There's been at least one discussion on this forum in the past 1-2 months about whether or not one should use an admin-enabled account as one's default account. As the sole user of this Powerbook, I hadn't been particularly concerned about this issue - so my account was (until a couple days ago) in the admin group.
Well, after thinking about this and realizing that some of the arguments made against "admin by default" did indeed make sense, I decided to create a new admin-level account and then de-adminify (he he) my regular user account. In large part I was curious to see how annoying/inconvenient this setup would be.
Those of you who already do this know the answer - it's not inconvenient at all! I have been, once again, impressed by the thought Apple has put into the design of this OS. Even as a non-admin, you don't have to change how you do anything. If you need to do an admin level task, just do it - the OS will prompt you for an admin username and password when/if that level of access is necessary.
(BTW I am aware that XP will also let you "run as user...", but it's not nearly as elegantly and transparently implemented).
I will give one warning regarding something I discovered the hard way. When you create a new admin account, make sure you do not use a long name that matches the long name of another account! I inadvertently did this, calling my new admin account "System administrator" - which I found afterward matches the long name for the inactive root account. This situation left me unable to log into the new account I'd created. I'm not sure why the long name matters in this case, but oh well.
Anyway, the only real shortcoming to this whole setup is that I often need to use "sudo" access for stuff like fink - so I ended up putting my non-admin account into /etc/sudoers. Since sudo requires your password before use, this doesn't seem like a significant security issue.
P.S. Oh, the other advantage to this set up is it gives people on single-user machines a reason to play with the trés cool fast user switching in Panther.
Well, after thinking about this and realizing that some of the arguments made against "admin by default" did indeed make sense, I decided to create a new admin-level account and then de-adminify (he he) my regular user account. In large part I was curious to see how annoying/inconvenient this setup would be.
Those of you who already do this know the answer - it's not inconvenient at all! I have been, once again, impressed by the thought Apple has put into the design of this OS. Even as a non-admin, you don't have to change how you do anything. If you need to do an admin level task, just do it - the OS will prompt you for an admin username and password when/if that level of access is necessary.
(BTW I am aware that XP will also let you "run as user...", but it's not nearly as elegantly and transparently implemented).
I will give one warning regarding something I discovered the hard way. When you create a new admin account, make sure you do not use a long name that matches the long name of another account! I inadvertently did this, calling my new admin account "System administrator" - which I found afterward matches the long name for the inactive root account. This situation left me unable to log into the new account I'd created. I'm not sure why the long name matters in this case, but oh well.
Anyway, the only real shortcoming to this whole setup is that I often need to use "sudo" access for stuff like fink - so I ended up putting my non-admin account into /etc/sudoers. Since sudo requires your password before use, this doesn't seem like a significant security issue.
P.S. Oh, the other advantage to this set up is it gives people on single-user machines a reason to play with the trés cool fast user switching in Panther.
