"Everybody needs beauty as well as bread, places to play in and pray in, where nature may heal
and give strength to body and soul." - John Muir   Get Kids Outdoors - Get Active - Get Walking


Security and Privacy Guide

Step 4 - User Account

In most cases, whether you use Windows, Mac OS, GNU/Linux or BSD, your default account unfortunately is your administrator or root user account, which has full access to your system. If you're concerned about security and privacy, you should never work or play offline, or especially go online, in your default account, except to install software or updates. You should use a limited-access user account for routine work instead.

In fact, making changes in the administrator account in Windows and in the superuser / root user account in UNIX-based operating systems such as Mac OS, BSD and GNU/Linux is always dangerous. You could corrupt your system or make it either unbootable or vulnerable to attack by an intruder. So when it's necessary to make changes, you always need to do so carefully.

In Mac OS X, unlike Windows and GNU/Linux, there are three accounts. For security, the root user (Mac OS's equivalent of Windows' admin account) is disabled by default, so unless you enable it again (most users never have to - see my warning below the following links), there's no need to worry about making your system vulnerable to intruders through some mistake made while logged into your root account.

The default / admin account has some admin access, unfortunately, so even though it's limited, don't go online with your default / admin account. Use a normal / standard / staff user account instead.

In most GNU/Linux and BSD distributions, your default superuser / root user account unfortunately, like in Windows, is your admin account.

So create a limited-access user account (LUA) and use it for every-day use, especially to go online with, instead of your default account. But if you use Windows, be aware that it won't be a pain-free change. If you want to avoid the pain and hassle, switch to Mac OS X or an easy-to-use GNU/Linux distribution, then create a normal / standard / staff user account. Read the following articles to learn more. skip

More Information on Access / Privilege Control: skip

WARNING for MAC OS X Power Users: Enabling the root user account subjects your system to the typical dangers I mentioned are associated with using it. (In Unix-based systems, there is no undo command!)

If you must make root access changes, I strongly recommend using the sudo (substitute user do) command prefix instead to gain root access temporarily, but only after patching its buffer overflow security hole, if you use an older version of Mac OS than 10.04 (not Tiger - it's 10.4), and removing its unsecure 5-minute ''grace period'' first.

Otherwise, an intruder could gain full access to your system, in the former, if unpatched, and in the latter, if an attack is made during that grace period. Using sudo is safer than using su, but if you must use su (substitute user) to "su to root" so you can run several commands, ALWAYS use /bin/su instead, and ALWAYS with a dash or hyphen.

If you ever do want to make changes in your administrator (in Windows) or root user (in Mac OS, BSD or GNU/Linux) account, I strongly recommend always creating a disk image of your operating system's partition first. Then, read the following articles to learn how to make those changes safely.

How to Control Access / Privilege Securely in Windows: skip

  1. Run LUA Buglight to identify the specific causes of LUA bugs you're dealing with.
  2. Try one of these fixes for LUA bugs, starting with the most-preferred (Make the Developers Fix It) to the next-to-least-preferred fix (Loosen Access Control Lists).
  3. If none of those fixes work or you're unable to apply them, and only then, apply the least-preferred fix (Run Just the One Problematic App with Elevated Privileges) with one of the following access / privilege control methods or utilities.

How to Control Access / Privilege Securely in Mac OS X, BSD and GNU/Linux: skip

To learn more about su and sudo, here are some more links: skip

Security and Privacy Guide

Back to Navigation Links

Get notified when this page changes.

(requires free registration, has RSS option)
     It's Private

(requires free registration, has several options)

If you like my web site, tell your friends and family about it. (A window will appear if Javascript is enabled in your browser, and if you temporarily disable your popup blocker, if you have one.)

Recommend my web site to a friend for free.
powered by bravenet.com

Place a Pin on My Guestmap

Please read my disclaimer before visiting the following top sites.

  • Christian Top 1000
  •   Fish the Net's Top Christian Web Sites
  •   Crossmap's Christian Website Rankings
  •   Top Christian Web Sites

Brent's Place at brentsplace.info

©2000-2006 All rights reserved.

Naturalist Template provided by Designs by Darren. Released under a Creative Commons License.
Image of Half Dome provided by PD Photo and STUDIO7DESIGNS in Nautica 2.2 Template
Basic CSS Menu provided by CSS Play.