This article consists of a number of bonus sidebars to the tutorial "Permissions, Accounts, and File Organization," and is available only to MacFixIt Pro users.
SIDEBAR #1: What Permissions Really Mean
Read & Write sounds cute, but what does it really mean? Here?s a rundown of what the different permissions levels mean for different types of items:
Read & Write You can open the file to read it or edit it, or you can make a copy of it. If the enclosing folder allows, you can also move it (deleting a file is considered moving it).
Read only You can open the file to read it, and you can make a copy of it (the copy will acquire Read & Write status). If the enclosing folder allows, you can also move the file.
No Access You cannot open or edit the file. However, if the enclosing folder allows, you can make a copy of the file or move it. You can still see the file, provided you have Read access to the enclosing folder (next item).
Note that the ability to delete a file is controlled by the permissions of the enclosing folder, not the permissions of the file itself.
Read & Write You can open the folder, and edit the contents of the folder (copy items to it, move items out of it, duplicate items within it, rename items within it, etc.).
Read only You can open the folder and view its contents, and you can make a copy of the folder (the copy acquires Read & Write status). If the enclosing folder allows, you can also move the folder. You cannot add to or remove its contents, or rename any of its contents. However, you can change the permissions or ownership of files/folders within the folder, provided you have Read & Write access to those items.
No Access You cannot open the folder (and, therefore, you cannot view its contents).
Write only (Drop Box) This permission level applies only to folders; an example is ~/Public/Drop Box (see "Understanding User Accounts" for more info on such folders). If you have Write only access to a folder, you can add items to it, but you cannot open the folder to view its contents. This is where the term "Drop Box" comes from -- all you can do is drop files/folders in, like a postal mailbox.
Although an application in Mac OS X looks like a single file, it is often actually a folder containing the application itself and application support files; the technical name for this type of folder is a package. When you double-click a package (or select it and choose File -> Open in the Finder), the application is launched. Because of this type of organization, permissions on an application work much like permissions on a regular folder:
Read & Write You can launch the application and view the application package contents (by control-clicking on the application and selecting Show Package Contents from the resulting contextual menu). You can also edit the package contents (copy items to it, move items out of it, duplicate items within it, etc.), and move the application/package and its contents (including deleting it/them).
Read only You can launch the application and view the application package contents, and you can make a copy of the application (the copy retains the Read only status). You cannot edit/change the application package?s contents. If the enclosing folder allows, you can move the application/package or edit its contents.
No Access You cannot launch the application, nor can you view its package contents. You can only see the application itself if the enclosing folder provides you with Read or Read & Write access.
SIDEBAR #2: Dissecting the Contents of Your Home Directory
Although your home directory (/Users/username, or the more common designation of ~/) contains any files, folders, or applications that you personally place there, it also includes a number of folders that were automatically created when your account was created. Here's a quick list of the default folders and a few common additions, and what each of these folders is for:
Applications This folder may or may not exist in your home folder. Some application installers create it during the installation process, but OS X does not create it by default. I'd suggest creating it yourself it if doesn't exist, as any applications that you install here will be available only to you -- if you have an application that you need to use but you don't want other users of your computer to be able to access, install it here. (If you want to this folder to be created automatically for all new user accounts, edit the new user template as explained at the end of this sidebar.)
Desktop This is your personal Desktop. If you open this folder, you'll notice that its contents are exactly the same as the items visible on your Desktop. In Mac OS X, each user has their own Desktop, and anything placed on the Desktop is actually placed inside this folder.
Documents This folder is the "official" location for storing personal documents and files. Most applications will default to storing files here. Although you aren't required by OS X to store your personal files here -- you can store files elsewhere if you want -- I highly recommend it, for a few reasons. First, it makes backing up your important documents easier, since you can just back up this folder instead of worrying if you have included all of your files in your backup routine. Second, it makes finding your documents easier -- you simply open this folder in the Finder instead of searching all over your drive. (You can create as many folders and subfolders inside this folder as you want if it helps you better organize your files.)
Faxes If you are running OS X 10.3 and later and enable fax reception, OS X creates this folder for storing received faxes.
Library This folder contains many of the support files and resources used by the OS when you are logged in to your account. Any preferences, system add-ons, fonts, and other files and information used only by your account are located here. (See "Why Are There So Many Copies of So Many Folders?" later in the article, for more info.)
Movies OS X creates this folder as a convenient place to store any movies/projects you create with iMovie.
Music This folder is used, by default, as a place for iTunes to store your iTunes Music Library and music files.
Pictures In addition to being a convenient place to store photos, your iPhoto Library is stored in this folder.
Public This folder and its contents are viewable and readable by all users, both local and remote. In addition, inside the Public folder is a folder called Drop Box -- this folder provides others with Write only access, meaning they can give files to you by placing them in this folder, but cannot open the folder or view its contents.
Sites This folder is where you store documents you wish to make available via Mac OS X's built-in web server.
Editing the New User Template When you create a new user, the contents of the new user's home directory include, by default, the following folders: Desktop, Documents, Library, Movies, Music, Pictures, Public, and Sites. However, you may want an Applications folder, or some other folder, to be created by default. The contents of a newly created home directory are dictated by the folder templates located at /System/Library/User Template. Inside this directory are home directory templates, one for each language supported by your installation of OS X (English.lproj is the template for English). If you open one of these template folders, you'll see the standard folders of a new home directory. Any changes you make to the contents of this directory will be reflected in any new user account. For example, to have an Applications folder created by default, create a new folder here and change its permissions to owner: system, Read & Write access; group: wheel (a default Unix group that includes admin users), No Access; others: No Access. (Note that to create a new folder here, you'll need root access, either in Terminal or the Finder.)
SIDEBAR #3: Authentication Dialogs
Authentication dialogs -- dialogs that pop up and ask you for a username and password -- are fairly common in OS X. They generally appear when you attempt to do something that only an administrator, or the root user, should be doing. Sometimes they appear automatically; other times they appear when you specifically request to be authenticated -- for example, when you click on a "padlock" icon in a Get Info window, a utility, or System Preferences.
These dialogs are a way for the current account to temporarily be given a higher level of access, so that you can do things you wouldn't normally be able to do from within that account. When you see an authentication dialog, simply type an admin-level username and password, and then press return. (Note that you don't have to provide the username and password for the account that is currently logged in; any admin account will do. This can be useful if the current account doesn't have admin access; any admin user of the computer can type in their own name and password in order to provide "one-time" authorization for the action in question.)
Authentication dialogs also serve a more practical function: they're a "virtual nudge" to you, the user. When an authentication dialog pops up, it's a sign that you're doing something serious, and potentially dangerous. Consider what you're trying to do, and make sure that you really want to perform the action.
As a side note, one helpful feature of authentication dialogs is that they notify you if the cap lock key is active via a caps lock icon (passwords are case-sensitive, so this is a nice touch).