Understanding the Mac OS X UserBased Access Model

For security and ease of use, each user on your computer stores files in his or her home folder. Unless these files are explicitly placed in a publicly-accessible folder, they can only be opened and edited by the Owner or the System Administrator. Other files, such as applications in Applications and system files in System, are located outside your home folder because they are intended to be shared by all users of your computer.

[View full size image]

By default, folders in a home folder have the No Access permission for Group and Others, and Read & Write access for Owner. There are only two exceptions: the Sites folder, which is used for web pages, and the Public folder.

If you want to share files with other users on your network, but you do not wish to grant them physical access to your computer, you can use the Public folder, located in your home folder. If you have not set up file sharing for other folders, a file sharing client connecting to your computer as a guest will open the Public folder by default.

NOTE

When you create a new folder, by default it is Read Only for Others, so other people can read its content if they can navigate to it. For this reason, it is best to keep your files and subfolders in your Documents folder; otherwise other users may have access to the files.

Storing Files Based on Access

This exercise demonstrates how you can restrict access to files and applications based on where you save the file.

Creating Two Files

The following steps will walk you through creating two files and storing them in two separate locations:

1.	Log in as Chris Johnson.
2.	Open TextEdit.
3.	Create a file, name it Secret, and save it in Chris's Documents folder.
4.	Create another file, name it Shared, and save it in Chris's Public folder.
5.	Quit TextEdit.

Testing Access to the Files

Follow these steps to test your access to the files you just created:

1.	Switch to Martha.
2.	Open a Finder window.
3.	Go to the Users folder.
4.	Go to Chris's home folder. You should not be able to see the contents of the Documents folder, so you have no access to the Secret document therein. However, you should be able to open Chris' Public folder and access the Shared file therein.
5.	Log out Martha.

Using the Shared Folder

Along with the Public folder available in each user's home folder, Mac OS X includes a specific location where you can place files that are to be shared among all local users on the computer. This shared location is /Users/Shared. The /Users/Shared folder has permissions set so that any local user can add files or folders that any other local user can access. While /Users/Shared would not be available to guest users across the network, it is the recommended place for storing files shared among local users.

The permissions for new files and folders created in /Users/Shared are set to Read & Write for Owner, and Read Only for Group and Others. This means files and folders in this location can be opened by any user account. The /Users/Shared folder also has a setting called the sticky bit, which ensures that only the owner of a file or folder can delete it. (You can read more about the sticky bit at the command line by entering man sticky and pressing Return. See Lesson 7, "Command-Line Interface," for more information.) The /Users/Shared folder is ideal for local sharing, because any user can view shared files, but only the owner can delete the original file from the shared location.