Understanding Access Rights and Privileges in Mac OS X (Jaguar) - dummies

Understanding Access Rights and Privileges in Mac OS X (Jaguar)

By Bob LeVitus

Before you can share your Mac with other users or share files over a network, you need to tell your Mac who is allowed to do what.

Macintosh file sharing (and indeed, Mac OS X as well) is based on the concept of users. Shared items — drives or folders — can be shared with no users, one user, or many users, depending on your needs.

  • Users: People who share folders and drives (or your Mac) are users. A user’s access to items on your local hard drive is entirely at your discretion. You can configure your Mac so that only you can access its folders and drives or so that only one other person (or everyone) can share its folders and drives.
    When you first set up your Mac, you created your first user. This user automatically has administrative powers, such as adding more users, changing preferences, and having the clearance to see all folders on the hard drive.
    For all intents and purposes, a remote user and a local user are the same. In other words, after you create an account for a user, that user can log on to this Mac while sitting in your chair in your office or log on to this Mac from a remote location via AppleTalk/Ethernet or the Internet.
  • Administrative users: Although a complete discussion of the special privileges that a user with administrator privileges has on a Mac running Mac OS X is far beyond the scope of this article, note two important things:

• The first user created (usually when you install Mac OS X for the first time) is automatically granted administrator (admin) powers.

• Only an administrator can create new users, delete some (but not all) files from folders that aren’t in his or her Home folder, lock and unlock System Preference panes, and a bunch of other stuff. If you try something and it doesn’t work, make sure that you’re logged in as a user with admin privileges.

    You can give any user administrator privileges by selecting that user’s account, clicking the Edit User button, and then selecting the Allow User to Administer This Machine check box in the sheet that drops down. You’ll find this check box when you create a new user or edit an existing user in the Accounts System Preference pane.
  • Groups: Groups are UNIX-level designations for privilege consolidation. For example, there are groups named “staff” and “wheel” (as well as a bunch of others). Your main account is, for example, is in the wheel group.
    If you’re wondering whether you can create

your own

    groups, as you could under Mac OS 9 and earlier Mac operating systems, the answer is, well, yes and no. If you want to delve into the intricacies of the NetInfo Manager application to do it yourself, then “Yes;” but if you don’t, then the answer is “No, please don’t.” UNIX-related tasks such as this are far beyond the scope of this article. Very far beyond. . . .
  • Guests: Those who access public folders on your Mac via file sharing are guests. They don’t need a username or password. If they’re on your network, they can see and use your public folder(s). If they’re on the Internet and know your IP address, they can see and use your Public folder(s). Public folders are all that guests can access, luckily.