Chapter 2: User Accounts - 7 Questions Flashcards
What are the five types of user accounts in Lion? How are they different?
- Standard is the default account type;
- administrative users can make changes to the system; a
- guest user doesn’t require a password;
- sharing only users can access only shared files; and the
- root user has unlimited access.
What are account attributes?
Account attributes are the individual pieces of information that define a user account. Examples include full name, account name, user ID, universally unique ID (UUID), group, and home directory.
How can you restrict a user account from having full access to all applications?
Parental controls can be used to further limit a user account. Examples include enforcing a simple Finder, limiting applications and widgets, setting time limits, and filtering content.
What are some security risks associated with each type of user account?
Standard user accounts are very secure, assuming they have good passwords. Administrative users can make changes that may negatively affect the system or other user accounts. A guest user could fill your system drive with unwanted files. Sharing only users are generally secure as long as you don’t give them too much access to your items. The potential for mayhem with root user access is nearly unlimited.
What default folders make up a user’s home folder? What are some optional folders in a user’s home folder?
The default folders in a user’s home folder are Desktop, Documents, Downloads, Library (hidden), Movies, Music, Pictures, and Public. Optional home folder items include Applications and Sites folders.
What types of resource contention issues can occur when fast user switching is enabled?
Resource contention occurs when fast user switching is enabled and a user tries to access an item that another user has open in the background. Document contention occurs when a user attempts to open a document that another user has already opened. Peripheral contention occurs when a user attempts to access a peripheral that’s already in use by another user’s open application. Application contention occurs when the second user attempts to access an application that’s designed to run only once on a system.
What security risk is associated with fast user switching?
When fast user switching is enabled, all users can see other users’ locally connected drives.
What does a keychain do?
A keychain is an encrypted file that securely saves passwords, certificates, or notes. By default, all users have a login keychain that has the same password as their account.
How does Legacy FileVault secure a user’s data?
Legacy FileVault stores the user’s home folder in an encrypted disk image. This disk image is accessible only by the Legacy FileVault user.
How does resetting the Master password affect existing Legacy FileVault user accounts?
f a known Master password is reset using the Security & Privacy preferences, Legacy FileVault accounts won’t be negatively affected. On the other hand, if a Master password is reset because it was lost, Legacy FileVault accounts can’t be reset by the new Master password.
How does resetting a user’s password as an administrative user affect that user’s keychains?
If an administrative user resets another user’s account password, this process won’t change any keychain
passwords. Therefore, the user’s keychains won’t automatically open when the user logs in with the new password. The user will have to use Keychain Access to manually change keychain passwords.
How does the Firmware Password Utility help prevent users from making unauthorized password changes?
The Firmware Password Utility prevents users from starting up from another system drive, which then prevents them from using a Lion Recovery system to reset local passwords without authorization.
