Publishers of technology books, eBooks, and videos for creative people

Home > Articles > Apple > Operating Systems

Macintosh Reference Guide

Hosted by

Toggle Open Guide Table of ContentsGuide Contents

Close Table of ContentsGuide Contents

Close Table of Contents

Accounts

Last updated Feb 25, 2005.

As far as Mac OS X is concerned, there are only three types of user accounts: superuser, administrator, and normal. Your user type determines the level of privileges you enjoy for changing how the Mac operates:

  • The superuser (also called the root user) has read and write access to all settings and files on the system, including hidden system files that a regular administrator account can't modify.
  • Administrators get basic use of the tools to configure and customize Mac OS X. An administrator can also install applications and resources that can be used by all users on the system.
  • Normal users are limited to making configuration changes that affect only their own accounts; they can't change system-wide preferences.

Any given Mac OS X computer has only one superuser and at least one administrator, but any number of normal users. By default, the first account that's set up during the installation of Mac OS X is an administrator.

To manage user accounts, choose Apple > System Preferences, then click Accounts (see the following figure).

Figure 122

Figure 122 Any administrator can change the accounts of other users.

All accounts are listed at the left of the Accounts preferences window. Below each user's long name is an indication of the type of user. Administrators are listed as Admin, and normal users are listed as Standard or Managed, depending on the Parental Controls settings. (I'll explain these options shortly.)

Each user account also has its own home folder in /Users and owns any files that are created when someone is logged in as that user. The superuser is not a standard user account and doesn't appear in this list, nor does it have a home directory.

In this section, I'll briefly show you how to manage the basic preferences for an account, but for complete details, see the section "Managing User Accounts." Just to be on the safe side, rather than make changes to your existing administrator account, let's create a new account to use while we explore the options available in each pane. To create a new account, click the Add User (plus sign) button (see the following figure).

Figure 123

Figure 123 Every new user account needs a name, but passwords are optional.

At the very least, you must provide a long name and a short name for a new user. A password is optional, but strongly recommended for all users. Notice the small icon of a key to the right of the Password text field. Click this to open the Password Assistant.

The user account information is divided into four panes: Password, Picture, Login Items (available only when you're configuring your own account), and Parental Controls. The following list briefly explains each option:

  • Password. Change the user's long name, reset the user's password and an optional password hint, and change a standard user into an administrator, or vice versa.
  • Picture. Select a picture to appear next to the user's name in the login window. This picture is also used in "My Card" in Address Book and as the default picture in iChat.
  • Login Items. If you're modifying your own account, you can specify which items to open automatically when you log in. Items can be a mix of applications, documents, and even servers.
  • Parental Controls. When an administrator user modifies a normal account, the Parental Controls pane (called Limitations in 10.3 and Capabilities in 10.2) allows the administrator to limit what the user can do on the computer.

To apply your changes, just switch to another pane, add a new user, or quit System Preferences.

Setting Login Options

If you've authenticated as an administrator, you can configure login options for the computer. In Accounts preferences, click the Login Options button (see the following figure).

Figure 124

Figure 124 Only after authenticating as an administrator can you change login options.

If your Mac has only one account and is in a secure location, you may soon tire of having to log in manually. If that's the case, select the "Automatically log in as" checkbox and choose a user from the corresponding pop-up menu. You will be prompted for the password (if any) for that account. The next time the computer boots, Mac OS X automatically logs into that account. Be aware that enabling this option nullifies the benefit of protecting your data with FileVault.

If you have only a few accounts on this computer, you may want to display the list of all users in the login window. This setting is somewhat insecure in that it gives potential hackers half the information they need (a valid user name) to break into your computer. If security is a concern, or you have so many accounts that the login window can't display them all comfortably without scrolling, display only the name and password fields. This setting forces users to enter a valid user name and password to log in.

You can also hide the Sleep, Restart, and Shut Down buttons in the login window. This feature is an attempt to keep other users from restarting in an insecure mode, but they can always circumvent this setting by using the physical restart or power buttons on the computer itself.

New in Tiger are the options for showing the Input menu in the login window (potentially necessary for proper input of passwords when using non-standard keyboards or language mappings), using VoiceOver at the login window (helpful for visually-impaired users), as well as whether to show password hints in the login window (not recommended if security is important).

Finally, you can enable fast user switching (discussed in the section "Managing User Accounts") in the Login Options pane. This feature lets multiple users share a computer without quitting applications and logging out. If fast user switching is enabled, the pop-up menu below determines whether the User menu at the far right of the menu bar displays the current user's name, short name, or just an icon of a silhouette. Unless your menu bar is crowded with lots of menu extras, I recommend the default setting of "View as name." Regardless of what you choose, when you actually click the User menu, all accounts are displayed in alphabetical order, complete with pictures and long names.

Deleting User Accounts

As an administrator, you can use Accounts preferences to delete any user account that is no longer necessary, with the exception that at least one administrator account is required.

To delete an account, select it and then click the Delete User (minus sign) button. The system asks whether you want to delete all of the user's files immediately or save them, just in case. If you're certain you'll never need anything in the user's home folder, click Delete Immediately. On the other hand, if you click OK, the user's home folder is saved as a disk image file in /Users/Deleted Users. If files ever need to be retrieved from a deleted user's account, an administrator can mount the disk image and copy the needed files.