Special Edition Using Mac OS X Tiger

As you read in Chapter 1, Mac OS X is truly a multiuser operating system. This offers many benefits to you, but it also means that when you use the OS, you have to log in as a particular user. When you do so, what you can see and do depends on the settings for the user account you use to log in to the system. Understanding and managing the user accounts on your Mac is critical to getting the most from your computer.

NOTE

When you first start up Mac OS X after installing it, you didn't need to select a user account to log in. That's because by default Mac OS X uses the automatic login mode, which means that a designated user account is selected by your Mac automatically when it starts up. Because your Mac does it for you, you might not even realize that you have logged in. After your Mac starts up, the desktop appears just like when you log in to a user account manually. However, your Mac has gone through the login processit just entered all the required information for you automatically.

Understanding User Accounts

Each user account on your Mac has its own set of preferences and resources that are specific to that user account.

Many preferences are stored individually for each user account, so how the OS looks and works is mostly unique to each user. A simple example of user account customization is the desktop picture, which is stored as a preference within each user account; this means that for each account, the user's desktop can look different. Most other customizable aspects of Mac OS X, such as the Dock, are also specific to each user account. Many applications can also store preferences specific to each user account so that those applications can be tailored to each person who uses your Mac.

TIP

To disable automatic login without creating additional user accounts, open the System Preferences application, select the Accounts icon, click the Login Options button, and uncheck the "Automatically log in as" check box.

Equally important is that under Mac OS X, user accounts also define a user's ability to perform specific actions that are either allowed or denied by the account's security privileges. Actions controlled by a user's account security privileges include whether the user can view or change specific files, change certain system preferences, and so on. For example, a user account must have administrator privileges to modify a Mac's network settings. You'll learn much more about Mac OS X security features later in this book.

User account's also come with a set of resources to which only the user has access. Most of these are contained in the user's Home folder.

Directory Versus Folder

Under Mac OS X, the terms directory and folder are basically synonymous. Typically, non-GUI operating systems use the term directory, whereas GUI operating systems, such as Mac OS X, use the term folder. Because Mac OS X has Unix as its foundation and the term directory is used under Unix, you will see folders referred to as directories in many places. The reason for this is that you can access the Unix command line; when you access your Mac's files using the command line, the concept of folder doesn't really apply (because there is no graphical element to the user interface). Practically speaking, however, the terms are equivalent and are interchangeable. You will see that I use both throughout this book.

Understanding the Home Folder

Each user account on your Mac has a Home folder. This folder contains folders that are used to store private files, public files, and system resources (such as preferences and keychains) for that user account. With two exceptions (the Public and Site folders), only someone logged in under a user account can access the folders in that user account's Home folder.

NOTE

The exception to the general rule about accessing the folders in another user's Home folder is the root account. The root user account can access everything on your Mac and is outside the normal security provided by user accounts. You should use the root account only in special situations, and you really need to understand it before you use it.

To learn about the root account, p. 253.

To learn more about Mac OS X directories, p. 109.

By default, a user's Home folder contains the folders shown in Figure 2.1. However, you can create additional folders within your Home folder if you'd like to. And, of course, you can create additional folders within the default folders contained in your Home folder as well.

Figure 2.1. Every user account on your Mac has a Home folder; this folder contains folders that only that user can access (except for the Public and Sites folders).

Most of these folders are easy to understand because they are used to organize a user's files. For example, the Documents folder is the default location in which the user stores documents he creates. The Desktop folder contains items that are stored on that user's desktop (which, by the way, means that each user account has a unique desktop), and so on.

Some applications will automatically select a folder when storing files. For example, when you add music files to your iTunes Library, they are stored in the Music folder. Likewise, when you create movies with iMovie, they are stored in the Movies folder.

TIP

You can quickly tell which user account is active by looking at the Home directory icon in the Finder window's Places sidebar, which is always located at the left side of Finder windows. It looks like a house for the current user's Home folder; the other Home directory icons are plain folders. The short name for a user account appears in the title bar of that user's Home folder (in Figure 2.1, the currently logged in account is called bradm).

Only someone logged in under a user account can access the contents of the folders in that user's Home folderexcept for the Public and Sites folders that can be accessed by anyone using your Mac. Locked folders have an icon that includes a red circle with a minus sign (see Figure 2.2). If someone other than those who have permission attempts to open one of these protected folders, they only see a warning message and not any of the contents of the protected folder. Accessible folders in another user's directory have the plain folder icon, which means their contents are available to that user. Unlocked default folders in the current user's Home directory have the decorative Mac OS X icons (refer back to Figure 2.1). (Folders you create will have the generic folder icon but will be protected in the same way as the default folders.)

