Adding and removing user accounts in OS X

Are you the only person who uses your Mac? Or do you let others use it under your account, perhaps?

We are all used to going back to a Mac after someone else has been using it, only to find that there have been some changes. Files and folders have moved, perhaps even disappeared. Settings have been changed, and odd sites come up in your browser.

Even if that other user is a close family member, such as your partner or one of your children/nephews/grandchildren, if they are going to use your Mac without your watchful eye, you should create them another user account, and log them into that. It may seem like a waste of time, but in the long run it saves you having to restore order to your own documents and settings later.

Adding new users

Adding an account is straightforward in the Users & Groups pane; the only issues which you need to think out are whether the account should have admin privileges, or whether you should enable a guest account for someone not likely to use your Mac regularly.

Unless there are really good reasons to give someone else admin privileges – and they will be so compelling that you do not have to think hard about them – don’t. Without admin privileges there will be things that they cannot do, but those are precisely the things that you do not want them doing in the first place. Neither should you ever consider opening guest access, unless it is essential: it is a potential security hole which you can do without. So all they get is a vanilla user account.

One thing to be careful about is setting file and folder access permissions in the /Users/Shared folder. This is the place to exchange files with other users, such as yourself. If you want them to be able to open folders and files there but not to modify them, you will need to use the Get Info command in Finder to set the correct permissions for the items. This is also the best place for them to return documents and any other items to you, but they will have to ensure that suitable permissions are set too.

There are two other circumstances in which you may find adding a new user is a good solution.

One is when you need to use your Mac in a very different way, with different screen resolutions and other settings. This is common practice among those of us who provide screenshots for websites or print publications which have to conform to rules. Rather than keep adjusting the settings for our normal user accounts, it is often simpler to set up another account which you can switch over to when you need.

The other is when you are experiencing problems with your normal user account. If those are the result of preferences or issues in that account’s settings, or anything else in the Home folder, then those problems should vanish when you log into another account. This is a valuable tool when trying to isolate tricky problems, as you then know to look in your (normal) Home folder, more specifically ~/Library. It does not, though, reveal exactly what is wrong there.

The snag with using additional user accounts is that a lot of software is not multi-user, or will require you to go through all the rigmarole of entering serial numbers, etc., before it will run. You will also need to connect those accounts with an Apple ID if you want to run paid-for apps from the App Store, and an iCloud account, and so on. Some apps even require a second licence if they are to work for a second user on the same Mac, which seems distinctly unfriendly.

Unless you explicitly exclude the Home folders of additional users, they will automatically be backed up by Time Machine, and will of course take space on your backup drive.


System administrators on business, school, and similar networks often need to add large numbers of user accounts, set default passwords, and so on. Rather than adding each individually in OS X Server, use Passenger for OS X Server: it costs $60 for up to 150 users, or $119 for an unlimited number on one server.

Removing users

Good security practice says that you should only have the number of user accounts that you actually need. Unused accounts are minor vulnerabilities, and could become major ones if they have admin rights and easily guessable passwords. Each user account also occupies a significant amount of disk space for its Home folder. So if an account is not used, remove it.


This is again performed through the Users & Groups pane, but has options which bear more careful thought: what to do with that user’s Home folder.

If that Home folder contains no documents of any use or purpose, and the user will not be returning, then the most efficient option is scorched earth policy – delete the Home folder and its entire contents.

The difficulty comes when you do need to preserve that Home folder. You can leave it in place, and possibly reconnect the user with it in future, or save it as a disk image. In that latter case, the image is then placed in a folder named Deleted Users, in the Users folder, for future access should you need. Either of these options will not save you the space which you were expecting, though. If you do save to a disk image, it is usually best to archive that onto optical media, for example, and then delete the disk image from your Mac.

Once the user account has been deleted, you still have some more cleaning up to do. Check through the Shared folder and move or delete any files or folders relating to that user, or they will become orphaned and forgotten.

When you have removed all traces of a user account, that Home folder will remain in your Time Machine backup until such time as you decide to remove it, although of course there will be no further overhead from the deleted user to your backup storage space.

Finally, there is one special, or ‘golden’, user on OS X and all other Unix systems: the first admin user created when the system is installed. Avoid removing that user at all costs, as it can cause some very strange problems, as explained here.