OS X Mavericks For Dummies (2014)
Part IV. Mastering Your Mavericks
Chapter 16. Sharing Your Mac and Liking It
In This Chapter
Comprehending networks and file sharing
Setting up file sharing
Finding out about users
Understanding access and permissions
Sharing files, folders, and disks with other users
Have you ever wanted to grab a file from your Mac while you were halfway around the world or even around the corner or in the next room? If so, I have good news for you: It’s not difficult with OS X (believe it or not), even though computer networking in general has a well-deserved reputation for being complicated and nerve-wracking. The truth is that you won’t encounter anything scary or complicated about sharing files, folders, and disks (and printers, for that matter) among computers as long as the computers are Macintoshes. And if some of the computers are running Windows, OS X Mavericks even makes that (almost) painless. Your Macintosh includes everything that you need to share files and printers — except the printers and the cables (and maybe a router). So here’s the deal: You supply the hardware, and this chapter supplies the rest. And when you’re done hooking it all up, you can take a rest.
The first sections of this chapter provide an overview and tell you everything that you need to know to set up new user accounts and share files successfully. I don’t show you how to actually share a file, folder, or disk until the “Connecting to a Shared Disk or Folder on a Remote Mac”section, later in this chapter. Trust me, there’s a method to my madness. If you try to share files without doing all the required prep work, the whole mess becomes confusing and complicated pretty fast — kind of like networking PCs.
One last thing: If you’re the only one who uses your Mac, you don’t intend to share it or its files with anyone else, and you never intend to access your Mac from another computer in a different location, you can safely skip this whole chapter if you like.
Introducing Networks and File Sharing
Mavericks’ file sharing enables you to use files, folders, and disks from other Macs on a network — including the Internet — as easily as though they were on your own local hard drive. If you have more than one computer, file sharing is a blessing.
Before diving in and actually sharing, allow me to introduce a few necessary terms:
Network: For the purposes of this chapter, a network is two or more Macs connected by Ethernet cables, wireless networking (Apple refers to this as AirPort or Wi-Fi), or FireWire cables (rarely seen anymore).
Ethernet: A network protocol and cabling scheme that lets you connect two or more computers so they can share files, disks, printers, or whatever.
Ethernet ports: Where you plug an Ethernet cable into your Mac. Be careful to match the cable to its specific jack. On your Mac and printer, the Ethernet ports look a lot like phone jacks, and the connectors on each end of an Ethernet cable look a lot like phone cable connectors. But they aren’t the same. Ethernet cables are typically thicker, and the connectors (RJ-45 connectors) are a bit larger than the RJ-11 connectors that you use with telephones. (See examples of both types of ports in the margin.) Standard phone cables fit (very loosely) into Ethernet ports, but you shouldn’t try that, either; they’ll probably fall out with the slightest vibration. It’s unlikely that such a mistake will cause damage, but it won’t work and will be frustrating.
Local devices: Devices connected directly to your computers, such as hard or optical drives. Your internal hard drive, for example, is a local device.
Remote devices: Devices you access (share) over the network. The hard drive of a computer in the next room, for example, is a remote device.
Protocols: Kinds of languages that networks speak. When you read or hear about networks, you’re likely to hear the words AppleTalk, EtherTalk (or Ethernet), SMB, and TCP/IP bandied about with great regularity. These are all protocols. Macs can speak several different protocols, but every device (Mac or printer) on a network needs to speak the same protocol at the same time to communicate.
Support for the TCP/IP protocol is built into every Mac, and OS X Mavericks includes all the software you need to set up a TCP/IP network; the hardware you provide consists of Ethernet cables and a hub (if you have more than two computers) or an AirPort or other Wi-Fi base station. Here, I’m using hub generically; its more powerful networking cousins, switches and routers, also work for this purpose.
By the way, in addition to providing wireless networking, the AirPort Extreme wireless Base Stations — as well as the Time Capsule device — are all members of the router class of devices. The Time Capsule is a pretty cool deal; it combines a wireless Base Station, three-port Ethernet router, and a big hard disk that can be shared by all computers on the network and also used as a Time Machine backup disk.
Portrait of home-office networking
A typical Mac home-office network consists of two Macintoshes, an AirPort Extreme wireless Base Station (or other type of Ethernet hub or router), and a network printer. Check out Figure 16-1 to see the configuration of a simple network. In the figure, the black lines between the devices are Ethernet cables; the rectangular device with those cables going into it is an Ethernet hub, router, AirPort Extreme Base Station, or Time Capsule. (I tell you more about cables and such devices in the section “Three ways to build a network,” later in this chapter.) You need enough Ethernet cable to run among all your devices.
Figure 16-1: Two Macs and a printer make up a simple Mac network.
File sharing made easy with AirDrop
Perhaps all you want to do is share an occasional file (not necessarily a printer or a home Internet connection or a folder of music files or pictures). In that case, check out AirDrop (for Lion, Mountain Lion, and Mavericks only on Macs built in the past couple of years), which uses Apple’s proprietary zero-configuration network protocol, known as Bonjour (formerly Rendezvous). It’s a big part of the secret sauce that makes Mac networking so simple.
Here’s how it works: If two devices (and this includes all Macs running OS X Jaguar or later) speak Bonjour, you don’t have to do any configuration other than, possibly, turning on the sharing capability, as I explain in “Setting Up File Sharing,” later in this chapter. Bonjour queries the other available networked devices to see what services they support and then configures the connections for you automatically. Sweet!
It gets even better if you’re using Lion, Mountain Lion, or Mavericks ’cause you can use the nifty sharing feature called AirDrop. It appears in your Finder window Sidebar and locates all other AirDrop-capable Macs and i-Devices on your local wireless network. The only caveat is that it’s Wi-Fi only.
For AirDrop to work, you don’t need to turn on File Sharing or do anything else. Just click AirDrop in the Finder Sidebar, and you see AirDrop in the Finder window, as shown in the following figure.
The key here is that both devices must be on the same Wi-Fi network and have an open Finder window with AirDrop selected in the sidebar as shown here. To send a file (or multiple files and/or folders) to the other Mac, just drag it onto the other Mac’s icon. AirDrop displays a dialog on the other Mac asking whether the user wants to accept delivery; if so, the items are transferred immediately to the Downloads folder.
