auto-login multiple accounts

Discussion in 'Apple' started by Barry Margolin, Nov 29, 2008.

  1. Barry Margolin

    Guest Guest

    It's an extra security measure - an extra layer to make them stop and
    think about whether they really want to do it.[/QUOTE]

    sure but that only matters if they actually start poking around. most
    people don't do that, so the extra layer is never utilized.

    it's sort of like driving a car while wearing a crash helmet. in the
    event of an accident, it will reduce injuries, but most people don't
    get into accidents so the hassle of having a helmet isn't going to make
    a difference most of the time. on the other hand, if one is driving
    where the risk of an accident is more likely, such as racing, then a
    crash helmet is well worth the hassle.
     
    Guest, Nov 30, 2008
    #21
    1. Advertisements

  2. Barry Margolin

    ZnU Guest

    Of course if it's a document for "system administrators", it pretty
    clearly has nothing to do with people's personal machines. If I were
    setting up Macs in a controlled office environment I'd certainly give
    users non-admin accounts.
    Probably because it's a bit annoying to not have easy access to an admin
    account on your personal machine. Which is why you should probably just
    run as an admin.
     
    ZnU, Nov 30, 2008
    #22
    1. Advertisements

  3. Barry Margolin

    ZnU Guest

    The additional files and directories that one has write access to when
    logged in as an administrator almost exclusively contain items other
    than unique user data. Items, in other words, that can be trivially
    re-installed. And the possibility that you might have to re-install such
    an item once every several years is not sufficiently detrimental that it
    makes sense to sacrifice the convenience of using a primary account with
    administrator privileges in order to reduce it.

    One could actually, in point of fact, make a fairly compelling argument
    that it's *more* risky for users to run as non-admins, because it blurs
    the line between things the user is supposed to mess with and things the
    user isn't. On a single-user personal system, /Applications is something
    the user is supposed to modify. /System, however, is not. Logged in as
    an admin, you can modify /Applications without a password, but you have
    to authenticate to modify /System. Logged in as a non-admin, you must
    authenticate to modify either one, which lowers the barrier to screwing
    with something in /System.

    It's also a terrible idea to condition users to enter their passwords
    frequently, because they quickly start to do it without paying very
    close attention. If running as a non-admin means users get asked to
    enter their passwords two or three times as much, it's probably
    substantially more likely that they'd provide their passwords to
    malicious phishing software. (I'm not aware of any such software on the
    platform at the moment, but as a general security principle this is well
    established.)

    [snip]
     
    ZnU, Nov 30, 2008
    #23
  4. You've got to be kidding me. Backing up was *never* that simple.[/QUOTE]

    If the target was large enough to contain the entire original, it was.
     
    Michelle Steiner, Nov 30, 2008
    #24
  5. Michelle Steiner, Nov 30, 2008
    #25
  6. The average user won't *ever* accidentally delete files in their
    system that they might not otherwise have deleted so easily if they
    had been logged into a non-administrative account?[/QUOTE]

    The average user doesn't delete what should be deleted, let alone what
    shouldn't. The average user thinks "It's there for a reason, I better
    not remove it."
    The average user never heard of usenet, so just by being here, they're
    not average users.
    The average user has been so scared by reports of viruses that they
    usually do not download anything.

    The problems usually happen to the slightly above-average user who
    thinks he knows more than he actually does; they're the ones who get
    themselves into trouble. And they're the ones we see coming here,
    asking for help. Like the "gawd I hate computers" guy.
     
    Michelle Steiner, Nov 30, 2008
    #26
  7. I was merely refuting your implied "never" is all. ;)
     
    Michelle Steiner, Nov 30, 2008
    #27
  8. Whatever you say, Michelle.[/QUOTE]

    I'm happy to see that you agree with me; I hope you had a good
    Thanksgiving weekend.
     
    Michelle Steiner, Nov 30, 2008
    #28
  9. Barry Margolin

    Guest Guest

    That's a load of bull. People tend to delete things they shouldn't have
    all the time - usually in an attempt to fix some problem they are having.[/QUOTE]

    all the time? what evidence do you have?
     
    Guest, Nov 30, 2008
    #29
  10. Barry Margolin

    Guest Guest

    Or maybe it's just geared towards system administrators because they,
    unlike your average home user, are actually concerned and knowledgeable
    about security issues.[/QUOTE]

    or maybe the needs of a sysadmin managing multiple machines is
    different than the average home user who has only one machine, and
    wants full control of it.
    great. however, some people do find it annoying.
    typing a name *and* password takes twice as long as just the password
    (and let's not nitpick about the possibility of one being much larger
    than the other).
     
