This is a republishing of a response I posted on the Mac OS X tribe some time ago.
Mac OS X inherited it’s file-level permissions scheme from it’s UNIX ancestors. The advantages of this approach are many fold, not limited to making it very difficult for malicious software to be installed on your system without your direct knowledge and consent.
But it can be difficult to understand this system, and thus I wrote this explanation of the three levels of access on a Mac OS X system. You can think of these levels as:
- User
- Admin
- Root (aka System)
Users have free read/write access to pretty much anything within their Home folder (that’s the folder with your user name and the house icon inside /Users), and will likely never be prompted to enter a password for any changes made there.
Admin users have the same access to their Home folder, plus read/write to the contents of /Applications and most of /Library, as well as a couple parts of /System. They are not prompted for enter a password for changes to these locations.
Root has full access to the entire system. Root accounts are disabled by default and are recommended to stay disabled unless you have a specific reason to enable them and sincerely know what you are doing.
What this means in a practical sense is that if you are using a restricted (aka “Standard” or “Managed”) user account you can only screw up the contents of your own Home folder. While your data or documents might be affected, you are not going to inadvertently install something that impacts the system as a whole. If you attempt to install something that affects the areas outside of your dominion you will be prompted to authenticate with an Administrator’s user name and password.
Alternately, when you are using an Admin account you could be fooled into installing something that affects the system as a whole — without ever being prompted for a password — if the destinations for the installed files are limited to areas that Admins normally have read & write access. If you try to install something that modifies files owned by Root/System, you will still be prompted for your password (unfortunately, you can still do serious damage to the OS as a whole without ever touching Root-owned resources).
Entering an Admin user name and password allows you to temporarily assume the permissions level of the Root user (meaning you get access to just about everything on the system). If you are unsure of where the application asking for authentication is coming from or why it’s asking for permissions it would be safest to decline until you can get clarification. The vast majority of software on the Macintosh OS shouldn’t need administrator rights to run.
Also, by default, the individual users on a system — whether they are Admin or Restricted — do not have access to read or write each other’s files. If you create a new user, this new account won’t have access to your previous user’s documents. You can always exchange files by moving / copying the relevant materials into the Shared folder (inside of the Users folder on the system drive). You can also bypass permissions on files saved on external drives by selecting the drive, and choosing File > Get Info and selecting “Ignore Permissions on this Volume” (changing this setting usually requires Admin authentication).
**This is assuming that the system is functioning correctly and that there isn’t some unknown / unpatched security hole that allows an intruder to bypass the security structure. To my knowledge, the only currently *known* examples of this are a bug that Apple patched in the 10.4.7 update, and the Wireless card exploit documented in another thread. There may be others, and you may get hit by a car crossing the street tomorrow. It’s an imperfect world.