When you close the AirDrop window, you are no longer visible to other AirDrop users.
With the setup shown in Figure 16-1, either Mac can use the other Mac’s files, and both Macs can print to the same printer. If you have a broadband Internet connection, you can also connect the cable or DSL modem to the hub/switch/router so all Mac users on the network can share the Internet connection.
A network can — and often does — have dozens or hundreds of users. Whether your network has 2 nodes (machines) or 2,000, the principles and techniques in this chapter apply.
Three ways to build a network
In this chapter, I assume you’re working on a small network, the kind typically found in a home or small business. If you’re part of a megamonstrous corporate network, and you have questions about your particular network, talk to the PIC (person in charge, also known as your network administrator). In other words, if you’re trying to build a meganetwork, you’re going to need a book a lot thicker and harder to understand than this one.
The following list gives you three common ways to build a modern small home or office network:
AirPort: If all your Macs are equipped with AirPort wireless cards and you have an (AirPort or) AirPort Extreme Base Station or Time Capsule, you don’t need cables at all. Just plug in the Base Station, and Macs with AirPort cards can communicate with one another. If you use an Ethernet printer (connected to your Mac by Ethernet cable), you have to connect it to the Base Station before you can print from your wireless Macs. Both the Base Station and printer have Ethernet ports, so you can use a crossover cable (more about that in a minute) to make the connection.
Recent vintage AirPort Extreme and Time Capsule devices from Apple include a USB port so you can connect any printer via USB and share it wirelessly (rather than having to use a more expensive Ethernet-equipped “networkable” printer).
Although this setup is more expensive than connecting everything with Ethernet cables and a cheap hub or router, it’s also more flexible because you can move your devices anywhere. (Well, almost anywhere; you’re limited to a maximum of 150–200 feet from each Base Station, and that’s assuming that there’s absolutely nothing in the way to block your signal. Your mileage may vary.)
I’ve been using wireless printers for years. If you have an AirPort (or any Wi-Fi) network available, many new printers offer wireless printing, which means you can stash your printer in a closet or another room if you care to.
Traditional Ethernet: All modern Macs have an Ethernet port, with the exception of the MacBook Air and the Retina Display MacBook Pro. To connect your Mac to a network, you need Ethernet cables for each Mac and a little device called a hub, switch, or router. This device is like the center of a wheel; the wires coming out of it are the “spokes.”
A typical Ethernet router includes two to eight Ethernet ports. You plug the router into an electrical outlet and then connect Ethernet cables from each of your Macs and printers (from their Ethernet ports) to the router. Voilà — instant network. These gadgets are pretty cheap, starting at around $30; cables start at a few bucks, increasing in price with the length and quality.
Small Ethernet: If you have only two devices to network (two Macs or a Mac and an Ethernet printer, in most cases), you can use an Ethernet cable to connect them directly to each other via the Ethernet ports. You can purchase an Ethernet cable at your local electronics store. Plug one end of the Ethernet cable into one device and the other end into the other device.
If you use an Apple AirPort Extreme Base Station or Time Capsule, you may not need a hub, switch, or router at all because these devices incorporate small routers with three Ethernet ports. Either one is all you need unless you have more than three Ethernet devices to connect. If that’s the case, you’ll need to add a hub, switch, or router with additional Ethernet ports to accommodate them all (in addition to your AirPort or Time Capsule).
If you have a cable modem or Digital Subscriber Line (DSL) as your Internet connection, you might need a router or switch instead of a (cheaper) hub. Routers and switches are similar to hubs but cost a tiny bit more and have additional features that you may or may not need. Your ISP can tell you whether you’re going to need one.
Setting Up File Sharing
Before you get into the nitty-gritty of sharing files, you must complete a few housekeeping tasks, such as enabling the appropriate type of file sharing. Follow these steps to do so:
1. Choose ⇒System Preferences and then click the Sharing icon.
The Sharing System Preferences pane appears. The first word of the long username of the first Admin account created on this computer appears in the Computer Name field by default, followed by the type of Mac (for example, Bob L’s MacBook Pro).
2. If you want to change the name of your computer from whatever Mavericks decided to call it to something more personal, do that now in the Computer Name text field at the top of the Sharing pane.
In Figure 16-2, you can see that I named mine Bob L’s MacBook Pro. You can name yours anything you like.
3. Select the File Sharing check box, as shown in Figure 16-2.
Now other users on your network can access files and folders on your computer, as you see later in this chapter.
Figure 16-2: Turning file sharing on and off.
By default, only one folder in your Home folder is shared, and that folder is your Public folder. If you want to access files or folders on this computer while you’re using another computer on the network, you can so long as you first provide your username and password. Everyone else on the network can see only your Public folder.
These are the safest settings. Unless you have good reason to tinker with them, you should probably not change anything here. That said, if you feel you must change these settings, you find out how to do so in the next section of this chapter.
4. (Optional) If you want remote users to upload and download files to and from this computer, click the Options button and then select either or both of the Share Files and Folders Using AFP or SMB check boxes.
• Doing so gives users on the Internet but not on your local area network some alternatives to file sharing: an Apple File Protocol (AFP) or a client program that uses Server Message Block (Samba or SMB).
• If you want to enable Windows or Linux users — or users of other operating systems — to share files with you, the SMB check box must be selected.
• Select the On check box (in the leftmost column) for each account you want to enable to use these protocols to access your Mac, providing the password when prompted.
5. Click the Done button when you’re done, and then proceed to the following section to continue setting up your network.
Access and Permissions: Who Can Do What
After you set up file sharing (as I explain in the preceding section), your next step on the path to sharing files on a network is telling your Mac who is allowed to see and access specific folders. Luckily for you, this just happens to be what I cover in the following sections.
Users and groups and guests
Macintosh file sharing (and indeed, OS X as well) is based on the concept of users. You can share items — such as drives or folders — with no users, one user, or many users, depending on your needs.
Users: People who share folders and drives (or your Mac) are users. A user’s access to items on your local hard drive is entirely at your discretion. You can configure your Mac so only you can access its folders and drives, or so only one other person or group — or everyone — can share its folders and drives.
