TITLE
    Mac OS X Server: Managing Users and Groups With NetworkManager.app
Article ID:
Created:
Modified:
60025
12/3/98
11/2/00

TOPIC

    NetworkManager.app is used to configure users, groups, file sharing, computers, and other services. This article explains how to use NetworkManager.app to set up users and groups.


DISCUSSION

    If you are unfamiliar with NetInfo domains, please see the following article:

    Article 30832 " Mac OS X Server: Basic Introduction To NetInfo Domains ."

    The NetworkManager application (/System/Administration/NetworkManager.app) is used to configure computers, users, and groups in a NetInfo environment. It allows the System Administrator (root) to make changes network wide or to a specific domain. This is in contrast to other Unix-based systems where users have to be added to each computer.

    Note : Changes made with the NetworkManager application require the System Administrator's (root) password for the domain being configured. This may be for the local domain (an individual computer), or it may be the root domain (the entire network of computers). Do not try to make changes to domains you do not have access to.

    Selecting The Correct Domain

    Note: If the computer is not part of a NetInfo network, please skip to the next section.

    NetworkManager allows you to make modifications network wide, so you must select the domain you want to change. If the computer is not part of a NetInfo network, the local domain is the only one available to edit. If the computer is part of a NetInfo network, any domain you have permission to edit may be selected.

    Select a domain to edit by typing its name in the field titled Domain: at the top of the frontmost NetworkManager window. To see a list of the domains available for editing, click the disclosure triangle to the left of the Domain field. Click on a domain name in the list to select it, or type its name in the Domain field.

    Once the domain you wish to edit appears in the Domain field, you may add or edit computers, users, and groups of users to NetInfo using the NetworkManager application.

    Before we begin, a quick word on button conventions: A button with a star is for a new item; a button with a pencil is for editing an item; buttons with the international symbol for "no" are for deleting an item; and buttons with a pencil and outline are for editing default profiles. Finally, buttons with one face are for users, and buttons with two faces are for groups.

    Why Add Users?

    Unlike the traditional Mac OS, Mac OS X Server is based on a Unix-compatible operating system. This creates the need for a paradigm shift for those who are familiar only with the Mac OS. Mac OS X Server is a multi-user environment. So, the operating system must have a way to identify users, and what they have access to. Mac OS X Server identifies a user with a login and password. Once identified, the user has access to the appropriate files and directories. A user is added anytime a new person needs access the system.

    There are two types of users in Mac OS X Server. The first is more similar to traditional Mac OS users, because they are local. Local users exist only on one computer. They may still have access to network applications, but they do not have stored space on a server.

    Network users are much more flexible. In contrast to local users, network users live on a server. Their files and programs are stored there. They generally have limited access to local files and directories. Network users are able to login to any computer that is on the NetInfo network to which they were added.

    Managing Users

    To add a new user open NetworkManager. Click on the Users and Group button. It is the top button on the left-hand side of the window and has the word "Users" under it.

    With the Users button selected, two tabs become visible. The first is Users and the second is Groups of Users. Select the Users tab.

    If the system is just being configured, there is only one user, named Nobody. More users can be seen by checking the Show System Users checkbox. Note : These users should not be tampered with except by an experienced administrator.

    Click the new user button and the newuser window opens. It is important to fill in all of the fields. Do not change the User ID, Login Shell, and Home Directory unless necessary. Note : New users are able to change their passwords after their initial login by opening Preferences.app and selecting the Security option.

    At this time it is also possible to add the user to any preexisting groups by clicking the Add... button and selecting the group. The wheel group allows users to become the root user if they have the root password. This privilege should only be given to trusted users! It is also possible to add users to a group by clicking on the new group button.

    Managing Groups

    You manage groups by clicking on the Groups of Users tab.

    Clicking on the new group button brings up the new group window. Type in the name of the new group and use the Add User button to add existing users to the group. Editing and deleting users can be done with the appropriate buttons. Note : Do not delete preexisting groups.

    Giving Network Users Root Access

    In normal network operation, most users login to their computer through their network user login. However, it is sometimes necessary to have System Administrator (root) access to the local computer. This can be accomplished by adding the network user to the local computer's wheel group. The wheel group allows users to substitute user identity--"su"--to root in a terminal window if they have the root password. This privilege should only be giving to trusted users!

    The first step is to click the Groups of Users tab in the Users section of the NetworkManager. Then double-click on the group the user is to be added to, in this case wheel. In the window that opens click Add User.

    Scroll through the list of users to find the user to be added, and double-click it.

    Close the window, save changes and enter the root password for the domain that you are making the change to. The user now has permission to "su" to the root user for that domain. Currently, a user can only "su" to a user by using the terminal window.

Document Information
Product Area: Mac OS System Software
Category: Mac OS X Server
Sub Category: General Topics

Copyright © 2000 Apple Computer, Inc. All rights reserved.