Filter
Top Products
28 Chapter 1 User Management Overview
Prior to Mac OS X v10.4, Mac OS X used user ID and POSIX permissions to track folder
and file permissions. In Mac OS X, folders or files include POSIX permissions for entities
such as:
 Owner
 Group
 Everyone else
Because GUIDs are 128-bit values, duplicate GUIDs are extremely unlikely. Unlike ACL
permissions, POSIX permissions can cause file-ownership and group-membership
issues when multiple users have identical short names or user IDs. When using GUIDs,
users with the same short name or user ID can have different ACL permissions.
The introduction of GUIDs does not change or remove POSIX permissions, so it does
not affect the interoperability of Mac OS X with legacy UNIX systems or other operating
systems.
Folder and File Owner Access
When a folder or file is created, the file system stores the user ID of the user who
created the file or folder as its owner. By default, when a user with that user ID accesses
the folder or file, he or she can read and write to it. Also, any process started by the
user who creates the file or folder can read and write to any files associated with that
same user ID.
If you change a user ID, the user may not be able to modify or access files and folders
he or she created. Likewise, if the user logs in as a user whose user ID is different from
the user ID he or she used to create the files and folders, the user no longer has owner
permissions for those files and folders.
Folder and File Access by Other Users
The use of GUIDs in conjuction with ACLs determines the files that users and groups
can access. Also, the user ID, in conjunction with a group ID, is used to control access.
Every user belongs to a primary group. The primary group ID for a user is stored in the
user’s account. When a user accesses a folder or file and the user isn’t the owner, the file
system checks the file’s group permissions, and the following occurs:
 If the user’s primary group ID matches the ID of the group associated with the file,
the user inherits group permissions.
 If the user’s primary group ID doesn’t match the file’s group ID, Mac OS X searches for
the group account that has permission to access the file. When the group is found, all
members of that group and subsequent hierarchical groups are given permission to
that file.
 If neither of these cases apply, the user’s access permissions default to the generic
“everyone.”