Installing GnuCash on Mac without X11 (using MacPorts)

[Richard Talley]

No, no, no! Please do *not* use an administrator account as your
personal account.

This is one of the biggest problems with Windows. Almost everybody
does this. At least there are good reasons for this with Windows.

Windows started out as a single-user shell wrapped around a
single-user program loader called DOS.  Windows programmers could
assume they had full run of the machine. (Security and privileges are
essentially non-existent on DOS.)

When the NT series came along (this includes XP and Vista), much of
the single-user structure of Windows was retained. The multi-user
parts were superstructure added to an essentially single-user design.
The result is a mess. It's difficult to back-up all your personal data
but only your personal data  because it is scattered around. It's
confusing to administer. Programmers have continued to assume their
installers and programs have full privileges. As a result many
programs, esp. games, won't run in a restricted user account and
almost everybody uses an admin account. This is a big factor
contributing to the plague of malware that infects so many Windows
machines.

OTOH, Unix was designed from the very beginning to be a multi-user
operating system. It's easy to backup only your personal data and
configurations (drag your home directory to an external device).
Programs run in a restricted user account without assuming they have
to have full privileges. It's the difference between having an armored
car that was designed from the get go to be an armored car and buying
a van that had armor slapped on after the fact.

So, on Linux and OS X machines, you never let your users (and you
shouldn't let yourself) use administrator accounts for their day to
day work.

In a corporate environment, you can do this with Windows, but it's a
lot more work than people are willing or able to do on their home
machines.

If you use a restricted account for your day to day work, then any
malicious or errant software can do so much less damage. Even smart
people can fall prey to social engineering exploits and permit a
trojan to get on their machines. Using an administrator account only
when you actually need to administer your machine is one of your first
and most important steps in securing your machine.

I helped a teacher purchase and start using a Mac. She complained that
she found it clumsy and intrusive to have to authenticate as an
administrator when she installed software. I explained that it may be
a little inconvenient to come out of the grocery store and have to put
down the sack and fumble for your keys. But you wouldn't want to have
a car without a lock on the trunk. And on the Internet there are lots
of people and their bots trying the doors and trunks, looking for the
ones that aren't locked.

-- Rich

On Fri, Jan 2, 2009 at 7:28 PM, John R. Carter, Sr. <john at jrcarter.com> wrote:
> I found that as long as you have your personal login set to administer the
> system AND you have a password set, you can use sudo directly to install and
> administer the system from your own login.
>
> On Jan 2, 2009, at 11:15 AM, Richard Talley wrote:
>
>> Actually that's not true. To illustrate, let's assume you have an OS X
>> machine with a user account foo, an admin account bar, a bash prompt
>> configured to show the user name, and you are logged in as foo. When
>> you open the Terminal just switch to the admin account thusly:
>>
>> foo$ su bar
>>
>> You'll be prompted for the bar account password and assuming you enter
>> it correctly, you'll get a new prompt:
>>
>> bar$
>>
>> At this point you can issue your sudo commands. Or you can actually
>> become root, which is what I prefer to do. The default on OS X is for
>> the root account to be disabled so nobody can actually log in as root,
>> but you can still become root using the admin account password:
>>
>> bar$ sudo su
>>
>> Successfully enter the admin password again and you will get this prompt:
>>
>> root#
>>
>> Be careful. You are now god of the machine. Remain root only long
>> enough to issue your installation commands. Use the exit command to
>> leave the root account and return to the admin account. Use the exit
>> command again to leave the admin account and return to the user
>> account where you started.
>>
>> I can't remember the last time I actually logged into the admin
>> account through the GUI on my machine. I just remain in my normal user
>> account and become admin or root at the command line when necessary.
>> It's one of the nifty features of any Un*x-style system and is, IMO,
>> more flexible and straightforward to use than the RunAs feature in
>> Windows.
>>
>> BTW, if you need to run a GUI application with root privileges in OS
>> X, this won't work:
>>
>> root# open -a TextEdit.app
>>
>> TextEdit will open, but not with root privileges. You have to give the
>> complete path to the executable thusly:
>>
>> root# open -a /Applications/TextEdit.app/Contents/MacOS/TextEdit
>>
>> I find this trick useful as some tasks, such as editing plist files,
>> are easier to do using the GUI tools. Or you may simply prefer to use
>> a GUI editor rather than vi or pico for editing makefiles, etc.
>>
>> -- Rich
>>
>> On Fri, Jan 2, 2009 at 9:18 AM, Frank Marion <lists at frankmarion.com>
>> wrote:
>>>
>>> An important bit to add:
>>> The following must be done from an account with administrative
>>> permissions. As a new user to OS X, I did not recognize the difference
>>> between "root" and and "administrator's account". Without admin
>>> abilities, you cannot sudo, and thus none of this will work. So long
>>> onto your admin account first.
>>>