Users, Groups, and Guests Defined for File Sharing on Macs
Macintosh file sharing (and indeed, OS X Mountain Lion as well) is based on the concept of users. You can share items — such as drives or folders — with no users, one user, or many users, depending on your needs.
Users: People who share folders and drives (or your Mac) are users. A user’s access to items on your local hard drive is entirely at your discretion. You can configure your Mac so only you can access its folders and drives, or so only one other person or group — or everyone — can share its folders and drives.
When you first set up your Mac, you created your first user. This user automatically has administrative powers, such as adding more users, changing preferences, and having the clearance to see all folders on the hard drive.
For most intents and purposes, a remote user and a local user are the same. Here’s why: After you create an account for a user, that user can log in to your Mac while sitting in your chair in your office; from anywhere on your local area network via Ethernet; or anywhere in the world via the Internet if you give him or her an Administrator, Standard, or Managed account.
Administrative users: Although a complete discussion of the special permissions that a user with administrator permissions has on a Mac running OS X is far beyond the scope of this article, note two important things:
The first user created (usually when you install OS X for the first time) is automatically granted administrator (Admin) powers.
Only an administrator account can create new users, delete some (but not all) files from folders that aren’t in his or her Home folder, lock and unlock System Preferences panes, and a bunch of other stuff. If you try something and it doesn’t work, make sure you’re logged in as an Administrator or can provide an Administrator username and password when prompted.
You can give any user administrator permissions by selecting that user’s account in the Users & Groups System Preferences pane and selecting the Allow User to Administer This Computer check box. You can select this check box when you’re creating the user account or subsequently, if that works for you.
Groups: Groups are Unix-level designations for privilege consolidation. For example, there are groups named staff and wheel (as well as a bunch of others). A user can be a member of multiple groups. For example, your main account is in the wheel and Admin groups (and others, too). Don’t worry — you find out more about groups shortly.
Guests: Two kinds of guests exist. The first kind lets your friends log into your Mac while sitting at your desk without user accounts or passwords. When they log out, all information and files in the guest account’s Home folder are deleted automatically.
If you want this kind of guest account, you need to enable the Guest Account in the Users & Groups System Preferences pane. To do so, click the Guest Account in the list of accounts on the left and select the Allow Guests to Log In to This Computer check box.
The second kind of guest is people who access Public folders on your Mac via file sharing over your local area network or the Internet. They don’t need usernames or passwords. If they’re on your local network, they can see and use your Public folder(s), unless you or the Public folder’s owner has altered the permissions.
If they’re on the Internet and know your IP address, they can see and use your Public folder(s) if you don’t have a firewall blocking such access. Public folders are all that guests can access, luckily. You don’t have to do anything to enable this type of guest account.