When you first set up your Mac, you created your first user. This user automatically has administrative powers, such as adding more users, changing preferences, and having the clearance to see all folders on the hard drive.
For the purposes of this book, I assume that some users for whom you create identities won’t be folks who actually sit at your Mac but those who connect to it only from remote locations when they need to give or get files. But you could allow such a user to use the same name and password to log in while sitting at your desk.
For most intents and purposes, a remote user and a local user are the same. Here’s why: After you create an account for a user, that user can log in to your Mac while sitting in your chair in your office, from anywhere on your local area network via Ethernet, or anywhere in the world via the Internet if you give him an Administrator, Standard, or Managed account.
Administrative users: Although a complete discussion of the special permissions that a user with administrator permissions has on a Mac running OS X is far beyond the scope of this book, note two important things:
• The first user created (usually when you install OS X for the first time) is automatically granted administrator (Admin) powers.
• Only an administrator account can create new users, delete some (but not all) files from folders that aren’t in his or her Home folder, lock and unlock System Preferences panes, and a bunch of other stuff. If you try something and it doesn’t work, make sure you’re logged in as an Administrator or can provide an Administrator username and password when prompted.
You can give any user administrator permissions by selecting that user’s account in the Users & Groups System Preferences pane and selecting the Allow User to Administer This Computer check box. You can select this check box when you’re creating the user account or anytime thereafter.
Groups: Groups are Unix-level designations for privilege consolidation. For example, there are groups named Staff and Everyone (as well as a bunch of others). A user can be a member of multiple groups. For example, your main account is in the Staff, Admin, and Everyone groups (and others, too). Don’t worry — you find out more about groups shortly.
Guests: Two kinds of guests exist. The first kind lets your friends log into your Mac while sitting at your desk without user accounts or passwords. When they log out, all information and files in the guest account’s Home folder are deleted automatically.
If you want this kind of guest account, you need to enable the Guest Account in the Users & Groups System Preferences pane. To do so, click the Guest Account in the list of accounts on the left and select the Allow Guests to Log In to This Computer check box.
The second kind of guest is people who access Public folders on your Mac via file sharing over your local area network or the Internet. They don’t need usernames or passwords. If they’re on your local network, they can see and use your Public folder(s), unless you or the Public folder’s owner has altered the permissions. If they’re on the Internet and know your IP address, they can see and use your Public folder(s) if you don’t have a firewall blocking such access. Public folders are all that guests can access, luckily. You don’t have to do anything to enable this type of guest account.
Before users can share folders and drives (or have their own accounts on your computer, for that matter), they must have an account on your Mac. You can create two different kinds of accounts for them — a User Account or a Sharing Only Account.
When you create a User Account for a person (I call that person and account User 1), the account has its own Home folder (called — what else? — User 1), which is filled with User 1’s files. Nobody but User 1 can access files in this Home folder unless, of course, User 1 has provided someone the account name and password.
When you create a Sharing Only Account for a person (I call that person and account Sharing 1), the person using that account doesn’t have a Home folder and can’t access other users’ Home folders. Sharing 1 can access only the Public folders inside all the Home folders on that Mac.
You can create a new User Account only in the Users & Groups System Preferences pane. You can create a new Sharing Account in either the Users & Groups or Sharing System Preferences panes.
When you click the + button under the Users list in the Sharing System Preferences pane and choose a contact in your Contacts (as opposed to choosing an existing user account), you create a Sharing Account for that person.
Anyone can remotely access files or folders in your Public folder(s) over a LAN (local area network) or the Internet. But if you want them to be able to access folders or files other than those in the Public folder(s) on your Mac, they need either a User Account or a Sharing Account.
When you add (create) a user, you need to tell your Mac who this person is. This is also the time to set passwords and administrative powers for this new user. Here’s the drill:
1. Choose ⇒System Preferences (or click the System Preferences icon in the Dock), click the Users & Groups icon, and then make sure that the Password tab is selected.
The Users & Groups System Preferences pane appears. In this pane (shown in Figure 16-3), you can see the name of the first user (Bob Levitus) and the administrative control that this user is allowed. (Note that the Allow User to Administer This Computer check box is selected.)
The first user created (usually at the same time you installed OS X) always has administrator permissions.
2. Click the + button beneath the list of users.
A sheet appears in which you enter the new user’s information.
If the + button is dimmed, here’s how you get it functioning: First click the lock (at bottom left), supply an administrator name and password in the resulting dialog, and then click OK.
3. Choose Standard from the New Account menu.
4. In the Name text box, type the full name of a user you want to add.
In the Account Name text box, your Mac inserts a suggested abbreviated name (formerly known as the short name). Check out Figure 16-4 to see both.
Figure 16-3: The Users & Groups System Preferences pane is where you manage user accounts on this Mac.
Figure 16-4: Name the new user, and your Mac suggests a short name and password.
In Figure 16-4, I added Steve Wozniak as a user, typing his full name in the Full Name field. You don’t really need to type the user’s full name, but I do so in this example to show you the difference between a Full Name and an Account Name.
5. Press the Tab key to move to the next field.
OS X suggests an abbreviated version of the name in the Account Name field (as shown in Figure 16-4).
Because he's the only Steve who matters around here, I change the suggested Account Name from SteveWozniak to just plain Steve, which is shorter than the short name recommended by OS X. (In other words, I type Steve in the Account Name field, replacing the suggestedSteveWozniak.) The name of each user's folder (in the Users folder) is taken from the short name that you enter when you create a user.
Users can connect to your Mac (or log in from their own Macs, for that matter) by using the short name, rather than having to type their full names. The short name is also used in environments in which usernames can’t have spaces and are limited to eight or fewer characters. Although OS X Mavericks allows longer usernames (but no spaces), you might be better off keeping your short name shorter than eight characters, just in case.
6. Tab to the Password field and enter an initial password for this user.
The small, square button with the key to the right of the Password field, when clicked, displays the Password Assistant. You can use the Password Assistant, as seen at lower left in Figure 16-4, to help generate a password that should be fairly easy for the user to remember (choose Memorable from the Password Assistant’s Type pop-up menu) but hard for a cracking program to guess (or meet other requirements).
