Managing User Accounts in Mac OS X
- Understanding User Types
- Creating and Editing User Accounts
- Securing Your Macintosh
- What You've Learned
- Lesson Review
Time
This lesson takes approximately 1 hour to complete.
Goals
Create, configure, and manage user accounts in Mac OS X
Understand security issues involved with user accounts and passwords
Troubleshoot user account issues
Mac OS X is a true multiuser operating system, which means that the computer can be used by more than one user, and that every resource, file, and program is associated with a user on the system.
In Mac OS 9, the Multiple Users control panel allowed you to configure the system for more than one user. This feature was added to the operating system to give each user a unique workspace. Microsoft Windows implements multiple user accounts with functionality similar to Mac OS 9. UNIX, on the other hand, was designed to be a multiuser environment because most computers in existence at the time UNIX was developed were large computers that had to be shared by many users.
This lesson introduces you to the three types of user accounts in Mac OS X; how to create and manage user accounts; and your options for increasing account security.
Understanding User Types
There are tens of millions of Macintosh users in the world today, performing a wide variety of tasks from accounting to layout to writing. However, in the context of Mac OS X, there are only three types of users: standard, administrator, and System Administrator.
Your user type doesn't dictate the tasks you can perform with the Macintosh, but it does determine the level of privileges you enjoy for changing how the Mac operates.
You can configure three types of users in Mac OS X:
- A standard user can use a basic set of applications and tools and is limited to making configuration changes that affect only
the user's account, such as what applications and files are opened when the user logs in and what picture is displayed as
the user's background pattern. A standard user cannot make changes to any settings that are system-wide (Security, Energy
Saver, Print & Fax, Network, Sharing, Accounts, Date & Time, and Startup Disk preferences). A standard user is also restricted
from using Directory Setup and NetInfo Manager to change configurations.
If a standard user attempts to make a system-wide modification, the user must authenticate with the user name and password of an administrator user before the changes can be made.
- An administrator user, or admin user, has basic use of the tools to configure and customize Mac OS X. The initial local account
configured in Setup Assistant is an administrator user.
One of the most powerful attributes of an administrator is that this user type can change settings on any of the panes in System Preferences. (If a pane displays an icon of a lock in the lower-left corner, it means that particular preference affects all users and requires authentication as an administrator to change.) An administrator can make changes using utilities such as NetInfo Manager. An administrator also can install applications and resources that may be used by all users on the system.
- A System Administrator (also called superuser or root) has read and write access to all settings and files on the system,
including hidden system files that a regular administrator account cannot modify.
By default, System Administrator is disabled. The user exists, but you can't log in using that account. Mac OS X was configured this way to help secure the computer and avert unintentional deletion of important files and folders. System Administrator can be enabled using either NetInfo Manager or the command line. When viewing items owned by System Administrator in the Finder, the Info window will usually show the owner as “system.”
Every user has certain attributes: long name, short name, password, and unique numeric user identification (UID). Although UID numbers aren't displayed in the user interface, Mac OS X uses the UID internally to identify users. These numbers can be viewed in NetInfo Manager or the command line. Each user account also has its own home folder in Users and owns any files that are created when someone is logged in as that user.