Identifying Types of User Accounts
All user accounts are assigned a series of attributes. These attributes include a long name, short name, password, and UID (User ID). A UID is a behind-the-scenes mechanism that OS X employs to identify users by unique numeric designations. Three types of user accounts can be configured within OS X: root, administrator, and ordinary user.
Root
In Unix, the root account, which is sometimes referred to as the system administrator or the superuser account, has complete access to all settings and files within the operating system. When logged in via the root account, you are master of all that is within Mac OS X. The root account has complete control over all folders and files on your Mac, including the contents of the normally off-limits folder named System. Mac OS X is carefully organized so that users shouldn’t need to move, delete, rename, or otherwise change the system files and folders that are located in the folder named System and in several hidden folders. All the parts of Mac OS X that users may need to change are located in the main Library folder, where an administrator can change them, or in the Library folder inside each user’s home folder, where the user can change them. Additionally, the root account has unfettered access to all users’ folders and files. Be extremely careful; the root account operates without the safety net of Mac OS X’s security model and is generally used for the express purposes of system administration. Administration via the root account is something to grow into. As useful as the root account may be for administering an OS X system, for the less-skillful user there is an equal chance of really messing things up. Therefore, you’re better off working with administrator account if you are unsure of exactly what you are doing.
You don’t need to create a root user account, all OS X systems have a preexisting root account, but it is disabled by default. Apple intentionally designed Mac OS X in this fashion to prevent less-adroit users from breaking the OS. In order to gain access to the root account, you must first enable it. This is can be done via the NetInfo Manager, which is covered. In fact, all user accounts can be administered through the NetInfo Manager utility, although to do so is very difficult because Apple does not provide sufficient documentation on the operation of the NetInfo utility.
Administrator (Admin)
For day-to-day system administration, the admin account is where it’s at. The admin account has enough power to get the majority of the system administration tasks done without the potential liabilities associated with the root account. An admin user account provides access to all of Mac OS X’s system preferences and utilities, and it provides the ability to install applications and system-wide resources. An admin account also has the ability to create and manage other user accounts and enable the root account if needed within an OS X system. However, an administrator cannot view the contents of another user’s home folder. Table 14-1 lists system preference settings that can be changed only with an administrator account’s name and password.
| System Preferences Pane | Protected Settings |
|---|---|
| Date & Time | All settings except the menu bar clock settings |
| Energy Saver | All settings |
| Login | All login window settings but not the list of login items |
| Network | All settings except choosing a different location |
| Sharing | All settings |
| Software Update | Actual installation of updates (changing of update schedule not protected) |
| Startup Disk | System folder selected for startup |
| Accounts | All settings except current user’s password |
As mentioned in Chapter 1, the Mac OS X Installation Setup Assistant walks you through the initial configuration of the first administrator account. Within Mac OS X, there can be multiple admin accounts per OS X system. This is a useful feature in the event that one admin forgets his password and requires a password reset, which can only be accomplished by another accessible admin user account.
User
A user account belongs to a typical end user. A user account does not allow system-wide administration of Mac OS X. In fact, if a user attempts to install software, a screen with a padlock confronts him with the message that any installation requires an administrator’s authorization. A normal user account cannot modify system-wide preferences. These include Date & Time, Energy Saver, Login (Window), Network, Startup Disk, and Users. Normal users typically have the ability to modify any other preference that pertains to their own user account.
Groups
Within the Unix security model, groups are typically used to simplify the assignment of system access to a series of users intended to share the same level of system access. There are three preset groups within Mac OS X: admin, staff, and wheel. Mac OS X automatically handles the assignment of groups. The staff is the standard group all user accounts are assigned to. Admin users are also members of the admin and wheel groups. The admin and wheel groups have access to make system-wide changes. Just as users are assigned unique numerical user IDs, all groups have uniquely assigned GID (Group ID) as well. Mac OS X does not provide an easy-to-use GUI for managing groups, although they can be managed through the NetInfo Manager as well as via the command line.
EAN: 2147483647
Pages: 290