10 Replies Latest reply: Apr 29, 2012 11:25 AM by red_menace
vxc342 Level 1 Level 1 (0 points)

I have performed these steps:

 

  • create test account with user name test
  • create test folder on an external HD
  • changed home folder for the user to the test folder on the ext. HD using Advanced Options under Users & Groups.
  • rebooted

 

I have observed that any user can see content of test/Documents and ls -l shows that the current user is the owner.

 

So for example if there is an account Frank, Frank can see the content of test/Documents and Frank is shown as an owner.

 

How to fix this mess?

 

Thank you.

  • 1. Re: home folder on external drive accessible to all users
    Niel Level 10 Level 10 (241,970 points)

    Ensure that permissions are enabled for that drive in the Get Info window, and change the ownership of it to your account even if it seems to be your account already.

     

    If a folder is owned by UID 99, any non-root user who checks the permissions on it will appear to be the owner. If someone checks its ownership as root, they'll see what it really is.

     

    (66046)

  • 2. Re: home folder on external drive accessible to all users
    vxc342 Level 1 Level 1 (0 points)

    Ignore ownership on this volume was checked! I uncheck it. I think that is what you are reffering to.

     

    That drive is owned by the admin user, which is me and the group is staff.

     

    (I have tested with 'test' user which had its home folder on the same ext. drive as the admin)

     

    I am going to reboot and see what happens.

  • 3. Re: home folder on external drive accessible to all users
    vxc342 Level 1 Level 1 (0 points)
    • I uncheck 'ignore ownership on this volume', myExtHD
    • ran 'chown me:staff myExtHD' that left subfolders to be owned by UID 99
    • ran 'chown -R me:staff myExtHD', that failed for some files like thrash. It changed the owner for Documents for example, but Movies folder was left to be owned by UID 99
    • I tried resetpassword command: http://osxdaily.com/2011/11/15/repair-user-permissions-in-mac-os-x-lion/

    But myExtHD did not show up in the list.

     

    Any help is appreciated....

  • 4. Re: home folder on external drive accessible to all users
    vxc342 Level 1 Level 1 (0 points)

    as a next step I did chmod on my home folder: chmod 755 /Volume/myExtHD/me

  • 5. Re: home folder on external drive accessible to all users
    vxc342 Level 1 Level 1 (0 points)

    Interestingly Desktop, Documents, Downloads are owned by 'me'.

     

    Library, Movies, Pictures, Public, Sites is owned by admin:staff

     

    I think this is wrong, all the folders should be own by 'me', right?

  • 6. Re: home folder on external drive accessible to all users
    red_menace Level 6 Level 6 (14,615 points)

    Anyone can ignore the permissions on an external disk.  Changing the ownership of the drive may prevent it from being mounted, but once it is mounted you won't be able to keep others from viewing the contents unless they are encrypted.

  • 7. Re: home folder on external drive accessible to all users
    vxc342 Level 1 Level 1 (0 points)

    Are you sure? Would you not need admin credentials to change the permissions to see the private files?

  • 8. Re: home folder on external drive accessible to all users
    Barney-15E Level 8 Level 8 (35,275 points)

    vxc342 wrote:

     

    Are you sure? Would you not need admin credentials to change the permissions to see the private files?

    Not at all. You can connect an external drive up to any operating system and do whatever you want with it. There is nothing in the drive controller that handles permissions, unless it has specialized software. The computer operating system has to choose to respect the permissions on the drive or not. There is nothing special about the permissions that, in and of themselves, protects the information. They are just flags to the Operating system on how it should make certain files available to certain users.

  • 9. Re: home folder on external drive accessible to all users
    vxc342 Level 1 Level 1 (0 points)

    Good, point, but that is true about all hard drives regardless how they are connected (internally or externally).

     

    As long as it stays connected to the original computer, you would need admin credentials to see private files.

  • 10. Re: home folder on external drive accessible to all users
    red_menace Level 6 Level 6 (14,615 points)

    As long as it stays connected to the original computer, you would need admin credentials to see private files.

    That is true for internal drives, since they are assumed to be more-or-less "permanently" connected - the OS will respect the permissions.  However, in order for external drives to work you would need to be able to ignore permissions, otherwise I couldn't give someone a disk and have them do anything with the files.  Of course, once an internal drive has been removed it now becomes external, and anyone can read it - this is why physical access trumps all security (except encryption).

     

    You might be ble to set the ownership of the drive, as Niel suggested, which should prevent it from being mounted by another user, but I haven't tried that.