To make your password even harder to guess or crack, choose Random or FIPS-181-compliant from the Password Assistant’s Type pop-up menu. It will also make it harder for you to remember, so make sure you either memorize it or store it in a safe place.
7. Press the Tab key to move your cursor to the Verify text field.
8. In the Verify text box, type the password again to verify it.
9. (Optional) To help remember a password, type something in the Password Hint text box to jog the user’s memory.
If a user forgets her password and asks for a hint, the text that you type in the Password Hint field pops up, ideally causing the user to exclaim, “Oh, yeah . . . now I remember!” A password hint should be something simple enough to jog the user’s memory but not so simple that an unauthorized person can guess. Perhaps something like “Your first teddy bear’s name backward” would be a good hint.
10. Click the Create Account button to create the account.
The sheet disappears, and the new user now appears in the Users & Groups System Preferences pane’s Users list.
11. (Optional) Click the account picture above the Full Name field, and choose a different one.
OS X suggests a picture from its default collection for each account, but you can select a different one from the pop-up mini-window shown in Figure 16-5, drag one in from the Finder (or iPhoto), or take a photo with an attached or built-in camera (such as an iSight) by clicking the Edit button (shown in the margin).
Figure 16-5: Choosing a different picture for the user (here, it’s Steve Wozniak).
12. (Optional) Click the Set button next to Apple ID to enter (or create) the user’s Apple ID.
Changing a user
Circumstances might dictate that you need to change a user’s identity, password, or accessibility, or perhaps delete a user. Follow these steps to change a user’s name, password, or account type:
1. Choose ⇒System Preferences (or click the System Preferences icon in the Dock or Launchpad).
The System Preferences window appears.
2. In the System Preferences window, click the Users & Groups icon.
The Users & Groups System Preferences pane appears.
If the lock icon at the bottom of the window is locked, you have to click it and provide an administrator password before you can proceed.
3. Select the user’s name in the accounts list.
The information for that person appears.
4. Make your changes by selecting the existing username and replacing the old with new text or a different setting.
• If you want to change the password, click the Reset Password button and make your changes in the sheet that appears.
• To change the picture or other capabilities, click the Picture, Login Options, Allow User to Administer This Computer (to enable or disable administrator privileges), or Enable Parental Control check box (more on this in a moment) and make the appropriate changes.
To change a user, you must be logged in using an account that has administrator powers.
5. Quit the System Preferences application or choose a different System Preferences pane.
Your changes are saved when you leave the Users & Groups pane.
Removing a user
To delete a user — in effect, to deny that user access to your Mac — select the user you want to delete in the list of accounts and click the – button. A sheet appears, offering three choices:
Save the Home Folder in a Disk Image saves a disk image of the user’s Home folder in a folder named Deleted Users (which it creates inside the Users folder).
Don’t Change the Home Folder removes the user from the Users & Groups System Preferences pane and login screen but leaves that user’s Home folder in the Users folder. (Deleted) is appended to the folder’s name, so if I had selected this option in the previous example, Steve Wozniak’s Home folder would be renamed Steve (Deleted).
Delete the Home Folder does what it says. You have the option of a secure erase (the contents get overwritten multiple times) if you select this option.
To remove a user from your Mac, you must be logged in using an account that has administrator permissions. And you can’t remove the first user ever created on this Mac.
Limiting a user’s capabilities
Sometimes — especially with younger children, computerphobic family members, or employees in a small business — you want to limit what users can access. For example, you might want to make certain programs off-limits. You do this by clicking the Parental Controls button in the Users & Groups System Preferences pane.
1. Choose ⇒System Preferences (or click the System Preferences icon in the Dock).
The System Preferences window appears.
2. In the System Preferences window, click the Users & Groups icon.
The Users & Groups Preference pane appears.
3. Click the user’s name to select it, click the Enable Parental Controls check box, and then click the Open Parental Controls button.
Note that clicking the Open Parental Controls button without first selecting the Enable Parental Controls check box puts you in the Parental Controls Preference pane with a button front and center for you to click to turn Parental Controls on. So either select the check box as instructed or click the Enable Parental Controls button here.
To change any of these items, you must be logged in using an account that has administrator powers, and the account you’re modifying can’t have administrator powers.
The Parental Controls System Preferences pane for that person appears with five tabs: Apps (shown in Figure 16-6), Web, People, Time Limits, and Other.
4. Set the controls in each of the five tabs.
• Apps: Determine which applications the user may access. Set whether she can modify the Dock. Also determine whether she’s restricted to a very limited and simplified Finder interface.
• Web: Control access to websites.
• People: Determine whether Mail or Messages (or both) communicants will be limited to a specified list. This option also lets you notify someone (usually yourself) when the user tries to exchange e-mail with a contact not in the approved list. You can also maintain a log of all Messages text conversations.
• Time Limits: Set time limits for weekdays and weekends and prevent access to this computer during specified hours on school nights and weekends. School night doesn’t take vacations or holidays into consideration.
• Other: Determine whether profanity is hidden during Dictionary access, control whether the user can add or remove printers or modify printer settings, prevent (or allow) burning CDs and DVDs in the Finder, and control whether the user is allowed to change his password.
5. Quit the System Preferences application or choose a different System Preferences pane.
Your changes are saved when you leave the Parental Controls pane.
Figure 16-6: You can control an account’s access in five categories (the Apps tab is shown here).
A quicker way to set or change Parental Controls for an already-existing account is to click the Parental Controls icon in the System Preferences application (instead of Users & Groups).
Last but not least, you can apply Parental Controls to the Guest Account, but you can’t apply them to any account that has administrator permissions.
To turn off Parental Controls for a Managed account, navigate to the Parental Controls System Preferences pane, select the account in the list on the left, click the Action menu at the bottom of the list (the one that looks like a gear), and choose Turn off Parental Controls for <username>.
If you want to apply the same Parental Controls settings to more than one user, set them as just described for the first user and then select that account in the Accounts list in Parental Controls, click the Action menu, and choose Copy Settings. Then select the user you want to have the same settings, click the Action menu, and choose Paste Settings.
