Sunday, October 14, 2007


I was reading this advice about running as a non-Admin user on your Mac, when I realised it's totally backwards.

It advises setting up and using a new account, to which administrative privileges are not granted. It advises

If you want to transfer any data (such as preferences files or e-mail messages) from your current account to the new one, drag the items from their current location in your Home folder to the corresponding location in the new account’s Home folder.
Oh, just like that? All my preferences, bookmarks, settings, documents, music and photos? This is bad advice. Setting up a new user account for a little change like this is quite unnecessary and practically destructive of your data as you can never migrate everything (1). If I'm not mistaken, it's perfectly possible to remove the admin privileges from any user account created in OSX, including those created with Setup Assistant (2). Another reason it's bad advice is that if you can't stand running as non-admin because of some behaviour of other, you can't just Go Back. Which you should always be able to do with changes spouted in an online column.

Far better to set up a new account called Admin, with admin rights, then remove those admin rights from your current account. If you ever do anything in Terminal using sudo then add your current account to the sudoers file using visudo before you do this as it's a pain to do it afterwards (believe me, if you don't understand that or have never heard of sudo you don't need it). (3)

I did it to see what it was like, having experienced nightmarish scenarios in Windows trying to run as a non-admin user (this is much mitigated in Vista, more on which later) and it's just fine - I love OSX's admin escalation paradigm anyway, being able to set/unset with the little padlock is much nicer than Windows Vista's UAC, but the only extra time I've noticed having to authenticate is adding an appliction to the Applications folder, and I don't do this very often. (well, every day if you count getting the nightly trunk build of Camino, but I don't mind that). In fact, I have a Camino image waiting now.. I have to enter the admin user name and password, which is mildly annoying compared to just password, but I can also disable auto-login on my current account knowing Beck can enter the password, and keep the viciously complex password for my admin account. Yes, I know that all of these passwords can be bypassed with OSX install disks, but I am thinking of mitigating that by using Filevault to encrypt my home directory. I just need a backup strategy first!

Ordinary User stuartd

(1) Creating a new user profile is a good way of losing cruft but it has to be deliberate and consensual.

(2) As a software consumer I think "Assistant" sounds a lot more promising than "Wizard", but is that just because I have read Terry Pratchett / JK Rowling? Shop Assistant, Library Assistant, Teaching Assistant, Rincewind, Harry Potter. Which one do you want helping you?

(3) I missed the old sudo warning when I got my new MacBook.

No comments: