Mac OS X Unleashed

By John Ray and William C. Ray

• Table of Contents
  • Copyright
  • About the Author
  • Acknowledgments
  • Tell Us What You Think!
  • Introduction
  • Part I: Introduction to Mac OS X
  • Chapter 1. Mac OS X Component Architecture
  • Chapter 2. Installing Mac OS X
  • Chapter 3. Mac OS X Basics
  • Chapter 4. The Finder: Working with Files and Applications
  • Chapter 5. Running Classic Mac OS Applications
  • Part II: Inside Mac OS X
  • Chapter 6. Native Utilities and Applications
  • Chapter 7. Internet Communications
  • Chapter 8. Installing Third-Party Applications
  • Part III: User-Level OS X Configuration
  • Chapter 9. Network Setup
  • Chapter 10. Printer and Font Management
  • Chapter 11. Additional System Components
    • User Account Creation
    • Enabling the root Account
    • Groups
    • System Preferences: Personal
    • System Preferences: Hardware
    • Sleep
    • System Preferences: Internet & Network
    • System Preferences: System
    • Summary
  • Part IV: Introduction to BSD Applications
  • Chapter 12. Introducing the BSD Subsystem
  • Chapter 13. Common Unix Shell Commands: File Operations
  • Part V: Advanced Command-Line Concepts
  • Chapter 14. Advanced Shell Concepts and Commands
  • Chapter 15. Command-Line Applications and Application Suites
  • Chapter 16. Command-Line Software Installation
  • Chapter 17. Troubleshooting Software Installs, and Compiling and Debugging Manually
  • Chapter 18. Advanced Unix Shell Use: Configuration and Programming (Shell Scripting)
  • Part VI: Server/Network Administration
  • Chapter 19. X Window System Applications
  • Chapter 20. Command-Line Configuration and Administration
  • Chapter 21. AppleScript
  • Chapter 22. Perl Scripting and SQL Connectivity
  • Chapter 23. File and Resource Sharing with NetInfo
  • Chapter 24. User Management and Machine Clustering
  • Chapter 25. FTP Serving
  • Chapter 26. Remote Access and Administration
  • Chapter 27. Web Serving
  • Part VII: Server Health
  • Chapter 28. Web Programming
  • Chapter 29. Creating a Mail Server
  • Chapter 30. Accessing and Serving a Windows Network
  • Chapter 31. Server Security and Advanced Network Configuration
  • Chapter 32. System Maintenance
  • Appendix A. Command-Line Reference
  • Appendix B. Administration Reference

Groups

As mentioned earlier, a multi-user environment allows there to be many users logged on to the same machine at the same time. The users' files, as well as the rest of the files in the system, have associated permissions. These permissions are specified for the owner of the file, the group to which the user belongs, and all users. It is the group concept that we would like to look at briefly now. In later chapters, we will look at working with groups.

A group can have a group password, although use of a group password is uncommon. Additionally, a group has a group ID number, name, and members. As you saw when we created a user, the default group ID for a user created by using the User pane is 20, which is the staff group. If you look at the staff group, however, you do not necessarily see all those who belong to the group actually listed in the group.

A user can belong to more than one group. This could be useful for a specific project, for example. Where you immediately see its usefulness, however, is with administrative privileges. The users who have administrative privileges also belong to the group called wheel, which has group ID 0. This is a special group on certain flavors of Unix, including OS X. The root user also belongs to the group wheel. Although being in this group gives an administrative user a lot of power, root is still the most powerful user. Figure 11.6 shows how a typical administrative user might appear in the NetInfo Manager. Note that the administrative user's primary group ID is listed as being group 20 (staff). Chapter 24 covers the creation and modification of users and groups in depth, so don't worry if you still have questions.

Figure 11.6 A typical administrative user, as shown in the NetInfo Manager.

In Figure 11.7, however, you see that our sample administrative user, joray, also belongs to group wheel, which is indeed group ID 0, the same as what you saw for root in Figure 11.5. If you look at the group admin, you will see that administrative users also belong to that group.

Figure 11.7 Administrative users belong to the group wheel in OS X. As you see here, there are two administrative users on this system.

To see permissions on a file in the Finder, under the File menu, select Show Info (Command+I). In the window that pops up, in the Show section, select Privileges. Permissions can also be changed in this same window. Figure 11.8 shows the permissions on the /System/Library/Fonts/ directory. As you can see, users in group wheel have only read permission, which is why you have to become root to copy fonts into that directory. If you are interested in more permissions controls in a GUI application, check http://www.gideonsoftworks.com/ for an application called Get Info. It allows you to change many attributes of a file, including permissions, ownership, and group.

Figure 11.8 The permissions on the /System/ Library/Fonts/ directory show that members of group wheel have only read permission. Therefore, even an administrative user cannot copy anything to that directory.

If you look at the permissions on the /Library/Fonts/ directory, you will see that users in admin have permission to read and write. That is why an administrative user can copy fonts to that directory.

Share This