As you learned in Chapter 1, Mac OS X is truly a multiuser operating system. This offers many benefits to you, but it also means that when you use the OS, you have to log in as a particular user. When you do so, what you can see and do depends on the settings for the account you use to log in to the system.
When you first start up Mac OS X after installing it, it uses the automatic login mode because only one user account is created for it. This means you are logged in to the administrator account automatically and so you might not even realize that you have logged in. After your Mac starts up, the desktop appears as it has under previous versions of the OS. However, the machine has gone through the login process?it just entered all the required information for you automatically.
Each user account can have its own set of preferences and system resources tailored to that user. Many preferences are stored individually for each user account, so that aspect of the OS is unique to each user. A simple example is the desktop picture, which can be different for each user account. Other customizable aspects of the desktop, such as the Dock, are also specific to user accounts. Many applications also store preferences specific to each user account.
To disable automatic login without creating additional user accounts, open the System Preferences utility, select the Accounts icon, click the Login Options button, and uncheck the "Log in automatically as" check box.
User accounts also provide system security and control which parts of the machine a particular user can access.
One of the most important aspects of a user account is its Home folder or directory.
Directory Versus Folder
Under Mac OS X, the terms directory and folder are basically synonymous. Typically, non-GUI operating systems use the term directory, whereas GUI operating systems use the term folder. Because Mac OS X has Unix as its foundation and the term directory is used under Unix, you will see folders referred to as directories in many places. The reason for this is that you can access the Unix command line; when you access your Mac's files using the command line, the concept of folder doesn't really apply (because there is no graphical element to the user interface). Practically speaking, however, the terms are equivalent and are interchangeable. You will see that I use both throughout this book.
Each user account on your Mac has a Home folder. This folder contains folders that are used to store private files, public files, and system resources (such as preferences and keychains) for that user account. With two exceptions (the Public and Site folders), only someone logged in under a user account can access the folders in that user account's Home folder.
The exception to the general rule about accessing the folders in another user's Home folder is the root account. The root user account can access everything on your Mac and is outside the normal security provided by user accounts. You should use the root account only in special situations, and you really need to understand it before you use it.
To learn about the root account, see "Logging In As Root," p. 236.
To learn more about Mac OS X directories, see "Understanding Mac OS X Directories," p. 101.
A user's Home folder contains the folders shown in Figure 2.1.
Most of these folders are easy to understand. For example, the Documents folder is the default location in which the user stores documents he creates. The Desktop folder contains items that are stored on that user's desktop (which, by the way, means that each user account has a unique desktop), and so on.
You can quickly tell which user account is active by looking at the Home directory icon in the Finder window's Places sidebar, which is always located at the left side of Finder windows. It looks like a house for the current user's Home folder; the other Home directory icons are plain folders. The short name for a user account appears in the title bar of that user's Home folder (see Figure 2.1).
Only someone logged in as the user can access the contents of these folders?except for the Public and Sites folders that can be accessed by anyone using your Mac. Locked folders have an icon that includes a red circle with a minus sign (see Figure 2.2); this means that the folder is locked and you can't open it to view its contents. If another user attempts to open one of these protected folders, a warning message is displayed. Unlocked folders in another user's directory have the plain folder icon, which means their contents are accessible. Unlocked folders in the current user's Home directory have the decorative Mac OS X icons (refer to Figure 2.1).
The Public folder is accessible by users logged in under any account. Its purpose is to enable users to share documents and other resources. The items to be shared can be stored in this folder and other users can open the folder to get to them. The Public folder contains a Drop Box folder. This folder can be seen by other users and they can place files in it, but it can't be opened by anyone except the owner of the user account under which that drop box is stored.
The Sites folder contains files for that user's Web site.
To learn how to create and serve a Web site from the Sites folder, see "Using Mac OS X to Serve Web Pages," p. 446.
The Library folder is the only one in the Home directory that is not intended for document storage. It contains items related to the configuration of the user account and all the system-related files for that user account. For example, user preferences are stored here, as are font collections, addresses, keychains, and so on. Basically, any file that affects how the system works or looks that is specific to a user account is stored in the Library directory. You will learn more about the Library folder elsewhere in this book.
When you installed Mac OS X, you created the first user account. The account you created was actually an administrator account. Administrator accounts are special because they provide wide access to the system and are one of only two accounts that can control virtually every aspect of Mac OS X (the other being the root account). A user who logs in as an administrator for your Mac can do the following:
Create other user accounts? An administrator for your Mac can create additional user accounts. By default, these user accounts have more limited access to the Mac than does an administrator account, but you can allow other accounts to administer the Mac as well (in effect creating multiple administrator accounts).
Change global system preferences? The administrator can change global system settings for your Mac; other user accounts can't. For example, to change the network settings on your Mac, you must be logged in as the administrator (or you must authenticate yourself as an administrator).
Configure access to files and folders? An administrator can configure the security settings of files and folders to determine who can access those items and which type of access is permitted.
Install applications? Applications you install under Mac OS X require that you be logged in as an administrator or that you authenticate yourself as one.
When you attempt to perform an action that requires an administrator, such as those in the previous list, you will see an Authentication dialog box. To authenticate yourself, you enter a valid administrator account username and password and click OK (if you are currently logged in as an administrator, the username is filled in automatically). This enables you to perform that action.
In areas where you need to be authenticated to perform an action, you will see the Lock icon. When the Lock is "open," you are authenticated; when the Lock is "closed," you can click it to open the Authentication dialog box.
You should control who has access to the administrator accounts for your machine. If someone who doesn't understand Mac OS X?or who wants to cause you trouble?logs in with your administrator account, you might be in for all kinds of problems. You also need to ensure either that you can remember the username and password for an administrator account you set up or that you write them down. If you forget this vital information, you could have trouble later.
Administrator accounts are a fundamentally different concept for many Mac users. Traditionally, all areas of the operating system (such as control panels) were easily accessed by anyone who used the Mac. Unless you have used the Multiple Users feature of Mac OS 9, this is likely to be your experience. Although you can use the automatic login mode so that you don't have to log in to your Mac, the fact remains that Mac OS X is a multiuser system. To get the most out of it, you need to get comfortable with user accounts because whether you have to log in or not, you will always use user accounts under Mac OS X (unlike under previous versions of the OS in which user accounts were optional).