You are on page 1of 15

3/25/12

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer

Accounts and Permissions Introduction Course Overview Account Types Creating Accounts Group Accounts Deleting Accounts Advanced Account Settings Permissions Issues with Permissions Repairing Permissions Symptoms & Fixes Troubleshooting Practice Learning Resources

OS X Lion: Accounts and Permissions


Introduction

This course covers user accounts and permissions and how they work together to make OS X Lion one o most secure operating systems available.

It is important to recognize the roles accounts and permissions play and how they work together. You w encounter customer issues that can be traced to their misuse.

Course Overview

Course Objectives
Identify the different types of accounts and their capabilities Create, configure, manage and delete user and group accounts Explain how OS X Lion securely stores and shares files amongst multiple users Demonstrate how access controls are used to enhance security Determine and resolve common issues related to accounts and permissions

Audience
Contact Us Printer Friendly

Technicians who wish to troubleshoot and service Mac computers

Prerequisites

OS X Lion: Basics, Installation, Startup, File System, Applications

Time Required

60 minutes

You will need...

OS X Lion (10.7),

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer

1/15

3/25/12

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer
Mac computer, Printer and Internet connection

Account Types

User accounts allow you to create a secure working environment, whether your computer has one user multiple users.

If several people regularly use your Mac, you should create a user account for each person. User accoun you manage what users see, protect users privacy, and ensure that only people youve authorized can g access to your Mac.

Each user account...


has a separate home folder as well as the ability to adjust preferences without affecting other users.

Accounts Types

1. Administrator An administrator account user can create, delete, and modify accounts, install software, and chang system settings. Administrators can make changes to locked preferences in System Preferences, in software, and perform a variety of tasks that other users cant. The first user account created when initially set up OS X Lion is an administrator account. Note: Administrators can unlock FileVault encrypted volumes at the login window.

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer

2/15

3/25/12

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer
2. Standard cant administer other accounts.

Standard users can install software for their own use and change settings related to their accounts,

3. Managed with Parental Controls For these accounts, the administrator can restrict access to applications and inappropriate content, limit the amount of time users can use the computer.

4. Sharing Only Sharing-only users on your network can access shared files remotely, but cant log in or change se on the computer.

5. Group A group account consists of one or more other accounts and is used for setting privileges for share

Concerned about security?


Because administrators can make broad changes to the computer configuration, limit the number of administrator accounts you create on your Mac . Always protect administrator accounts with a secure password.

Guest Accounts

If you want others to be able to temporarily use your Mac, enable the guest account. A guest user can lo without entering a password.

Guest users cant make changes to other user accounts or change computer settings, and they cant log remotely. Parental controls can be used to manage a guest account. Note: When FileVault is enabled, the Guest account login feature is disabled.

Repairing Permissions
Repairing permissions can resolve system level related issues or problems.

1. Choose Apple menu > Software Update to make sure you have the latest version of Mac OS X. Software updates sometimes change a files permissions to improve security, so updating your soft can solve some permissions problems. 2. Open Disk Utility, in the Utilities folder in Launchpad.

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer

3/15

3/25/12

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer

3. Select the disk you want to check. You can verify or repair permissions only on a disk with Mac OS X v10.7 Lion installed. 4. Click First Aid. 5. Do one of the following: Click Verify Disk Permissions to test permissions. Click Repair Disk Permissions to test and repair permissions.

Run Disk Utility from an OS X Lion Volume

Permissions should be repaired while started up from an OS X Lion volume. Software updates to the ope system may have changed permissions on some files. Running Disk Utility while started from the OS X L volume ensures updates are preserved and applied accordingly.

Upgrading to OS X Lion?

You don't need to repair disk permissions prior to installing OS X Lion. The Installer will do this automa

Creating Accounts
service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer 4/15

3/25/12

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer

Creating Accounts

To create a user account, you must be an administrator for your computer. The account you created wh first set up your Mac is an administrator account. 1. Choose Apple menu > System Preferences, and then click Users & Groups. 2. Click the lock icon to unlock it, and type an administrator name and password. 3. Click Add (+) below the list of accounts.

4. Choose a type of account from the New Account pop-up menu.

5. Enter a full name for the account. An account name is generated automatically. If you want to use a different account name, enter it n After the account is created, you cant change the account name. The account name is used to nam users home folder, and can be used as the login name.

6. Enter the account password in the Password and Verify fields, and then enter a hint to help the use remember the password. 7. Click Create User.

Administrator Privileges
To give the user administrator privileges, select Allow user to administer this computer.

Instead of a password, use an Apple ID.

1. Enter for file and screen sharing Click Set next to Apple ID. The user youre creating must have an account on his or her computer t the same Apple ID associated with it.

2. Reset user password in the login window The user must first log in, click the Change button next to the Apple ID field, and then enter the pa associated with the Apple ID. Finally, select Allow user to reset password using Apple ID..

