diff --git a/checkin_notes b/checkin_notes
index 95b61cfb46..26062e1935 100755
--- a/checkin_notes
+++ b/checkin_notes
@@ -8102,11 +8102,15 @@ Walt   26 July 2006
 Charlie 27 July 2006
     - Mac: Mac_SA_Secure.sh script adds logged in user to groups boinc_master and 
         boinc_project.
-    - New web page describing Macintosh system administrator tools.
+    - New web page describing Macintosh system administrator tools; update  
+        references from existing pages.
     
     clientgui/
         mac_build/
             Mac_SA_Insecure.sh
             Mac_SA_Secure.sh
     doc/
-        mac_admin_tools.php
+        mac_admin_tools.php (new)
+        mac_advanced.php
+        bare_core.php
+        auto_start.php
diff --git a/doc/bare_core.php b/doc/bare_core.php
index 0f321be69d..41234a7dde 100644
--- a/doc/bare_core.php
+++ b/doc/bare_core.php
@@ -38,6 +38,13 @@ at boot time.
 <p>
 To control a running BOINC client, use the
 <a href=boinc_cmd.php>BOINC command tool</a>.
+<p>
+Several <a href=mac_admin_tools.php>tools</a> for Macintosh system administrators are available to:
+<ul>
+<li> automatically start BOINC as a daemon or system service at boot time
+<li> implement improved security for stand-alone clients 
+<li> prevent BOINC Manager from launching automatically when selected users log in.
+</ul>
 
 <h2> Special cautions for Mac OS X</h2>
 <p>
@@ -61,15 +68,17 @@ but only if the core client was not already running.
 <p>
 If you must mix the stand-alone core client and the BOINC Manager on the same Mac OS X system, be careful of the following:
 <ul>
-<li>The BOINC Manager installer sets the set_user_id permission bit (S_ISUID) for the BOINC Manager and its embedded core client executable files.  
+<li>The BOINC Manager installer sets the set_user_id (S_ISUID) and set_group_id (S_ISGID) permission bits for the BOINC Manager and its 
+embedded core client executable files.  
 This causes BOINC to always run with the effective user ID set to the installing user.  This may cause permission problems if the 
-stand-alone core client tries to access the same data as a different user.
+stand-alone core client tries to access the same data as a different user.  See <a href=sandbox_user.php>The Secure BOINC Client</a> 
+for more information.
 <li>By default, the stand-alone core client expects the data to be in the same directory containing the executable.  But the BOINC Manager 
 sets the current directory to \"/Library/Application Support/BOINC Data/\" before launching the embedded core client.
 </ul>
 If you want BOINC to operate on a separate set of data for each user on a Mac OS X system, then the stand-alone core client may be appropriate.  
-But to avoid permission problems, make sure that users who have their own core client don't run the BOINC Manager.
-
+But to avoid permission problems, make sure that users who have their own core client don't run the BOINC Manager, unless you have set permissions 
+up properly with the special <a href=mac_admin_tools.php>administrator tools</a>.
 ";
 page_tail();
 ?>
diff --git a/doc/mac_advanced.php b/doc/mac_advanced.php
index 6922258387..13c796a40b 100644
--- a/doc/mac_advanced.php
+++ b/doc/mac_advanced.php
@@ -32,6 +32,13 @@ expand the zip archive by double-clicking on it in the Finder.
     <li> Open <b>System Preferences</b> from the Apple menu. Select <b>Desktop & Screen Saver</b> and select a different screen saver.
     </ul>
 </ul>
+<p>
+Several <a href=mac_admin_tools.php>tools</a> for Macintosh system administrators are available to:
+<ul>
+<li> automatically run BOINC as a daemon or system service at boot time
+<li> implement improved security for stand-alone clients 
+<li> prevent BOINC Manager from launching automatically when selected users log in.
+</ul>
 ";
 page_tail();
 ?>