OS X knows best: Folders shared by default
When you add users in the Users & Groups System Preferences pane as I describe earlier, OS X automatically does two things behind the scenes to facilitate file sharing: It creates a set of folders, and it makes some of them available for sharing.
Each time you add a Managed, Standard, or Administrator user, OS X creates a Home folder hierarchy for that user on the Mac. The user can create more folders (if necessary) and also add, remove, or move anything inside these folders. Even if you create a user account solely to allow him or her to exchange files with you, your Mac automatically creates a Home folder for that user. Unless you, as the owner of your Mac, give permission, the user can’t see inside or use folders outside the Home folder (which has the user’s name), with only three exceptions: the Shared folder in the Users folder, the top level of other user account folders, and the Public folders in every other user’s folder, as well as the Shared folder within the Users folder. A description of the latter follows:
Public: A Public folder is located inside each user’s folder. That folder is set up to be accessible (shared) by any user who can log in to the Mac. Furthermore, any user can log in (as a guest) and copy things out of this folder as long as she knows your Mac’s IP address, even if she doesn’t have an account on this Mac at all. Files put into the Public folder can be opened or copied freely.
It’s not hard for someone to obtain your IP address. For example, when you visit most web pages, your IP address is saved to that site’s log file. So be careful what you put in your Public folder. This is also an excellent reason to employ a firewall. Mavericks has an excellent software implementation available via the Firewall tab in Security & Privacy System Preferences (see Chapter 18), and most routers (for example, AirPort Extreme) include a hardware firewall.
Inside each user’s Public folder is a Drop Box folder. As the name implies, this folder is where others can drop a file or folder for you. Only the owner can open the Drop Box to see what’s inside — or to move or copy the files that are in it. Imagine a street-corner mailbox; after you drop your letter in, it’s gone, and you can’t get it back out.
Shared: In addition to a Public folder for each user, OS X creates one Shared folder on every Mac for all users of this Mac. The Shared folder isn’t available to guests, but it’s available to all users who have an account on this machine. You find the Shared folder within the Users folder (the same folder where you find folders for each user). The Shared folder is the right place to put stuff that everyone with an account on this Mac might want to use. (Check out my introduction to the Mac OS Mavericks folder structure in Chapter 6.)
Sharing a folder or disk by setting permissions
As you might expect, permissions control who can use a given folder or any disk (or partition) other than the startup disk.
Why can’t you share the startup disk? Because OS X won’t let you. Why not? Because the startup disk contains the operating system and other stuff that nobody else should have access to.
Throughout the rest of this chapter, whenever I talk about sharing a folder, I also mean sharing disks and disk partitions other than your startup disk (which, when you think of it, are nothing more than big folders anyway). Why am I telling you this? Because it’s awkward to keep typing a folder or any disk (or partition) other than your startup disk. So anything that I say about sharing a folder also applies to sharing any disk (or partition) other than your startup disk. Got it?
You can set permissions for
The folder’s owner.
A subset of all the people who have accounts on the Mac (a group).
Everyone who has the Mac’s address, whether they have an account or not (guests).
To help you get a better handle on these relationships, a closer look at permissions, owners, and groups is coming right up.
When you consider who can use which folders, three distinct kinds of users exist on the network. I describe each of them in this section. Then, in the “Useful settings for permissions” section, later in this chapter, I show you how to share folders with each type of user. Here’s a quick introduction to the different user types:
Owner: The owner of a folder or disk can change the permissions to that folder or disk at any time. The name you enter when you log in to your Mac — or the name of your Home folder — is the default owner of Shared folders and drives on that machine. Ownership can be given away (more on that in the “Useful settings for permissions” section, later in this chapter). Even if you own the Mac, you can’t change permissions for a folder on it that belongs to another user (unless you get UNIXy and do so as root). The owner must be logged in to change permissions on his folders.
OS X is the owner of many folders outside the Users folder. If OS X owns it, you can see that system is its owner if you select the folder and choose File⇒Get Info (or press +I).
Folders that aren’t in the User directories generally belong to system; it’s almost always a bad idea to change the permissions on any folder owned by system.
If you must change permissions on a file or folder, select its icon and choose File⇒Get Info (shortcut: +I) and then change the settings in the Sharing & Permissions section at the bottom of the resulting Get Info window. I urge you not to change permission settings if you’re not absolutely sure of what you’re doing and why.
Group: In Unix systems, all users belong to one or more groups. The group that includes everyone who has an account with administrator permissions on your Mac is called Admin. Everyone in the Admin group has access to Shared and Public folders over the network, as well as to any folder that the Admin group has been granted access to by the folder’s owner.
For the purpose of assigning permissions, you can create your own groups the same way you create a user account: Open the Users & Groups System Preferences pane, click the little plus sign, choose Group from the New Account pop-up menu, type the name of the group, and then click the Create Group button.
The group appears in the list of users on the left, and eligible accounts appear with check boxes on the right, as shown in Figure 16-7.
Figure 16-7: This group, Outsiders, contains my Bobcat and Miss Kitty accounts.
Everyone: This category is an easy way to set permissions for everyone with an account on your Mac at the same time. Unlike the Admin group, which includes only users with administrative permissions, this one includes, well, everyone (everyone with an account on this Mac, that is).
If you want people without an account on this Mac to have access to a file or folder, that file or folder needs to go in your Public folder, where the people you want to see it can log in as guests.
Sharing a folder
Suppose you have a folder you want to share, but it has slightly different rules than those set up for the Public folder, for the Drop Box folder within the Public folder, or for your personal folders. These rules are permissions, and they tell you how much access someone has to your stuff.
Actually, the rules governing Shared and Public folders are permissions, too, but they’re set up for you when OS X is installed.
I suggest that you share only folders located in your Home folder (or a folder within it). Because of the way Unix works, the Unix permissions of the enclosing folder can prevent access to a folder for which you do have permissions. Trust me, if you share only the folders in your Home folder, you’ll never go wrong. If you don’t take this advice, you could wind up having folders that other users can’t access, even though you gave them the appropriate permissions.
By the way, you can set permissions for folders within your Public folder (like the Drop Box folder) that are different from those for the rest of the folder.