Figure 2.2. When you view another user's Home directory, the protected folders are marked with the minus icon to indicate that their contents are inaccessible to you.

NOTE

Notice in Figure 2.2 that the title of the window shown is "kidsaccount." This is the name of another user account; you can tell that it isn't the one currently logged in because it doesn't appear in the Places sidebar nor does its icon look like a house.

There are three folders in each Home folder that don't behave like the others; those are the Public, Sites, and Library folders.

Working in the Public Folder

A user's Public folder is accessible by users logged in under any account (see Figure 2.3). Its purpose is to enable users to share files that are stored within different user accounts on the same computer. To share your files with other users, simply store them in your Public folder. Other users can then open your Public folder to get to those files. Likewise, to access files other users have shared with you, you can open their Public folder.

Figure 2.3. In this example, I've opened another user's Public folder; I can work with any files it contains (as can other users) or I can place files in the Drop Box folder.

As you can see in Figure 2.3, the Public folder also contains a Drop Box folder. This folder can be seen by other users and they can place files in it, but it can't be opened by anyone except the owner of the user account under which that drop box is stored. This is useful when you want other users to be able to transfer files to you, but you want those files to be hidden from other users.

Working the Sites Folder

The Sites folder contains files for each user's Web site. Part of each user account's resources is a wbsite that can be accessed over a local network, from another user's account, or from the Internet (depending on how the Mac's Internet access is configured). You place the files for a user's account's website in the Sites folder to publish that site.

Working in the Library Folder

The Library folder is the only one in the Home directory that is not intended for document storage. It contains items related to the configuration of the user account and all the system-related files for that account. For example, user preferences are stored here, as are font collections, addresses, keychains, and so on. Basically, any file that affects how the system works or looks that is specific to a user account is stored in the Library directory. You won't usually access this folder unless you are troubleshooting problems; you will learn more about the Library folder later in this book.

Understanding the Administrator Account

When you installed Mac OS X, you created the first user account. The account you created was actually an administrator account. Administrator accounts are special because they provide wide access to the system and are one of only two accounts that can control virtually every aspect of Mac OS X (the other being the root account). A user who logs in as an administrator for your Mac can do the following:

  • Create other user accounts An administrator for your Mac can create additional user accounts. By default, these user accounts have more limited access to the Mac than does an administrator account, but you can allow other accounts to administer your Mac as well (you can create multiple administrator accounts).

  • Change global system preferences The administrator can change global system settings for your Mac; other user accounts can't. For example, to change the network settings on your Mac, you must be logged in as the administrator (or you must authenticate yourself as an administrator).

  • Configure access to files and folders An administrator can configure the security settings of files and folders to determine who can access those items and which type of access is permitted.

  • Install applications Applications you install under Mac OS X require that you be logged in as an administrator or that you authenticate yourself as one.

When you attempt to perform an action that requires an administrator, such as updating your software via the Software Update tool, you will see an Authentication dialog box. To authenticate yourself, you enter a valid administrator account username and password and click OK (if you are currently logged in as an administrator, the username is filled in automatically). After you have been authenticated, you can perform that action.

In areas where you need to be authenticated to perform an action, you will see the Lock icon. When the Lock is "open," you are authenticated (see Figure 2.4). When the Lock is "closed," you can click it to open the Authentication dialog box.

Figure 2.4. The Lock icon, here shown in the System Preferences application, indicates whether you are currently authenticated as an administrator.

You should control who has access to the administrator accounts for your machine. If someone who doesn't understand Mac OS Xor who wants to cause you troublelogs in with your administrator account, you might be in for all kinds of problems. You also need to ensure either that you can remember the username and password for an administrator account you set up or that you write them down. If you forget this vital information, you could have trouble later.

NOTE

Administrator accounts are a fundamentally different concept for some Mac users. Traditionally, all areas of the operating system (such as control panels) were easily accessed by anyone who used the Mac. Although you can use the automatic login mode so that you don't have to log in to your Mac, the fact remains that Mac OS X is a multiuser system. To get the most out of it, you need to get comfortable with user accounts because whether you have to log in or not, you will always be utilizing user accounts under Mac OS X at some level.

Understanding Parental Controls

In Mac OS X version 10.4, user accounts also include the parental controls feature. This feature enables you to tighten the security of a user account in specific situations, such as for email, web browsing, and so on. For example, you can set the specific people with whom the user can exchange email.

NOTE

The ability to limit a user account's access to specific applications has been part of Mac OS X since version 10.0. This function is under the Finder & System part of the Parental Controls option under version 10.4.

While this feature is primarily intended to be used for younger people, it can be useful for any user account that you want to set some limits on.

Категории