< Day Day Up > |
12.1. Introducing AccountsThe concept of user accounts is central to Tiger's security approach. Like the Unix under its skin (and also like Windows XP and Windows 2000), Mac OS X is designed from the ground up to be a multiple-user operating system. You can configure a Mac OS X machine so that everyone must log in ”that is, you have to click or type your name and type in a password ”when the computer turns on. Upon doing so, you discover the Macintosh universe just as you left it, including these elements:
This system means that several different people can use it throughout the day, without disrupting each other's files and settings. It also protects the Mac from getting fouled up by mischievous (or bumbling) students, employees , and hackers. If you're the only person who uses your Mac, you can safely skip most of this chapter. The Mac never asks you for the name and password you made up when you installed Mac OS X (at least not at startup time), because Apple's installer automatically turns on something called automatic login (Section 12.5). You will be using one of these accounts, though, whether you realize it or not. Furthermore, when you're stuck in line at the Department of Motor Vehicles, you may find the concepts presented here worth skimming, as certain elements of this multiple-user system may intrude upon your solo activities ”and figure in the discussions in this book ”from time to time. Tip: Even if you don't share your Mac with anyone and don't create any other accounts, you might still be tempted to learn about the accounts feature because of its ability to password-protect the entire computer. All you have to do is to turn off the automatic login feature described on Section 12.5. Thereafter, your Mac is protected from unauthorized fiddling when you're away from your desk or when your laptop is stolen. 12.1.1. The First AccountWhen you first installed Mac OS X, whether it was 10.4 or an earlier version, you were asked for a name and password. You may not have realized it at the time, but you were creating the first user account on your Macintosh. Since that fateful day, you may have made a number of changes to your desktop ”adjusted the Dock settings, set up your folders and desktop the way you like them, added some favorites to your Web browser, and so on ”without realizing that you were actually making these changes only to your account . You've probably been saving your documents into your own Home folder, which is the cornerstone of your own account. This folder, generally named after you and stashed in the Users folder on your hard drive, stores not only your own work, but also your preference settings for all the programs you use, special fonts that you've installed, your own email collection, and so on. Now then: Suppose you create an account for a second person. When she turns on the computer and signs in, she finds the desktop exactly the way it was factory-in-stalled by Apple ”blue swirling desktop picture, Dock along the bottom, the default Web browser home page, and so on. She can make the same kinds of changes to the Mac that you've made, but nothing she does affects your environment the next time you log in. In other words, the multiple-accounts feature has two components : first, a convenience element that hides everyone else's junk; and second, a security element that protects both the Mac's system software and everybody's work.
12.1.2. Administrator vs. Standard AccountsIf you like the idea of this multiple-accounts business, begin by opening System Preferences (Chapter 9). In the System Preferences window, click Accounts. The screen shown in Figure 12-2 appears, showing the list of everyone who has an account. If you're new at this, there's probably just one account listed here: yours. This is the account that Mac OS X created when you first installed it. 12.1.2.1. Administrator accountsIf this is your own personal Mac, just beneath your name on this panel, it probably says Admin . This, as you could probably guess, stands for Administrator. Because you're the person who originally installed Mac OS X, the Mac assumes that you are its administrator ”the technical wizard in charge of it. You're the teacher, the paren't, the resident guru. You're the one who will maintain this Mac. Only an administrator is allowed to:
The administrator concept may be new to you, but it's an important pill to swallow. For one thing, you'll find certain settings all over Mac OS X that you can change only if you're an administrator ”including many in the Accounts pane itself (see Figure 12-2). For another thing, administrator status plays an enormous role when you want to network your Mac to other kinds of computers, as described in the next chapter. And finally, in the bigger picture, the fact that the Mac has an industrial-strength accounts system, just like traditional Unix and Windows 2000 operating systems, gives it a fighting chance in the corporations of America. As you create accounts for other people who'll use this Mac, you're offered the opportunity to make each one an administrator just like you. Needless to say, use discretion. Bestow these powers only upon people as responsible and technically masterful as yourself. 12.1.2.2. Standard accountsAnyone who isn't an administrator is probably an ordinary Standard account holder (Figure 12-2). These people have everyday access to their own Home folders and to some of the System Preferences, but most other areas of the Mac are off-limits. Mac OS X won't even let them create new folders on the main hard drive, except inside their own Home folders (or in the Shared folder described later). A few of the System Preferences panels contain a padlock icon like the one in Figure 12-2. If you're a Standard account holder, you can't make changes to these settings without the assistance of an administrator. Fortunately, you aren't required to log out so that an administrator can log in and make changes. You can just call the administrator over, click the padlock icon, and let him type in his name and password (if, indeed, he feels comfortable with you making the changes you're about to make). |
< Day Day Up > |