I said this before, but it bears repeating: Whenever I talk about sharing a folder, I also mean sharing disks — and disk partitions other than your startup disk (which you just can’t share, period). So don’t forget that anything I say about sharing a folder also applies to sharing any disk (or partition) other than your startup disk. Though you can’t explicitly share your startup disk, anyone with administrator access can mount it for sharing from across the network (or Internet).
To share a folder with another user, follow these steps:
1. Choose ⇒System Preferences (or click the System Preferences icon in the Dock).
The System Preferences window appears.
2. In the System Preferences window, click the Sharing icon.
The Sharing System Preferences pane appears.
3. Click File Sharing in the list of services on the left.
The lists of shared folders and their users appear on the right, as shown in Figure 16-8.
If an entry in, for example, the Shared Folders list is too long for you to make out the folder name, hover your pointer over it, and a tooltip will appear, giving you the full name.
Figure 16-8: Changing the privileges of the Recipes folder for the group Everyone.
4. Click the + (plus) button under the Shared Folders list or drag the folder from the Finder onto the Shared Folders list to add the folder you want to share (Recipes in Figure 16-8).
If you select the Shared Folder check box in a folder’s Get Info window, that folder already appears in the list of Shared Folders, so you won’t have to bother with Step 4.
Alas, although checking the Shared Folder check box in a folder’s Get Info window causes it to appear in the Sharing System Preferences pane’s Shared Folders list, you still have to complete the steps that follow to assign that folder’s users and privileges.
5. Click the + (plus) button under the Users column to add a user or group if the user or group you want isn’t already showing in the Users column.
6. Click the double-headed arrow to the right of a user or group name and change its privileges.
I’m changing the permission for Everyone from Read Only (checked in Figure 16-8) to Read & Write (selected in Figure 16-8). You can choose among three types of access (in addition to no access) for each user or group, as shown in Table 16-1. If you’re the folder’s owner (or have administrator access), you can click the padlock icon and change the owner and/or group for the file or folder.
Table 16-1 Privileges
What It Allows
Read & Write
A user with Read & Write access can see, add, delete, move, and edit files just as though they were stored on her own computer.
A Read Only user can see and use files that are stored in a Shared folder but can’t add, delete, move, or edit them.
Write Only (Drop Box)
Users can add files to this folder but can’t see what’s in it. The user must have read access to the folder containing a Write Only folder.
With no permissions, a user can neither see nor use your Shared folders or drives.
Useful settings for permissions
The following sections show you just some of the most common ways that you can combine permissions for a folder. You’ll probably find one option that fits the way you work and the people you want to share with.
Owner permissions — in this case, single silhouette; Bob LeVitus (Me) in Figure 16-9 — must be at least as expansive as Group permissions (double silhouette; Staff in Figure 16-9), and Group permissions must be at least as expansive as Everyone’s permissions (triple silhouette; Everyone in Figure 16-9). So to set the Everyone privilege to Read & Write, the Group and Owner privileges must also be set to Read & Write.
In the following examples, I show how to set permissions in the Sharing System Preferences pane. Another way to set permissions is by selecting an icon in the Finder and choosing File⇒Get Info (shortcut: +I) and then changing the settings in the Sharing & Permissions section at the bottom of the resulting Get Info window. The two methods are pretty much interchangeable, so you can use whichever is more convenient.
Allow everyone access: In Figure 16-9, I configure settings that allow everyone on a network to access the Bob’s Downloads folder. Everyone can open, read, and change the contents of this Shared folder. Do this by choosing Read & Write for Others from the pop-up menu to the right of the user’s name in the Sharing System Preferences pane or the folder’s Get Info window.
Figure 16-9: Allow everyone access, if you want.
Allow nobody but yourself access: The settings shown in Figure 16-10 reflect appropriate settings that allow owner-only access to the Bob’s Downloads folder. No one but me can see or use the contents of this folder. Members of the Staff group can drop files and folders into this folder (see the later bullet “Allow others to deposit files and folders without giving them access: A drop box”). Use the pop-up menus to choose Write Only (Drop Box) as the Staff privilege and No Access as the Everyone privilege.
Figure 16-10: Allow access for no one but the folder’s owner.
Allow all administrative users of this Mac access: Check out Figure 16-11 to see settings that allow the group Staff (in addition to the owner, Bob LeVitus) access to see, use, or change the contents of the Bob’s Downloads folder. Use the pop-up menu to choose Read & Write for the Staff privilege.
Allow others to deposit files and folders without giving them access: A drop box: The settings in Figure 16-12 enable everyone to drop their own files or folders in the Bob’s Downloads folder without being able to see or use the contents of the Shared folder. After a file or folder is deposited in a drop folder, the dropper can’t retrieve it because she doesn’t have permission to see the items in the drop folder.
Figure 16-11: Allow access for the Staff group and the folder’s owner.
Figure 16-12: Everyone can drop files and folders into this folder.
Read-only bulletin boards: If you want everyone to be able to open and read the files and folders in this Shared folder — but not to modify them — choose Read Only from the pop-up menus for Group and Others. If you do this, however, only the owner can make changes to files in this folder.
One more privilege: The Apply to Enclosed Items button, at the bottom of the Sharing and Permissions section of Get Info windows in the Finder, does exactly what its name implies. This feature (which is only available in Get Info windows and doesn’t appear in the Sharing System Preferences pane) is a fast way to assign the same permissions to many subfolders at the same time. After you set permissions for the enclosing folder the way you like them, click this button to give these same permissions to all folders inside it.
What is true of Get Info windows is also true of their Inspector window variant. Show Inspector replaces Get Info on the File menu when the Option key is pressed (also Option++I).
Be careful — there is no Undo for this action.
Unsharing a folder
To unshare a folder that you own, change the permissions for every other user and/or group to No Access. When you do, nobody but you has access to that folder. If you’re not sure how to do this, see the “Sharing a folder” and “Useful settings for permissions” sections, earlier in this chapter.
Connecting to a Shared Disk or Folder on a Remote Mac
After you set up sharing and assign permissions, you can access folders remotely from another computer. (Just make sure first that you have the correct administrative permissions to it.)
