Previous 1 2 Next 16 Replies Latest reply: Feb 13, 2014 7:43 AM by clbobman Branched to a new discussion.
cmr&xpg Level 1 Level 1 (0 points)

Hi

 

Who can explain to me what are the groups "staff", "system", "admin",  I saw "wheel" also, and others

What is their meaning and what is their action ?

 

Thanks


iMac, Macbook Pro, iPod-nano, iPod-touch, iPhone, Mac OS X (10.6.6)
  • kurt188 Level 4 Level 4 (1,335 points)

    Read this document for an overview: https://support.apple.com/kb/HT2963

  • cmr&xpg Level 1 Level 1 (0 points)

    Thank you for this help.

    But what I'm looking for is information and explanation about specific groups like "Wheel", "System", "Admin" etc...

    and what role they have.

     

    Thanks for this.

  • kurt188 Level 4 Level 4 (1,335 points)

    That is explained in that document, if you read the whole thing. If not, I would urge you to do that. If you're looking for granular detail on all the possible uses of those groups, you're not likely to find it; it's a general guide, since assigning things to specific groups is left to Apple for the OS, and application developers.

  • R C-R Level 6 Level 6 (15,790 points)

    cmr&xpg wrote:

     

    But what I'm looking for is information and explanation about specific groups like "Wheel", "System", "Admin" etc...

    and what role they have.

    Their role is to control access to files & procedures to improve the security, privacy, & robustness of the OS.

     

    "System" is the root user with almost unlimited access. Accordingly, it is a member of most groups. "Wheel" is a group that has special privileges that are basically a subset of system's. "Admin" is similar, but with far fewer privileges.

  • WZZZ Level 6 Level 6 (12,685 points)

    cmr&xpg wrote:

     

     

    But what I'm looking for is information and explanation about specific groups like "Wheel", "System", "Admin" etc...

    and what role they have.

     

    Although I can't find one document that puts this all together, do a search using "OS X groups root, wheel, admin, staff." You'll find some helpful links which will give you the basic idea. Ignore any discussion of NetInfo Manager, which has been dropped beginning with Leopard and now Snow Leopard.

  • Király Level 6 Level 6 (9,560 points)

    You really don't need to worry about these groups.

     

    Thhey are a carryover from the UNIX systems that have been used for decades in institutions like universities, where there may be dozens or hundreds of different groups set up by the system administrators, to manage thousands of individual users with thousands of computers.

     

    On a home computer running OS X, there still are the traditional groups like system, staff, wheel, etc. They re used by the internal workings of the system and you really don't need to worry about them. DO NOT try to change them, delete them, add or remove users to/from them, etc.

     

    The only groups you really need to concern yourself with are the admin group, and any custom groups you choose to make for the purposes of sharing files between your account and any other local accounts.

     

    The root user is the superuser with unlimited privileges.

    Users in the admin group can do many things to administer the system, and can elevate themselves to root (unlimited privileges) simply by authenticating with their own password.

    Users who are not in the admin group can only modify files in their own home folders. They cannot delete or change any other user's files, nor can they modify any global system settings.

     

    That's all you really need to know.

  • fane_j Level 4 Level 4 (3,660 points)

    cmr&xpg wrote:

     

    But what I'm looking for is information and explanation about specific groups like "Wheel", "System", "Admin" etc... and what role they have.

    You won't find explanations of that sort in the Apple KB doc you were referred to (because, contrary to what you've been told, they aren't there), and probably not in any KB doc.

     

    It's one of those, "if you don't know, you don't need to know" things. They're not specific to Mac OS X, but come from its Unix foundation; for the average user, they're mostly trivial, and in part of only historic value.

     

    For instance, the "wheel" group (the name comes from the colloquial phrase "big wheel") designated a user elite whose members could assume root privileges with the su command. Since Tiger, this is no longer possible in Mac OS X, so "wheel" is now essentially the same thing as "admin".

     

    All you need to know is that there are three levels -- the root user, who can do anything, including completely destroy the OS; the admin users, who can do much of what the root user can, but, in theory, should not be able to destroy the OS; and the rest (aka οἱ πολλοί), who can work with, but (in theory) not damage the OS. (There is actually a fourth level, the nobody user, who can do very little indeed, but… you see how quickly it becomes complicated?)

     

    If you want all the gory and historical details, you can google for it, check Wikipedia

     

    <http://en.wikipedia.org/wiki/Wheel_(Unix_term)>

     

    or try to find a Unix (particularly BSD) history or manual with a good historical section.

     

    You can also find a few skimpy details in Apple's Developer library.

     

    HTH

  • kurt188 Level 4 Level 4 (1,335 points)

    Despite what fane_j claims, the document I referred you to does contain the information I mentioned. It does not contain any detailed explanation that you seem to be seeking.

