Apple has made some major improvements in Leopard when it comes to creating and managing user accounts, file sharing and remote access. The biggest change, though, is something most Macintosh users may never see because it was accomplished so seamlessly: Apple has retired the proprietary NetInfo database that has stored and managed local accounts since the beginning of Mac OS X.
Closer to the surface, other changes include the ability to control which folders are shared and how to organize users into groups. These features actually existed on Macs before the advent of Mac OS X but then disappeared until now.
Groups and other new account types
If you're a long-time Mac user who remembers life before Mac OS X, you may remember that the File Sharing control panel in Mac OS 9 let you turn on file sharing and lcreate users and groups of users that could connect to your Mac and access your shared folders. Although Mac OS X has been a multiuser operating system in ways that Mac OS 9 never was, Mac OS X has never allowed users to create groups -- at least not easily. Finally, in its sixth release, Mac OS X now includes the ability to create groups, a handy way of placing multiple users into one "container" with a single name. Once users are added to a group, you can use that group to assign permissions to files and folders and to allow access to remote-sharing services.
Groups make it much easier to configure permissions for files that you want to share with other people who use your Mac, as well as for anyone you want to be able to access your machine remotely.
In addition to groups, Leopard offers new types of individual user accounts: a standard Guest account, which is automatically created but not enabled when Leopard is installed; a sharing-only account, which lets someone access your Mac remotely for services like file sharing but not log into your Mac to run applications; and accounts managed with parental controls. These three join the previously used standard access and administrator account types.
Leopard automatically creates and lists a Guest account in the "Other Accounts" section of the accounts list. The Guest account allows people who do not have a user account to access your Mac. The Guest account can be enabled for log-in access -- for instance, people can log into the computer and run applications -- and/or for remote access to shared folders. Each option can be enabled separately after selecting the Guest account in the accounts list. Allowing log-in access can be helpful if you have friends or family members visiting who want to be able to check their e-mail via the Web, browse the Internet, type a letter and so on. With the Guest account, users have access to all of the Mac's features but don't need access to anyone's account. This keeps all your information private while letting visitors use the computer.
When someone logs out of the Guest account, the contents of its home folder -- including Web browser history, application settings and files -- are deleted. This makes the Guest account helpful in public situations, such as schools, libraries or business kiosks, as well as at home. You can also apply Leopard's new parental controls to Guest accounts.
When used for file sharing, the Guest account allows anyone who can connect to your computer access to shared folders. While this may make sharing items easier since you don't need to worry about setting up user accounts, it can also expose any files you share to anyone who can see your Mac over a network. It's a major security risk -- especially if your Mac is connected to an unsecured wireless network or to the Internet without some blocking mechanism, such as a router.
Although Guest access is an option for file sharing, you are always safer configuring user accounts, particularly for portable Macs that use public Wi-Fi networks. If you do allow Guest access, be sure to limit which shared folders guests can get into.