File sharing must be activated on the Mac where the shared files/folders reside; it doesn’t have to be activated on the Mac that’s accessing the files/folders. When file sharing is turned off, you can still use that Mac to access a remote Shared folder on another machine as long as its owner has granted you enough permissions and has file sharing enabled. If file sharing is turned off on your Mac, others won’t be able to access your folders, even if you’ve assigned permissions to them previously.
If you’re going to share files, and you leave your Mac on and unattended for a long time, logging out before you leave it is a very good idea. This prevents anyone who just walks up to your Mac from seeing your files, e-mail, applications, or anything else that’s yours — unless you’ve given that person a user account that has permissions for your files. If you don’t want to log out, at least consider requiring that your password be entered when waking from sleep or dismissing the screen saver (General tab of Security & Privacy System Preferences).
On to how to access your Home folder from a remote Mac — a supercool feature that’s only bound to get more popular as the Internet continues to mature.
The following steps assume that you have an account on the remote Mac, which means you have your own Home folder on that Mac.
To connect to a Shared folder on a Mac other than the one you’re currently on, follow these steps:
1. Make sure that you’re already set up as a user on the computer that you want to log in to (Lisa & Jacob’s Eye Mac, in this example).
If you need to know how to create a new user, see the “Creating users” section, earlier in the chapter.
2. On the computer that you’re logging in from (my MacBook Pro in this example), click the Show button to show the Shared section in the Sidebar if it’s not already showing.
(The button says Hide in Figure 16-13 because the shared section is showing.)
All available servers appear. (There are three in Figure 16-13 — Big Mac the Mac Pro, Bob’s Time Capsule, and Lisa & Jacob’s Eye Mac.)
3. Click the name of the remote Mac (Lisa & Jacob’s Eye Mac) you want to access in the Sidebar.
At this point, you’re connected to the remote Mac as a guest, as shown in Figure 16-13.
Figure 16-13: Connected to Lisa & Jacob’s Eye Mac as a guest.
4. Click the Connect As button.
The Connect dialog appears. The name of the person logged in on Bob L’s MacBook Pro automatically appears in the Name field (my account name, bobl, in Figure 16-14).
If that’s not your username on the Mac you’re trying to access, type that username in the Name field.
If you select the Remember This Password in My Keychain check box in the Connect dialog, OS X remembers your password for you the next time you connect to this server. Sweet!
5. Select the Guest radio button if you don’t have an account on the remote computer and then click Connect; if you’re logging in as a user, skip to Step 6.
Pressing +G is the same as selecting the Guest radio button, and pressing +R is the same as selecting the Registered User radio button.
Figure 16-14: The Connect dialog needs my password.
As a guest user, you see Public Folders for users who have accounts on Lisa & Jacob’s Eye Mac (Lisa LeVitus, Bob LeVitus, and Jacob in Figure 16-13) but nothing else.
6. Type your password and click the Connect button.
After you’ve connected as a registered user, you see your Home folder (bobl in Figure 16-15) and everyone else’s Public folders.
Figure 16-15: Connecting to Lisa & Jacob’s Eye Mac as Bob LeVitus (bobl).
File sharing must be active on Lisa & Jacob’s Eye Mac (the Mac I’m accessing remotely in the example). If file sharing weren’t active on Lisa & Jacob’s Eye Mac, its name wouldn’t appear in the Shared section of the Sidebar, and I wouldn’t be able to connect to it. But file sharing doesn’t have to be active on the computer you’re using (Bob L’s MacBook Pro in this example) to give you access to the remote computer and make this trick work.
When you access your Home folder on a remote Mac as I've done in this example, you see an icon with the short name of your Home folder on that Mac (bobl in Figure 16-16) on the Desktop of the Mac you're using (unless you've deselected Connected Servers in the Finder's General Preferences pane, under Show These Items on the Desktop).
7. When you finish using the remote Mac, disconnect by using one of these methods:
• Drag the shared-volume icon (bobl in Figure 16-16) to the Eject icon in the Dock.
When a disk or volume is selected (highlighted), the Trash icon turns into a little arrow, which represents eject. Nice touch, eh?
• Right-click or Control-click the shared volume icon and choose Eject from the contextual menu that appears.
• Select the shared-volume icon and choose File⇒Eject.
• Select the shared-volume icon and press +E.
Figure 16-16: Accessing my Home folder on Lisa & Jacob’s Eye Mac remotely.
• In a Finder window Sidebar, click the little Eject symbol to the right of the remote computer’s name (Lisa & Jacob’s Eye Mac in Figure 16-16).
• If you’ve finished working for the day, and you don’t leave your Mac on 24/7 (as most folks do), choose ⇒Shut Down or Log Out. Shutting down or logging out automatically disconnects you from shared disks or folders. (Shut Down also turns off your Mac.)
Changing Your Password
You can change your password at any time. Changing your password is a good idea if you’re concerned about security — for example, if there’s a chance your password has been discovered by someone else.
You can change the password for your account on your own Mac, or you can change the password you use to connect to your account on a remote Mac. I show you how to do both in the following sections.
Changing your account password on your Mac
To change the password on your own Mac, just follow these steps:
1. Choose ⇒System Preferences, or double-click its icon in your Applications folder and click the Users & Groups icon.
The Users & Groups System Preferences pane appears.
2. Select your account in the list on the left.
Your account information appears in the area on the right.
3. Click the Change Password button.
A sheet drops down.
4. Type your current password in the Old Password field.
This demonstrates that you are who you’re supposed to be, not someone who just walked up to your unattended Mac.
5. Type your new password in the New Password field.
6. Retype your new password in the Verify field.
7. (Optional but recommended) Type a hint in the Password Hint field.
8. Click the Change Password button.
Assuming that you entered your old password correctly, the sheet disappears.
9. Close the System Preferences window.
Changing the password of any account but your own on your Mac
To change a password on your own Mac, just follow these steps:
1. Choose ⇒System Preferences or double-click its icon in your Applications folder and click the Users & Groups icon.
The Users & Groups System Preferences pane appears.
You may have to click the lock (at bottom left), supply an administrator name and password in the resulting dialog, and then click OK before you can proceed.
2. Select the account you want to change the password for in the list on the left.
The account information appears in the area on the right.