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer

5/15

3/25/12

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer

Learning Activity
1. 2. 3. 4. 5. 6. 7.

Choose Apple menu > System Preferences, and then click Users & Groups. Click the lock icon to unlock it, and type an administrator name and password. Select Enable parental controls. Click Open Parental Controls. Select Create a new user account with parental controls, click Continue. Enter user account information, click Continue. Go through the Apps, Web, People, Time Limits and Other menus to familiarize yourself with how P Controls can limit access.

Troubleshooting Practice

Taken from the experiences of Apple service personnel, here is a troubleshooting scenario involving the concepts presented in this course.

Scenario: Applications Not Loading or Acting Strange

A customer brings in her Mac. She says her some of her applications are loading. In addition, some of t other applications are acting strange. What procedures should you follow? Click here to view answer

Group Accounts

A group account is an account that gives the same privileges to two or more users. When you assign sp file access privileges to a group, all members of the group share those access privileges. It is convenien timesaving as it eliminates the need to configure permissions for each user.

Who can join a group?


Individual or sharing only users and existing groups can become members of a new group.

Creating a Group Account

1. Choose Apple menu > System Preferences, then click Users & Groups. 2. Click the lock icon in the lower-left corner to unlock it, and then type an administrator name and password. 3. Click the Add button (+) in the lower left. 4. Select Group from the New Account menu. 5. Name your group.

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer

6/15

3/25/12

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer
6. Assign users to the group.

Setting Permissions for a Group

1. In the Finder, select the file or folder. 2. Choose File > Get Info. 3. Use the Sharing & Permissions pane to assign the appropriate permission to the group. (Read only or Read & Write)

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer

7/15

3/25/12

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer

Deleting Accounts

If you have an administrator account, you can delete user accounts on your computer that are no longe needed. 1. Choose Apple menu > System Preferences. 2. Click Users & Groups. 3. Click the lock icon to unlock it, and then type an administrator name and password. 4. Select the user account you want to delete, and then click Delete (-) below the account list. 5. Select one of these options:

A. Save the home folder in a disk image Saves the folder as a disk image in /Users/Deleted Users/ B. Dont change the home folder Leaves the home folder in /Users/ C. Delete the home folder Removes it from the computer.

Note: If you want to prevent programs that read raw data from retrieving any files, select Erase ho folder securely. 6. Click OK.

Advanced Account Settings

Warning

These accounts settings are only for advanced users. Specifically, misuse of the User ID and UUID can d user accounts.

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer

8/15

3/25/12

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer

Accessing Advanced Account Settings


1. Choose Apple menu > System Preferences. 2. Click Users & Groups. 3. Click the lock icon to unlock it, and then type an administrator name and password. 4. Control-click an account name to access its advanced settings.

How do I rename my home directory?

When customers set up their Mac computers, they often don't realize that the automatically generated s name is also the name of their home directory. OS X Lion does not allow you to rename your home dire the Finder. Using the advanced settings, you can change the short name and choose or create a new home folder.

Advanced Settings for Group Accounts


Like user accounts, you can Control-click a group name to access its advanced settings:

Permissions
Permission settings determine who can view and alter disks, folders, and files.

Assign permissions to users and groups

1. Select a disk, folder, or file, and then choose File > Get Info.

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer

9/15

3/25/12

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer

2. If the Sharing & Permissions pane isn't visible, click the disclosure triangle to show it.

3. If you dont own the item, click the lock icon to enter an administrators name and password.

4. Select a user or group from the Name column, and then choose one of the following from the popmenu in the Privileges column: Read & Write: Allows a user to open the item and change it. Read Only: Allows a user to open the item, but not change its contents.

Write Only: Makes a folder into a drop box. Users can copy items to the drop box, but cant ope drop box. Only the owner of the drop box can open it. No Access: Blocks all access to the item.

Apply permissions to all items in a folder or a disk


You can apply a folders or a disks permissions to every item in the folder or disk. 1. Select a folder or a disk, and then choose File > Get Info.

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer

2. Click the lock icon to enter an administrators name and password.

10/15

3/25/12

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer
2. Click the lock icon to enter an administrators name and password. 3. Choose "Apply to enclosed items" from the Action pop-up menu (looks like a gear).

Change an items owner


1. Select the item, and then choose File > Get Info.

2. Click the lock icon to provide an administrators name and password.

3. If the new owners name isnt listed in the Name column in the Sharing & Permissions section, click (+) to add the new owner.

4. Select the new owner in the Name column, and then choose Make <selected name> the owner fro Action pop-up menu (looks like a gear).

Need to undo permission changes?


You can undo any changes made in the Sharing & Permissions section of an Info window since opening (except applying permissions to all the items in a folder or disk).

1. Make sure the Info window remains open after making your changes. 2. Choose Revert changes from the Action pop-up menu (looks like a gear).