    Guest, Nov 30, 2008
    #30
  11. Barry Margolin

    Guest Guest

    Well, we see them post here about it from time to time. I have to assume
    for every one person who posts here, there are countless others who
    don't make it to Usenet.[/QUOTE]

    so you have no evidence and are just assuming. thanks for the
    confirmation.
     
    Guest, Nov 30, 2008
    #31
  12. Barry Margolin

    ZnU Guest

    For single-user personal machines, for apps and other components that
    can be installed without modifying operating system directories (i.e.
    /System, /etc, /user, etc.), yes, that's exactly what I'm saying.
    Dragging an item into or out of /Applications on a single-user personal
    machine, for instance, is not an exceptional circumstance or a risky
    action, and should not be treated as one.
     
    ZnU, Nov 30, 2008
    #32
  13. Barry Margolin

    ZnU Guest

    They're concerned about the sort of issues that don't exist on personal
    systems, like users turning off remote management features or installing
    unauthorized software.
    You're asked in many more circumstances, and you have to type about
    twice as much in each one.
     
    ZnU, Nov 30, 2008
    #33
  14. Barry Margolin

    Wes Groleau Guest

    Does that say something about their confidence in their installers?

    :)
     
    Wes Groleau, Dec 1, 2008
    #34
  15. Barry Margolin

    Wes Groleau Guest

    My personal and professional experience is that the benefit is NOT minor.

    My Mac experience is that there is no "added inconvenience."
     
    Wes Groleau, Dec 1, 2008
    #35
  16. Barry Margolin

    Wes Groleau Guest

    I heard the scare stories, and so generally would wait a while.
    But my waits got shorter and shorter until finally, I was installing
    anything available without a wait. Finally, I said what the heck
    and made it a script in periodics/daily. I have never been able
    to pin a problem on an Apple update since I got my first Mac in 2000.

    Obviously, others have not been as fortunate, but .....
     
    Wes Groleau, Dec 1, 2008
    #36
  17. Barry Margolin

    Wes Groleau Guest

    I wish it were true. The filter logs on my e-mail machine say it isn't.
     
    Wes Groleau, Dec 1, 2008
    #37
  18. sure but that only matters if they actually start poking around. most
    people don't do that, so the extra layer is never utilized.

    it's sort of like driving a car while wearing a crash helmet. in the
    event of an accident, it will reduce injuries, but most people don't
    get into accidents so the hassle of having a helmet isn't going to make
    a difference most of the time. on the other hand, if one is driving
    where the risk of an accident is more likely, such as racing, then a
    crash helmet is well worth the hassle.[/QUOTE]

    Reminds me of the advice my opthalmologist gave me when I got my last
    checkup. She said that since I have one bad eye I should wear safety
    glasses to protect my good eye when doing activities that might cause my
    face to be hit. I said it's not a problem because I don't engage in
    many dangerous activities -- I'm not much of a sportsman. She said she
    includes driving, because the airbag could go off and smash me in the
    face.

    I suppose anything is possible, but I'm not going to wear glasses just
    on the slight chance that I might get in an accident that sets off the
    airbag.
     
    Barry Margolin, Dec 2, 2008
    #38
  19. It's not set to install automatically, just download them. SU then pops
    up a window saying there are updates ready to install.
    Do you really expect someone who can barely click the "Install" button,
    and gets confused when it asks her to agree to the license, to be
    competent to decide which updates to install?

    Actually, what often happens is that SU window stays on her screen for
    days or weeks, until she asks me what to do about it. I often have to
    VNC into her system and do it for her.
     
    Barry Margolin, Dec 2, 2008
    #39
  20. We tried that in my company, but it was too inconvenient to have to go
    to sysadmins for many routine maintenance tasks, like installing
    software. They put softwareupdate and softwareupdategui in sudoers, so
    we could run these ourselves, as well as a script to give read access to
    all the system logs. And it didn't prevent people from installing
    third-party applications, they just had to do it in ~/Applications
    rather than /Applications (most installers don't make this easy, I had
    to use Pacifist frequently). So it was more trouble than it was worth,
    it seemed.

    When they upgraded us from Tiger to Leopard they also gave us admin
    accounts. They still maintain some control using LDAP managed services.
     
    Barry Margolin, Dec 2, 2008
    #40
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.