Yogi_88

Q: Trying to create a single shared folder for other clients on the network.

I have a home network, two computers on the network, iMac el capitan, and MacbookAir el capitan.

 

iMac user is IMAC_ADMIN and MacbookAir user is AIR_ADMIN, both have administrator privileges on the local machines. ( I presume the iMac user has no privilege on the MacbookAir, as it is a completely different system, and vice versa, the Admin users should not be able to do anything on the other machines. Please confirm this is a true statement)

 

i turn on the iMac and log in as IMAC_ADMIN, and i turn on the MacbookAir and log in as AIR_ADMIN.

 

My objective is to create a folder on the iMac that is accessible to the MacbookAir, and only that folder.  Let's call the folder /Users/IMAC_ADMIN/Public/

 

I do not want access to anything else on my computer to the MacbookAir User.

 

For example, I would like to log in to the MacbookAir as AIR_ADMIN, go to the Finder App, and in the Shared section, see the icon for the iMac Public folder.  When I connect to the icon with the pointer, there should be a window that pops up, "Select the volumes you want to mount on "iMac" , and the only thing listed will be the Public folder.

 

How is this possible in Mac OS X El Capitan 10.11.5 with AFP protocol?? 

 

Thanks,

iMac with Retina 5K display, OS X El Capitan (10.11.5)

Posted on Jun 21, 2016 1:37 PM

Close

Q: Trying to create a single shared folder for other clients on the network.

  • All replies
  • Helpful answers

  • by askmrmac,

    askmrmac askmrmac Jun 21, 2016 2:45 PM in response to Yogi_88
    Level 1 (57 points)
    Jun 21, 2016 2:45 PM in response to Yogi_88

    You are almost perfectly describing the scenario of using the “Shared” folder in Mac OS X.

    Inside your BootDrives “Users” folder, there is a user/entity called “Shared”.

    By correctly following the standard instructions in the link below , you can make that Shared folder (and only that folder) and its contents available to (selected) users, on your local shared network.

    This Shared folder can also appear in a finder window sidebar if you wish.

     

    This is probably the most straightforward way to do what you want:

    https://support.apple.com/kb/PH21810?locale=en_US

  • by cdhw,

    cdhw cdhw Jun 21, 2016 2:50 PM in response to Yogi_88
    Level 4 (2,623 points)
    Servers Enterprise
    Jun 21, 2016 2:50 PM in response to Yogi_88

    ( I presume the iMac user has no privilege on the MacbookAir, as it is a completely different system, and vice versa, the Admin users should not be able to do anything on the other machines. Please confirm this is a true statement)

    It's correct.

    My objective is to create a folder on the iMac that is accessible to the MacbookAir, and only that folder.  Let's call the folder /Users/IMAC_ADMIN/Public/

    That folder exists already. You probably want to create a new user 'AIR_ADMIN' on the iMac using the Users & Groups preference panel. (I suggest you use the same password as this account uses on the Air.) Use the Sharing preference panel to enable File Sharing and this same panel to setup which users have what sort of access to which shared folders. In your case you need to make sure that 'AIR_ADMIN' is allowed to access 'IMAC_ADMIN Public Folder'

     

    C.

  • by Yogi_88,

    Yogi_88 Yogi_88 Jun 21, 2016 3:10 PM in response to cdhw
    Level 1 (8 points)
    Mac OS X
    Jun 21, 2016 3:10 PM in response to cdhw

    Thanks, for your attention.

     

    Here is the problem.  If I follow the instructions on the link you provided, then without adding any users or doing anything I see the Sharing section in the preferences panel.  under  shared folders I see the only entry is the public folder.  Next to that is the Users: panel.  in the users panel are the iMac_Admin, and Everyone.  No other users.

     

    So, i do nothing here.  i go to my macbook air and in the finder I see the new shared Icon for the iMac.  I click it and it asks me which volume do I want to attach to, and it lists every disk and partition on the iMac.  I only want it to  show the Public folder.

     

    I have not done anything except activate File sharing, essentially, and now my entire computer can be seen by anyone on the network. And the Shared Folders in preferences is only listed the Public folder, nothing else.   Very bad situation.

     

    So,  The macbookAir Admin account has nothing whatsoever to do with the iMac, why can it see all the volumes??????????

     

    If my friend comes into my house and says can I connect my laptop to your wifi to check my email, I do not want him to have access to my entire network and all volumes on my computers.

     

    I did not add any users for the Shared Public folder, nevertheless, the macbookAir admin account can see all the volumes on the iMac, as if it is logged into the iMac as a client.  This is not my objective.

     

    I only want the solitary folder, Public, available.

     

    How is it possible ?

     

    Also, I do not see any Network Groups or Network Users when I click to Add a User for the Shared Public folder, just local users and contacts.

