JeffCMKRNL
Level 1 (10 points)

Q: Mount a dmg in one user account mounts it for all users

When I mount a .dmg file volume it appears available to all users on the same MAC.

Why?

If I mount an encrypted volume from a .dmg file, I certainly do not want it mounted on everyone's account that uses the same  mac.

 

Jeff

Mac mini (Mid 2011), OS X Mavericks (10.9), Happens on Mac Mini and Macbook pro

Posted on Aug 23, 2015 10:00 PM

Close
JeffCMKRNL

Q: Mount a dmg in one user account mounts it for all users

  • All replies
  • Helpful answers

  • by BobHarris,Helpful

    BobHarris BobHarris Aug 24, 2015 6:20 AM in response to JeffCMKRNL
    Level 6 (19,553 points)
    Mac OS X
    Aug 24, 2015 6:20 AM in response to JeffCMKRNL

    That is the way a simulated disk work.  When it is mounted, just like a real disk, it is available across the system.  File and folder ownership and permissions is how you protect data from other users.

  • by JeffCMKRNL,

    JeffCMKRNL JeffCMKRNL Aug 25, 2015 8:04 PM in response to BobHarris
    Level 1 (10 points)
    Aug 25, 2015 8:04 PM in response to BobHarris

    I Have changed the permissions on the .dmg file, and on the volume mounted, and while this solved my problem for others accessing my private volume, it still shows up on their desktop as a mounted volume, which I would prefer that it does not.

    In OpenVMS, when an unprivileged user mounts a volume it is only visible to that user and all of that user's sub processes.

    I would prefer that other users are not informed that I have mounted a local volume only to my username, even though they can't access it.

    Now they are aware of it. The bad thing is that it is also visible to a guest user, even though they can't access it. They now know there is such a resource available.

  • by Eric Root,Helpful

    Eric Root Eric Root Aug 26, 2015 10:17 AM in response to JeffCMKRNL
    Level 9 (72,243 points)
    iTunes
    Aug 26, 2015 10:17 AM in response to JeffCMKRNL

    Not ideal, but unmount the dmg before logging out.

  • by JeffCMKRNL,

    JeffCMKRNL JeffCMKRNL Aug 26, 2015 10:38 PM in response to Eric Root
    Level 1 (10 points)
    Aug 26, 2015 10:38 PM in response to Eric Root

    Thank you Eric,

     

    There must be a way to mount a volume directly to a single process and all of its sub processes at the user level, vs. a global system mount?

    I know Unix and linux have these capabilities, as well as OpenVMS. Mac should too, even if it is a command line operation.

     

    Thanks

    Jeff

  • by JeffCMKRNL,

    JeffCMKRNL JeffCMKRNL Aug 26, 2015 10:39 PM in response to Eric Root
    Level 1 (10 points)
    Aug 26, 2015 10:39 PM in response to Eric Root

    By the way,

    I have been able to prevent other users from accessing the volume and its data, but it still shows up on their desktop.

     

    Jeff

  • by Eric Root,

    Eric Root Eric Root Aug 27, 2015 5:52 AM in response to JeffCMKRNL
    Level 9 (72,243 points)
    iTunes
    Aug 27, 2015 5:52 AM in response to JeffCMKRNL

    You are welcome.

  • by BobHarris,

    BobHarris BobHarris Aug 27, 2015 6:27 AM in response to JeffCMKRNL
    Level 6 (19,553 points)
    Mac OS X
    Aug 27, 2015 6:27 AM in response to JeffCMKRNL

    JeffCMKRNL wrote:

     

    There must be a way to mount a volume directly to a single process and all of its sub processes at the user level, vs. a global system mount?

    I know Unix and linux have these capabilities, as well as OpenVMS. Mac should too, even if it is a command line operation.

    You seem to be asking to mount the .dmg in a non-standard Mac location, where Mac standard is /Volumes, and things mounted in /Volumes are displayed by everyone's Finder.

     

    You could try the hdiutil command from an Applications -> Utilities -> Terminal session

    hdiutil mount -nobrowse -mountpoint   /path/to/where/you/want/to/mount/the/dmg   /path/to/the/image.dmg

    The -nobrowse is what keeps it from displaying by the Finder in all accounts.  In your account the Folder (mountpoint) you specify will change its name to the name of the .dmg, so that is what you are going to be looking for.

     

    I would like to point out that while OpenVMS, Unix and Linux can mount on any directory, the mount is still global to all processes, it is just a matter of being able to find and access the mount point, and that is where ownership and permissions come into play.  So just because you can mount your .dmg outside of /Volumes, and you can tell the Finder not to display the mount point, does not mean other users cannot access the .dmg.  Only ownership and permissions will stop that.  Speaking as a file system developer that worked for Digital, and is still working on file systems for Unix/Linux systems.