You'll get your Mac news here from now on...

Help TMO Grow

Subscriber Login

Advertising Info

The Mac Observer Express Daily Newsletter

More Info

Site Navigation

Columns & Editorials
Mac Links

by Kyle D'Addario
& Wincent Colaiuta

Mac OS X: Understanding Multi-User Capabilities
March 30th, 2001

Apple first introduced system-level multi-user capability with OS 9 but this was only a fore-shadowing of what lay ahead for OS X. In OS 9 the multi-user features were optional; in OS X they are mandatory. Now that OS X is here users must adapt to the changes that the multi-user model imposes. In this week's Hot Cocoa I discuss the differences between the old and new systems, explain how multiple users are implemented under OS X and make a case for the associated advantages.

The OS X multiple users model

When you first install OS X you are prompted to create an administrator account for your machine. This is the first example of a "user" that you will see under OS X. If you are the only person who uses your computer you may wish to leave it at that; in fact, you can choose to "log in" as that user automatically each time you boot up.

You have the option, however, of creating more than one "user" account on your OS X machine, limited only by the amount of disk space you have on your hard drive. You might want an account for each member of your family, or accounts for your friends, or your work colleagues. If the computer is installed in a student computing lab you might want an account for each of your students.

Because OS X is based on the BSD Unix underpinnings of Darwin, the user accounts created differ in important ways from those made under OS 9. Before I describe the differences I'll briefly list the similarities:

  • Each user has a unique folder for documents and personal files that nobody else on the machine can interfere with.
  • Each user can customize programs to suit his or her preferences; each user's preferences are stored independently from all other users' preferences.

There are some key differences, however:

  • Each user has a "home" directory, accessible by clicking the "home" icon in the Finder toolbar.
  • All files for that user are stored inside that home directory, including documents, pictures, movies, music, preferences and other files.
  • Because the system is based on Unix it is much harder to circumvent the security measures that prevent users from interfering with one another's files.
  • Logging into another user's account can be almost like logging into another machine, everything can look different: the desktop, the positions that Finder windows occupy when opened, system preferences right down to the settings of the menu bar clock, and so forth.

How it works

Apple uses an elegant system for managing system settings called "NetInfo." If you are interested in exploring the NetInfo system, then open the "NetInfo Manager" application inside the "Utilities" folder.

Whenever you create a new user, you are actually creating a description of that user in the NetInfo database. Mac OS X then creates a new "home directory" for that user inside the "Users" folder at the root level of the hard drive. The preferences for each given user are stored inside the "Library" folder inside that user's home directory. In this way the settings of one user never interfere with those of other users.

Because OS X is based on BSD Unix, it incorporates a robust permissions system. This system ensures that users are only allowed to access files that they own, and not the files of others.

For example, create a couple of test users by going to the "System Preferences" application and using the "Users" pane. Make one user who is an administrator (click "Allow user to administer this machine"), and one who is not.

When you log in as the non-privileged user (i.e. the one who is not an administrator) you will find that you cannot look too far inside the home directory of the other. For instance you will see a red sign on the administrator's "Library" folder indicating that you do not have access.

Now try logging in as the administrator user, and you will see that you can explore to your heart's content. This is because administrators have elevated privileges under OS X. Try changing a few settings in your home directory. Click on a folder and select "Show info" from the "File" menu. Choose "Privileges" from the popup menu and try some settings. You will see that you can allow people to read, write or have no access at all to your files. When you log back in as your other user, the one without admin rights, go back to those folders and note the effect you had by changing their permissions.

It is useful to create at least two accounts when you install OS X – one to administer the machine and one for everyday use. By using the non-administrator account you avoid doing any damage to your system in the event of a careless mistake. The Unix permissions system is quite rigorous: it is very difficult to do any harm to your system when you are logged in as a normal user.

Advantages of the model

Robustness is not the only strength of the OS X multiple users model. One of the most exciting aspects of it stems from Apple's use of the NetInfo system. Think of NetInfo as a way for storing all kinds of settings, preferences and information across a network.

Thanks to NetInfo, you can sit down in a room full of Macs and know that you'll be able to get your personalized desktop and all of your custom settings, no matter which Mac you choose to use. This is because NetInfo allows settings to be pulled from another machine across the network. Imagine having a shared set of preferences at work, school and home: NetInfo makes all this possible.

At present, NetInfo is only really making its presence felt in particular locations, such as university labs where a collection of Macs can be connected to a central machine running OS X Server. I expect, however, that in the future it will be quite commonplace for people who own more than one Mac to make use of NetInfo's power within their own homes, and even between home and work, to ensure that their settings are always available to them, no matter which machine they choose to use.

Wincent Colaiuta

You are encouraged to send Richard your comments, or to post them below.

Most Recent Hot Cocoa Columns

Mac OS X & Firewalls: Part One - The Basics
August 17th

Console Yourself: Understanding Mac OS X Logs
August 3rd

Making NFS Work On Mac OS X
July 23rd

Hot Cocoa Archives

Back to The Mac Observer For More Mac News!

Kyle D'Addario is the assistant editor of The Mac Observer and has logged about as much time on Mac OS X as is humanly possible. Kyle studies Computer-Mediated Communication, whatever that is, at the graduate level, and was a founding member of the original Webintosh team.

Wincent Colaiuta runs Macintosh news and criticism site,, and joined The Mac Observer team as a contributor in March 2001. He has worked with computers since 1984, and his interests in that area include Macs, PHP programming and security.

Today's Mac Headlines

[Podcast]Podcast - Apple Weekly Report #135: Apple Lawsuits, Banned iPhone Ad, Green MacBook Ad

We also offer Today's News On One Page!

Yesterday's News


[Podcast]Podcast - Mac Geek Gab #178: Batch Permission Changes, Encrypting Follow-up, Re-Enabling AirPort, and GigE speeds

We also offer Yesterday's News On One Page!

Mac Products Guide
New Arrivals
New and updated products added to the Guide.

Hot Deals
Great prices on hot selling Mac products from your favorite Macintosh resellers.

Special Offers
Promotions and offers direct from Macintosh developers and magazines.

Browse the software section for over 17,000 Macintosh applications and software titles.

Over 4,000 peripherals and accessories such as cameras, printers, scanners, keyboards, mice and more.

© All information presented on this site is copyrighted by The Mac Observer except where otherwise noted. No portion of this site may be copied without express written consent. Other sites are invited to link to any aspect of this site provided that all content is presented in its original form and is not placed within another .