Learning Activity

1. Select a file of your choice, and then choose File > Get Info. 2. Go through and familiarize yourself with the General, More Info, Name & Extension, Open with and Preview panes. (If the panes aren't visible, click the disclosure triangle to show it.)

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer

11/15

3/25/12

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer

Issues with Permissions


Incorrect or damaged permission settings may cause unexpected behavior. Here are several examples: 1. Application acting strange

When a third-party application appears in the dock as a question mark; or is unable to connect to t Internet, the installer may have incorrectly set permissions on the files and folders it installed. 2. Power interruption

The file system may be affected by a power interruption (improper shutdown) or when it stops resp (a "hang" or "freeze"). This could corrupt permission settings. 3. Software can only access the current user's files

Applications executed by a user only have access to the files that the user has access to. Backup so for example, may not back up Mac OS X system files that have root ownership 4. Emptying the Trash

In some circumstances, folders for which you do not have write permission can end up in the Trash you will not be able to delete them or the files contained in them.

How was the application installed?

Many things you install in OS X Lion are installed from package files (.pkg). Each time something is inst

from a package file, a "Bill of Materials" file (.bom) is stored in the package's receipt file, which is kept i hidden folder: /var/db/receipts. Each of those ".bom" files contains a list of the files installed by that pa and the proper permissions for each file.

When you verify or repair disk permissions, Disk Utility reviews each of the .bom files and compares its the actual permissions on each file listed. If the permissions differ, Disk Utility reports the difference (v and corrects them (repair).

Symptoms and Fixes

Here are frequent problems reported by users related to User Accounts and Permissions. Follow steps in order indicated below to resolve the issue. Symptom #1: Application can't be opened Symptom #2: File cannot be opened Symptom #3: Admin unable to perform function Symptom #4: User forgot password

Symptom #1: Application cannot be opened


Summary Application icon is clicked in Dock, and doesn't open. Resolution 1. Test to see if the issue affects a different user account. (Create an additional user if one does not already exist)

If creating a new user resolves the issue, files in the home directory of the original user account ma the problem. Try repairing permissions. 2. Choose Apple menu > Software Update to make sure you have the latest version of OS X Lion.

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer

12/15

3/25/12

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer
3. Open Disk Utility, in the Utilities folder in Launchpad. 4. Select the disk containing the application. 5. Click First Aid. 6. Click Repair Disk Permissions to test and repair permissions. 7. Restart the computer. 8. Test out the applications. If unsuccessful: 9. Start up from the recovery partition. 10. Run Disk Utility and Repair Disk. 11. Restart the computer. 12. Test out the applications. If still unsuccessful refer to the Knowledge Base for additional troubleshooting steps. Back to top

Symptom #2: File cannot be opened


Summary A file won't open. Resolution 1. Choose Apple menu > Software Update to make sure you have the latest version of OS X Lion. 2. Open Disk Utility, in the Utilities folder in Launchpad. 3. Select the disk containing the applications. 4. Click First Aid. 5. Click Repair Disk Permissions to test and repair permissions. 6. Restart the computer. 7. Try opening the file again. If unsuccessful, or if multiple files cannot be opened: 8. Start up from the recovery partition. 9. Run Disk Utility and Repair Disk. 10. Restart the computer. If still unsuccessful: 11. Reinstall the application. Back to top

Symptom #3: Admin unable to perform function


Summary

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer

13/15

3/25/12

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer
An administrator is unable to add fonts to /Library/Fonts. Resolution 1. Verify the current user's permissions are set correctly, for that specific item or folder. If the user has the correct permissions: 2. Choose Apple menu > Software Update to make sure you have the latest version of OS X Lion. 3. Open Disk Utility, in the Utilities folder in Launchpad. 4. Select the disk containing the applications. 5. Click First Aid. 6. Click Repair Disk Permissions to test and repair permissions. 7. Restart the computer. 8. Try opening or performing the operation again. If unsuccessful: 9. Start up from the recovery partition. 10. Run Disk Utility and Repair Disk. 11. Restart the computer. If still unsuccessful: 12. Reinstall the application. Back to top

Symptom #4: User forgot password


Summary User can't login. Can't remember password. The Mac has multiple user accounts. Resolution 1. Login with an administrator account. 2. Choose Apple menu > System Preferences. 3. Click Users & Groups. 4. Click the lock icon to unlock it, and then type an administrator name and password. 5. Select the user account, click Reset Password. 6. Enter a new password in both the Password and Verify fields, and add a hint if desired. 7. Click Reset Password.

Note: An Apple ID can also be used to reset a user password (provided that an Apple ID was entere OS X Lion was started for the first time). This option will appear after entering the incorrect accoun password at the login window three times. Click the arrow-in-a-circle icon to bring up the "Reset Password" dialog. Back to top

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer

14/15

3/25/12

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer

service.info.apple.com/service_training/en/063/en/Lion_AcctsPermissions/index.php?page=printer

15/15