How to Set Access and Permissions Preferences in Mac OS X Lion
2 of 10 in Series: The Essentials of File and Folder Permissions in Mac OS X Lion
Macintosh file sharing (and indeed, Mac OS X Lion as well) is based on the concept of users. You can share items with no users, one user, or many users, depending on your needs and what you tell your Mac about who is allowed to see and access specific folders.
Users: People who share folders and drives (or your Mac) are users. A user’s access to items on your local hard drive is entirely at your discretion.
When you first set up your Mac, you created your first user. This user automatically has administrative powers, such as adding more users, changing preferences, and having the clearance to see all folders on the hard drive.
Administrative users: Although a complete discussion of the special permissions that a user with administrator permissions has on a Mac running Mac OS X is very complex, note two important things:
The first user created (usually when you install OS X for the first time) is automatically granted administrator (Admin) powers.
Only an administrator account can create new users, delete some (but not all) files from folders that aren’t in his or her Home folder, lock and unlock System Preferences panes, and a bunch of other stuff. If you try something and it doesn’t work, make sure you’re logged in as an Administrator or can provide an Administrator username and password when prompted.
You can give any user administrator permissions by selecting that user’s account in the Users & Groups System Preferences pane and then selecting the Allow User to Administer This Computer check box. You can set this check box when you’re creating the user account or do it later, if that works for you.
Groups: Groups are Unix-level designations for privilege consolidation. A user can be a member of multiple groups.
Guests: Two kinds of guests exist. The first kind lets your friends log into your Mac while sitting at your desk without user accounts or passwords. When they log out, all information and files in the guest account’s Home folder are deleted automatically.
If you want this kind of guest account, you need to enable the Guest Account in the Users & Groups System Preferences pane. To do so, click the Guest Account in the list of accounts on the left and then select the Allow Guests to Log In to This Computer check box.
The second kind of guest is people who access Public folders on your Mac via file sharing over your local area network or the Internet. They don’t need usernames or passwords. You don’t have to do anything to enable this type of guest account.