Operation Manual

Under Mac OS X, a user without administrator privileges can (assuming the default VeraCrypt and

operating system configurations):



Mount any file-hosted or partition/device-hosted VeraCrypt volume provided that the

file/device permissions allow it.



Dismount, using VeraCrypt, (and, in the VeraCrypt application window, see the path to and

properties of) any VeraCrypt volume mounted by him or her.



Create a file-hosted or partition/device-hosted VeraCrypt volume provided that the relevant

folder/device permissions allow it.



Change the password, keyfiles, and header key derivation algorithm for, and restore or

back up the header of, a file-hosted or partition/device-hosted VeraCrypt volume (provided

that the file/device permissions allow it).



Access the filesystem residing within a VeraCrypt volume mounted by another user on the

system (however, file/folder/volume permissions can be set to prevent this).



Run and use the VeraCrypt application (including the VeraCrypt Volume Creation Wizard)

provided that the file permissions allow it.

VeraCrypt does not support the set-euid root mode of execution.

Additional information and details regarding the security model are contained in the chapter

Security Requirements and Precautions.