Most users have already acted as administrators on their macOS devices. This means that many applications were installed directly in the system root, requiring root permissions for writing and execution.
With the introduction of EPM, privilege management began to involve making targeted changes to permissions for specific users and directories, validating on a case-by-case basis the feasibility of moving applications from the root to the user’s Home context.
Common impacts
- Applications installed by administrators may fail when those privileges are removed.
- In some cases, Sudo rules can be used as support, but they must be applied with caution to avoid creating excessive permissions.
New environments
Users who already start their environment under the privilege de-escalation policy tend to have fewer problems, since their applications are already installed and executed within the user context, without relying on administrative privileges.