Macintosh User Groups - Managing Local Groups To Share Resources Between Users

Managing Local Groups To Share Resources Between Users

By creating additional folders outside of any user’s home folder you can create folders that can be used by multiple users of the computer but with more flexibility than what is made available through the Shared folder, which is accessible to every user. This can be helpful with home computers as well as a shared computer in a small office or classroom. You can also change the permissions on the Shared folder or any of the folders inside of a home folder to facilitate or limit access by users based on group membership. Group membership affects access to files and folders, whether a user logs in at a computer or connects via file sharing from another computer.

Ironically enough, one of the tools that you can use to manage local users and groups is Workgroup Manager, Apple’s tool for managing users and groups on Mac OS X Server. Workgroup Manager is included with Apple server tools, which can be downloaded and installed on any Mac OS X Tiger computer. Typically, these tools are used for remote administration of Mac OS X Server. However, Workgroup Manager includes a local directory mode that can be used to manage Mac OS X as well (the other tools function only with Mac OS X Server).

you can use Workgroup Manager to create and edit user accounts. However, using Workgroup Manager is not as easy as using the Accounts pane in System Preferences. More importantly, there are some important features for Mac OS X local user accounts (most notably the creation of home folder) that cannot be accomplished using Workgroup Manager. As a result, you should really manage only groups and preferences (if you choose to) using Workgroup Manager. Actual user account management should be done through System Preferences.

To use the Workgroup Manager local directory mode, launch it and, when presented with the Connect dialog box, click Cancel. Then choose View Directories from the Server menu (or use the Apple+D key combination). You will see an alert telling you that you are not connected to a server directory node, to which you can simply click OK. Before you can manage users or groups, you need to authenticate to the directory by clicking on the lock icon in the upper right of the Workgroup Manager window and entering an administrator username and password for the computer.

Figure 1 shows the Accounts section of Workgroup Manager (if this isn’t displayed, click the Accounts button in the toolbar). To manage groups, click on the Groups tab (the one that has an icon of three people) in the left pane of the window. You will see the existing nonsystem groups. To edit an existing group, select it in the list. To add a new group, click the New Group button in the toolbar.

Figure 1 The Groups tab in Workgroup Manager

NOTE

Typically, Mac OS X will create a group for each individual user (for example- asif_moin) created using System Preferences. It is best to avoid changing any settings for these groups or for any of the system groups because doing so could prevent Mac OS X from functioning properly.

Whether you are editing an existing group or a new group, use the right pane to enter a name and short name for the group. They can be the same or different—for most local group uses, groups are displayed by their short names. Each group need to have a name and short name that are different from other groups on the system.

You can specify a group ID number as well, although like names and short names, they must be unique numbers. By default, Workgroup Manager will assign group ID numbers in the range typically used by Mac OS X Server (beginning with 1025), and you can use these numbers as long as your computer is not part of an Mac OS X Server directory structure. If you choose to assign numbers, numbers in the 600 range should be safe in most other cases. Be sure not to use any number below 100 because they are reserved for system groups needed for Mac OS X to function. Any of the groups created for user accounts will most likely be in the 500 range and should be avoided as well (the first user account is assigned 501 and each additional account is the next highest number).

After you enter a group name, short name, and group ID, click the Save button to create the group or save your changes. You can then add users to the group by clicking the plus sign button next to the Members listbox, which displays a drawer containing the available users and groups on the computer. Make sure that the tab at the top of drawer is set to display users instead of groups (the tab with the single person icon) and double-click on each user that you want to add to the group. This drawer contains every system-level user account as well as actual users (to avoid potential problems, only work with actual users). To remove users, select the users in the Members listbox and then click the minus sign button. When you’re finished, click the Save button.

NOTE

Although there are other group options displayed in Workgroup Manager, including a path for a group picture and a group folder, these options are either not available or are not used in any way when managing local groups.

Once you’ve created a group, you can use that group to set permissions for access to various files and folders on your computer. You can do this by either using the chmod Unix command from the Terminal or by using the Get Info command on a selected item in the Finder. If you use the Finder’s Get Info window, expand the Details section of the Ownership and Permissions part of the window and select a group from the Group pop-up menu (you might need to click the padlock and authenticate as the owner of the item or as an administrator of the computer). You can also choose what level of access members of the group have to the item.