3. Click the Reset Password button.
A sheet drops down.
4. Type the new password in the New Password field.
5. Retype the new password in the Verify field.
6. (Optional but recommended) Type a hint in the Password Hint field.
7. Click the Reset Password button.
8. Close the System Preferences window.
Changing the password for your account on someone else’s Mac
When you log in to a remote Mac, you can change your own password if you like. Follow these steps to do so:
1. Log in to the remote computer on which you want to change your password.
See the “Connecting to a Shared Disk or Folder on a Remote Mac” section, earlier in this chapter, if you don’t know how to log in to a remote computer.
The Connect dialog appears.
2. Type your username in the Connect dialog, if it’s not already there.
3. Click the Change Password button in the bottom-left corner of the dialog.
A sheet for changing your password appears.
4. Type your current password in the Old Password field.
5. Type your new password in the New Password and Verify fields.
You can use the Password Assistant (the little key to the right of the New Password text box) to help you generate a secure password.
6. Click the Change Password button.
Your password is changed, and you return to the Connect dialog.
7. (Optional) Type your new password and click Connect to log in to the other Mac.
You can skip this step by clicking the Cancel button in the Connect dialog if you don’t need to use anything on the remote Mac at this time. Your password is still changed, and you need to use the new password the next time you log in to this Mac.
Select the Add Password to Keychain check box in the Connect dialog to store your passwords in a single place on the Mac; this way you don’t have to retype them each time you access a Mac or other remote resource. (Read more about the Keychain in Chapter 19.)
More Types of Sharing
Several more types of sharing exist, and I’d like to at least mention a few in passing. All are found in (where else?) the Sharing System Preferences pane, which you can find by launching the System Preferences application (from the Applications folder, menu, or Dock) and clicking the Sharing icon.
Here’s the sharing that I consider the coolest. Screen Sharing lets you control another Mac on your network from your Mac. In essence, you see the other Mac’s screen on your Mac — and control it using your mouse and keyboard.
To set up Screen Sharing on the Mac you want to control remotely, follow these steps:
1. Open the Sharing System Preferences pane by launching the System Preferences application (from the Applications folder, , Launchpad, or Dock) and clicking the Sharing icon.
2. Select the check box for Screen Sharing in the list of services on the left.
3. Click either the All Users or Only These Users radio button.
If you clicked Only These Users, click the + button and add the user or users you want to allow to control this Mac remotely. Notice that the Staff group is included by default.
To take control of your Mac from another Mac, follow these steps:
1. Click the now-you-see-it-now-you-don’t Show tag to the right of Shared to open the Shared section in the Sidebar, if it’s not already open.
All available servers appear.
2. Click the name of the remote Mac you want to control.
3. Click the Share Screen button.
Depending on whether you clicked the All Users or Only These Users radio button, you may have to enter your name and password, and then click the Connect button.
A window with the name of the remote Mac in its title bar appears. In it, you see the screen of the Mac you’re looking to control remotely.
4. Go ahead and click something.
Pull down a menu or open a folder. Isn’t that cool? You’re controlling a Mac across the room or in another room with your mouse and keyboard!
Web Sharing enables others to share documents on your computer through the web. You can set up a website just by adding Hypertext Markup Language (HTML) pages and images to the Sites folder in your Home folder, and then activating Web Sharing in the Sharing pane of System Preferences.
In a perfect world, that would be all it would take. To get it to work, however, you may need to modify settings for your network, router, firewall, DNS server, and other web publishing-related minutiae.
Web Sharing works only while your Mac is connected to the Internet or an internal network, and it requires the speed of a direct connection. If you use a modem and connect to the Internet by dialing up, this capability won’t be a lot of use to you.
Furthermore, even if you keep your Mac connected to the Internet 24 hours a day with a Digital Subscriber Line (DSL) or cable-modem connection, using this feature could violate your agreement with your Internet service provider (ISP) because some ISPs prohibit you from hosting a website. Also, most cable and DSL connections use dynamic IP address assignment through Dynamic Host Configuration Protocol (DHCP), which means your IP address will change from time to time.
On the other hand, some ISPs don’t care whether you run a website. Check with yours if you’re concerned. I do turn on this feature occasionally, but (because I don’t use it 24/7) I never bothered to check with my ISP. Do me a favor, and don’t rat me out.
If your Mac has an Internet connection and another Mac nearby doesn’t, you can enable Internet Sharing, and the other Mac can share your Internet connection. The following steps show you how:
1. Open the Sharing System Preferences pane by launching the System Preferences application (from the Applications folder, menu, Launchpad, or Dock) and clicking the Sharing icon.
2. Select the Internet Sharing check box in the list of services on the left.
3. Choose the connection you want to share — AirPort, FireWire, or Ethernet — from the Share Your Connection From pop-up menu.
4. Select the check boxes next to connections other computers will use — Wi-Fi, Ethernet, or Built-In FireWire.
Figure 16-17 shows Internet Sharing configured to share my Ethernet Internet connection with another Mac by using Wi-Fi.
Figure 16-17: Sharing my wired (Ethernet) Internet connection with another Mac using Wi-Fi.
5. (Optional) Click the Wi-Fi Options button to name, select a wireless channel for, enable encryption for, and/or set a password for your shared network.
That’s all there is to it.
And yet more ways to share
A few more cool ways to share your Mac include
DVD or CD Sharing: When you select this one, remote users can access CDs and DVDs in your Mac’s optical drive(s). You can select to have Mavericks notify you and request permission when a remote user makes such a request. This feature is especially handy if you have two or more Macs and one doesn’t have an optical drive.
Printer Sharing: If you turn on Printer Sharing in the Sharing System Preferences pane, other people on your local network can use any printer connected to your computer.
Scanner Sharing: Analogous to Printer Sharing, Scanner Sharing allows others on your local network to use scanners connected to your Mac.
Bluetooth Sharing: If you have a Bluetooth mobile phone or PDA and your Mac has Bluetooth, you can configure many of the default behaviors for transferring files to and from your Mac. A picture is worth a thousand words, so Figure 16-18 shows all the things Bluetooth Sharing lets you configure.
Figure 16-18: Configure items for Bluetooth file transfers between your phone and Mac.