When you create multiple users in Mac OS X, each person who uses your MacBook — hence the term user — has a separate account (much like an account that you might open at a bank). Mac OS X creates a Home folder for each user and saves that user’s preferences independently from those of other users. When you log in to Mac OS X, you provide a username and a password, which identifies you. The username/password combination tells Mac OS X which user has logged on — and, therefore, which preferences and Home folder to use.
Each account also carries a specific level, which determines how much control the user has over Mac OS X and the computer itself. Without an account with the proper access level, for example, a user might not be able to display many of the panes in System Preferences.
The three most common account levels are
♦ Root: Also called System Administrator, this uber-account can change anything within Mac OS X — and that’s usually A Very Bad Thing, so it’s actually disabled as a default. (This alone should tell you that the Root account shouldn’t be toyed with.) For instance, the Root account can seriously screw up the UNIX subsystem within Mac OS X, or a Root user can delete files within the Mac OS X System Folder.
Enable the System Administrator account and use it only if told to do so by an Apple technical support technician. (And don’t forget to disable it immediately afterward!)
♦ Administrator: (Or admin for short.) This is the account level that you’re assigned when you install Mac OS X. The administrator account should not be confused with the System Administrator account!
It’s perfectly okay for you or anyone you assign to use an administrator account. An administrator can install applications anywhere on the system, create/edit/delete user accounts, and make changes to all the settings in System Preferences. However, an administrator can’t move or delete items from any other user’s Home folder within the Finder, and administrators are barred from modifying or deleting files in the Mac OS X System Folder.
A typical multiuser Mac OS X computer has only one administrator — like a teacher in a classroom — but technically, you can create as many administrator accounts as you like. If you do need to give someone else this access level, assign it only to a competent, experienced user whom you trust.
♦ Standard: A standard user account is the default in Mac OS X. Standard users can install software and save documents only in their Home folders and the Shared folder (which resides in the Users folder), and they can change only certain settings in System Preferences. Thus, they can do little damage to the system as a whole. For example, each of the students in a classroom should be given a standard-level account for the Mac OS X system that they share.
If Parental Controls are applied to a standard account, it becomes a managed account, allowing you to fine-tune what a standard account user can do. (I discuss Parental Controls at length in Topic III, topic 5.)
topic 5 of this minitopic covers the entire process of creating and editing a user account.
Working with the Guest account
The Guest account is a convenient method of granting someone temporary access to your MacBook — in fact, your guest doesn’t even need a password to log in! Your Guest account has all the attributes of a standard account, so the visitor has little chance of accidentally (or purposefully) damaging your system. However, after the guest user logs out, the Guest account is “flushed” and all the data and files that that person created using the account and stored in the guest’s Home directory are deleted automatically. (This allows the next guest to start with a clean slate.)
By default, the Guest account is disabled. To turn on this feature, open System Preferences, click Accounts, and then click the Guest Account entry in the list. (You may have to click the Lock icon in the lower-left corner of the Accounts pane and provide your admin password before you can continue.) Click the Allow Guests to Log In to This Computer check box to enable it.
Oh, and don’t forget that you can enable specific Parental Controls for the Guest account, just as you can for any other account. That should come in handy if your daughter has a slumber party coming up this weekend .
