where it was a very good idea not to use an admin account as a matter of course!). And I’ve certainly not seen any data that shows a real (as opposed to theoretical) benefit. If it’s out there, I would be interested to see it, and am certainly open to being proved wrong.

4 Likes

I wonder what you are doing or what software you are running that is causing those ‘lots of prompts’?
I can use my Mac with my standard account for weeks on end without getting any admin prompt. I only get those when I actively choose to do something that indeed requires admin access and entering the credentials then is no hassle at all for me.

4 Likes

Really? I only get these prompts when installing/upgrading software. I can’t think of a time when I needed to provide these credentials for some other purpose.

I think the biggest reason is that admin users have read/write access to the /Applications folder. Which means they can install, remove and modify application software without any additional authentication.

If you’re not an admin user, then you need to authenticate as a part of accessing anything in that location.

2 Likes

Include me in the group that rarely sees the authentication prompts.

Also when clicking on the padlock in a System Preferences pane.

2 Likes

I too have used a non admin account since macOS moved to UNIX. There is one thing Apple could do to make it more smooth though. As we get the prompt, let us use the fingerprint of our admin account.

Inspired by this thread, I just sent Apple feedback via Feedback - macOS - Apple

I’m with @jzw. I have never used a non-admin account on any Mac I own and administer.

I have never had any malware scanner constantly run in the background. Yuck.

I run Malwarebytes in its free version perhaps once a week and it has never reported anything odd. I believe I do this just to make myself feel good, but I doubt there’s really good reason to run it. I keep up with Apple’s security updates. And I honestly don’t give two hoots about Win folks getting malware. They always end up getting something somewhere. Their choice.

I like what I’ve heard from Howard and friends about the new XProtect so far.

I am very cautious who I hand out my information to, usually minimize that, and I’m even more restrictive when it comes to accepting stuff from others, clicking on stuff, installing apps, etc. I rely heavily on malware and ad blockers when surfing.

I have never had any infection or malware issue on any Mac I own or administer. But sure, maybe it’s all just because I always got lucky. :wink:

2 Likes

But I don’t see the practical security benefits of this. Applications can be run from practically anywhere on MacOS, so this isn’t going to prevent malware from running.

And I should clarify that obviously I’m not getting prompts if I’m doing general work or basic activities (e.g. writing, browsing, etc). But my memory from when I’ve tried using a non-admin account (and it’s been a while now!) is that anytime I need to manage the system or do any development work, it gets irritating pretty quickly. It’s not an insurmountable problem, but I still don’t see what I’m gaining, so even marginal hassle makes it not worth it for me. And it would make remote support of others even harder, so I never recommend running from a non-admin account for family/friends.

3 Likes

As a long time sysadmin and computer security person…I would have to quote the knight from the Indiana Jones movie…he chose poorly. Nothing personal of course…and you’re completely free to operate as you wish…but a non admin daily driver seems like a no brained to almost all sysadmins.

Granted…macs are much less susceptible to those sorts of things…but running non admin daily driver costs you absolutely nothing and prevents potential bad things as well as oopsies. One can easily just provide the admin credentials when asked even logged in as non admin.

4 Likes

This is Apples take on this subject:
“Administrators can create, manage, and delete other users; install and remove software; and change settings. For these reasons, an administrator should create a standard user account to use when administrator privileges are not needed. If the security of a standard user is compromised, the potential harm is far more limited than if the user has administrator privileges. If multiple people use your Mac, limit the number of users with administrator privileges.”

https://support.apple.com/et-ee/guide/mac-help/flvlt003/mac

3 Likes