     

    You should ignore those who chime in only to criticize others because they can't answer the question themselves and didn't bother to find the information first.

  • WZZZ Level 6 Level 6 (12,685 points)

    I saw "wheel" also, and others

    There are others alright. More fun with groups! I think nogroup is the best of the lot.

     

    Screen shot 2012-02-01 at 8.02.28 PM.png

     

    Screen shot 2012-02-01 at 8.04.22 PM.png

  • fane_j Level 4 Level 4 (3,660 points)

    R C-R wrote:

     

    "System" is the root user with almost unlimited access.

    To add to this, keep in mind that "System" is the GUI's (Finder's) name for (the) root (user). There isn't really either a user or a group named "System" or "system"; and the "sys" group is something else.

     

    You really need to use Terminal if you want to get deeper into this. The groups command, used by other Unix variants, is obsolete; you can use the id and dsmemberutil commands to check groups to which a specific user belongs, and related information.

     

    Other Unix variants make use of </etc/group>, but, to my knowledge, this is not used by Mac OS X. I suppose it is possible to list all members of a group with dscl, but I haven't looked into it.

  • fane_j Level 4 Level 4 (3,660 points)

    kurt188 wrote:

     

    You should ignore those who chime in only to criticize others because they can't answer the question themselves and didn't bother to find the information first.

    Words to live by.

  • clbobman Level 1 Level 1 (0 points)

    When someone tells me you do not need to worry about such things. I get worried. There is very little information available on these USER groups and their function. We never had such things on the early macintosh computers. The OS was a very transparent system in the 80's. I left the mac world for ten years because I had no money. I have to say what I see now on the Macbook Pro worries me. I would just like some very clear info on what these user groups mean. Can someone please help? I try changing these groups and they just come back again. Are they being reinstated by my Carbon cloner?. I have just noted that my external drive seems to chew a lot longer than is normal when connected to the internet. It will do a clone and then frequently play around for 20 minutes afterwards.  I do not like it.

     

    Thanks for the help, anyone that really wants to tell me about these USER groups and why they are on my hard drives. I do not understand why , I MYSELF, cannot restrict access to ME.

  • clbobman Level 1 Level 1 (0 points)

    Also to reiterate. I am not part of a NETWORK. I live at home with my wife. Why can I not just be ONE USER! Is it possible?

  • R C-R Level 6 Level 6 (15,790 points)

    clbobman wrote:

    Also to reiterate. I am not part of a NETWORK. I live at home with my wife. Why can I not just be ONE USER! Is it possible?

    Hello, clbobman!

     

    Please note that is topic has been dormant for two years. Since few people are likely to still be following it, it would be better to start a new topic of your own if you need help with this, preferably in the forum for the OS version you are using.

     

    With that out of the way, please be aware that you are most certainly part a network. It is the Internet, the largest one on the planet! As was mentioned by several contributors back when this topic was active, users & groups exist largely to protect your privacy & security from the millions & millions of other users who share that vast network with you.

     

    Unfortunately, an ever increasing number of those users are criminals who would like nothing better than for you to run an OS that provided little or nothing to prevent them from taking over control of your computer remotely, stealing the personal & private information you have stored on it & using it however they want, installing software to do their bidding instead of yours, & so on. Even if they aren't completely successful, the attack may leave your system unstable or sluggish, destroy some or all of your document files, or even corrupt the file system so badly that you would have to erase everything & start fresh with a new installation of the OS to recover.

     

    With just one user who has unrestricted access to control everything, that isn't very hard to do. To prevent this (& to prevent users from accidentally doing things with the same result), like in every other modern OS, OS X includes a complex system of permissions to restrict & control access to various parts of the system. In OS X, this is implemented as an abstracted system of users & groups, each given permissions to perform only specific kinds of tasks.

     

    So for example, when a human user like you or me asks the Mac to do something, that request may be handed off to one or more non-human users, each able to handle only part of that task, & relying (like us) on other non-human users to do what it can't.

     

    This compartmentalization makes it very difficult to take over control of the Mac & force it to do things it should not do, whether by accident or intent. It also makes it difficult to understand exactly how it all works. Fortunately, as has already been said, as users we don't need to unless we are intent on changing it. And if we are going to do that, we better have a very good understanding of how it all works. (Otherwise, it is very likely we will just break things, cause data loss, or worse.)

     

    If understanding all that is your goal, Apple's developer web site is full of info you can study, & there are quite a few books on the subject. But be warned, this is not simple stuff. It can take months or years to absorb it all.

     

    That's why most of us leave it to the programmers & just use our Macs to do the stuff we want without worrying too much about how it does that.

Previous 1 2 Next