User Accounts and Permissions

Updated: 17 Oct 2020

1. How do I setup User Accounts on the Mac?

To set up new accounts, open the System Preferences. Select Users and Groups. To create a new account, click on the Lock icon at the bottom right and enter Administrator's user details, the click on the plus (+) sign to add a new account. Enter the Full name, Account name of the new account, select whether its a Standard (recommended) or Administrator account, enter a password twice and add a password hint and finally click on Create User.

When a new account is create a profile is created in Users folder, this contains Applications, Documents, Desktop, Public, Downloads and Library folders.

To change a password, select an existing user, and click on Change Password. You will be prompted for the old password and new password, for it to be changed. If you don't know the old password, you will need to boot from a Mac OS DVD or disc and use the tools to change passwords. If using the Terminal you can use sysadminctl command to create and manage users and the passwd command to change passwords.

You can also create a Group, for combining users together, it makes it easier to apply permissions to a group rather than inidividual users.

2. What is an Administrator user?

By default Mac OS X is setup with at least one 'administrator' account and a Guest User. An administrator account can change any settings on the computer, install programs, change file/folder permissions, system preferences and so on. When Mac OS is installed, the user can specify additional accounts with administrator priviledges.

3. What is a Standard, Managed with Parental Controls or Sharing only user?

A standard user make make changes in their own account such as desktop appearance, themes, create icons on their desktop, run programs and load and save files. They cannot install programs int he main Applications folder, but they can can in their personal Applications folder, nor make system wide changes.

A Managed with Parental Controls is designed for accounts for Children or other restricted users so you can restrict use of the Camera, the Game Center, access to contacts, Applications, Web sites, the app Store, days and time when they can login, privacy and others.

A Sharing only user, is for accounts for users to access files remotely from another machine. It cannot be used to login to the Mac or change settings. See System Preferences, Sharing on enabling remote file access.

4. How do I set Folder or File Permissions?

Default file permissions

To view or set permissions in Mac OS X , open the Finder window. Then browse for the folder and select Get Info and the bottom of the window shows the current file or folder permissions:

The permissions are as follows, which can be applied to users and groups:

Read and Write - can read,execute write and change files only.
Read Only - can read contents of files, run programs
Write Only - can create files or folders and change files
No Access - cannot do anything with the file or folder.

Two special groups are available, called Everyone and Staff. Everyone includes all users, guest users and even anonymous users. Staff users also contains all users, except anonymous users.
More advanced information on file permissions can be read on the macinstruct site.

5. How do I delete old users?

User Accounts can be removed from the System Preferences, Users and Groups. To remove a user, click on the Lock icon at the bottom right and enter Administrator's user details, select the user account and the click on the minus (-) sign to remove the user and profile in Users..

8. How do I customise the Default User or system wide settings?

The Default user profile is used when creating new accounts in Mac OS. It contains the default settings for all new accounts created on Mac machines. Usually, when you create a new account and login, the default user's settings are copied to the new profile, then the user can customise their setup as they wish. If you wish everyone to have the same settings from the start. You need to copy the settings to the default user. First, create a new user called Profile, then login with it and configure the settings as you wish. Login as administrator and then backup the existing profile by entering cp -R /System/Library/User\ Template/English.lproj/ /System/Library/User\ Template/English.orig. Then delete existing default profile using  sudo rm -rf /System/Library/User\ Template/English.lproj/*. Finally, overwrite the default profile with your your new custom profile: sudo cp -R /Users/profile/ /System/Library/User\ Template/English.lproj/.

Yuu can also setup Configuration Profiles to standardise settings on Mac Computers in the profile preferences.

You can also use the defaults command to change current user settings or for all applications. It does this by change the user preoferences in ~/Defaults folder or /Defaults for system configuration.

9. I can not log in to Mac OS, I have forgotten my password?

You can use your Password Hint which you created when you first created the account, alternatively try a blank password or login with your Apple ID used for iCloud.

If you are have an Apple ID, you can use it to reset your login. If yu fail to login three times click the arrow next to the Apple ID message and follow instructions to update your password.

If your mac has a different Administrator, you can login with that, and use System Preferences, Users and Groups to change the password of user in the user list.

Finally, if you have File Vault enable, you can use the Reset Password Assistant to change password. You need to power down, power on and enter the Recovery OS to change password.


Go to Hardware