     

    Thanks for your attention,

  • by cdhw,

    cdhw cdhw Jun 21, 2016 3:29 PM in response to Yogi_88
    Level 4 (2,623 points)
    Servers Enterprise
    Jun 21, 2016 3:29 PM in response to Yogi_88
    I have not done anything except activate File sharing, essentially, and now my entire computer can be seen by anyone on the network. And the Shared Folders in preferences is only listed the Public folder, nothing else.   Very bad situation.

     

    I very much doubt this is the case. Most likely you have previously connected to the iMac 'server' sharing these folders, entered the admin username  and password for the server and allowed your Air to store these in your keychain.

     

    Use Keychain Access to look for 'password' records in your login keychain on your Air and you will find the admin credentials for the iMac stored there.

     

    Refer to these notes from Apple:

     

         OS X El Capitan: Share your files with other Mac users

     

    C.

  • by Yogi_88,

    Yogi_88 Yogi_88 Jun 21, 2016 3:53 PM in response to cdhw
    Level 1 (8 points)
    Mac OS X
    Jun 21, 2016 3:53 PM in response to cdhw

    Thanks for your attention.

     

    I checked the Keychain Access on both computers in the Login, password panel.  Nothing in there for the other computer, for both computers.  The panel has several columns, one is labeled "Kind" for the password,  and then there are Network password, application password, and encryption password.  So there is nothing about the other computer in the Keychain Access, network password is for NAS attached to router.

     

    It looks like a bug in the OS, because I have done this previously on Snow Leopard and Mountain Lion without difficulty, it was simple to set up.

     

    Any suggestions on how to resolve the issue or just bail and use iCloud?  I need it for storing a file that I share across computers that  I need backed up to timeMachine, which won't backup NAS, nor iCloud, and prefer to keep the info off of iCloud, Guciffer and every teenage HS dropout is hacking these days.

  • by cdhw,

    cdhw cdhw Jun 21, 2016 4:00 PM in response to Yogi_88
    Level 4 (2,623 points)
    Servers Enterprise
    Jun 21, 2016 4:00 PM in response to Yogi_88

    I think we can safely rule out 'a bug in the OS'.

     

    Create a new Test user on your Air. Then restart it and try to connect to the iMac without using the admin credentials for the iMac.

     

    What happens?

     

    C.

  • by Yogi_88,

    Yogi_88 Yogi_88 Jun 21, 2016 4:30 PM in response to cdhw
    Level 1 (8 points)
    Mac OS X
    Jun 21, 2016 4:30 PM in response to cdhw

    Ok, so there is a bug, sort of.

     

    I created the Test account on the Air as an admin account, then log in the Air, and cannot access the iMac public folder because the iMac asks for the login credentials and the new Test login fails, so it cannot access the iMac Public folder, which is ok, since I deactivated the "Everyone" group Users.

     

    Then, I logged in the App Store, with my AppleId, and tried to log in again to the Public folder and same result, cannot access.  So the App Store login is private and not system wide.  Then I logged in the NAS and still cannot get access to the iMac Public folder.

     

    Then I logged into iCloud with my AppleId and presto, I can see all Volumes on the iMac without any login credentials.  So that is the "bug".  The iCloud AppleId login, supersedes the local login credentials and gives complete access to all devices that are logged into the Network with the AppleId active.

     

    So that is a better result than I was thinking.  I still do not want complete access even when logged into iCloud, but hey, it's a rubber biscuit.

     

    Thanks for your help, at least I feel secure that others cannot see beyond the Public folder, but the Public folder is of little use since I cannot limit the access when using the iCloud for notes and reminders and calendar, etc.  So no point in using the Shared Folder with same AppleId, since cannot limit it to just the Shared Folders in the Preference panel, apparently.

  • by cdhw,Solvedanswer

    cdhw cdhw Jun 22, 2016 8:00 AM in response to Yogi_88
    Level 4 (2,623 points)
    Servers Enterprise
    Jun 22, 2016 8:00 AM in response to Yogi_88

    Best practice is to have one admin account that you use only for authorising things like software updates and another 'user' account that does not have admin privileges that you use day to day.

     

    You can prevent your iCloud credentials from being used authorise access to a local account by right-clicking on the user in 'Users & Groups'  to display the 'Advanced' settings.

     

    The bug in OS X, if one calls it that, is that a naive user who clicks 'Okay' to the defaults when setting up their machine ends up with a single account, with admin privileges, linked to their AppleID and hence iCloud, etc.

     

    C.

  • by Yogi_88,

    Yogi_88 Yogi_88 Jun 22, 2016 8:02 AM in response to cdhw
    Level 1 (8 points)
    Mac OS X
    Jun 22, 2016 8:02 AM in response to cdhw

    Terrific, many thanks for you help!