For a long time, I have had two accounts on my Mac : an administrator account that I normally don't use, and a "normal user" that I use for day-to-day work. I did this because it should be more secure to work in an account with fewer privileges.
The drawback is that I get more security popups. And I believe Apple's standard practice is still to give you administrator rights when you do a standard install.
I will be installing a clean system soon, so my question is: should I continue using two accounts or just have one account for everything? Is having two accounts more secure in practice? or am I just annoying myself for no real reason?
Best Answer
Let's differentiate a user being one individual from a user being a single UNIX user account.
As for the purpose of limiting privileges to the computer account and not for the individual operating it, creating two separate user accounts in Mac OS X is overkill and if you ask me rather impractical. Even an administrator account lacks the privileges to modify anything system critical without authenticating as the root user, which requires manually re-entering your password.
The only significant extra privilege an administrator account has is the ability to switch to the root (privileged) account. If you are familiar with the
sudocommand in the shell, this is very much the same thing.You would create a regular user account as opposed to an administrator account if you want to limit privileges of the individual operating the computer, for example with kids or employees.