Entire "Macintosh HD" shared through SMB File Sharing

I have the same issue as NEGATiZE had, but I don't understand your explanation.

"You gave yourself permission to view the entire hard drive when you shared an entire account, typed in the password, and logged in using that username." what does this mean actually?

Can you kindly capture some screen shots in the file sharing System Preferences?

FYI, when I browse the network from Windows XP into my Mac, I can access the entire Macintosh HD & EVERYTHING else including shared printer and external drive etc. Is this normal? How can I prevent this? I want to allow specific folder to specific user only. Can this be done? Thanks.

You gave yourself permission to view the entire hard drive when you shared an entire account, typed in the password, and logged in using that username.

If you don't want to share the entire thing, then deselect the account sharing and just leave the main SMB sharing option enabled. You will then need to establish sharing only users or use your Mac OS account name and password, which will give you access to everything you have access to on the Mac as if you logged into your Mac directly.

Message was edited by: Barney-15E

I don't have a picture sharing site account to use, so I can't post any screen shots. Hopefully, I can describe it well enough.

Say you have a user account called 'bob' on your Mac. On your Mac, bob is an admin user and therefore has access to your entire Mac. If you log into your Mac as bob, you can see everything.

Nothing changes if you log into your Mac from a Windows machine as bob. No matter how bob logs into your Mac, directly to the machine, from a windows machine on you network, or from a dumb terminal in the basement of a hangar on Area 51, bob will have the same access to your Mac.

In the File Sharing options, when you select the account for bob, the entire account is shared. You essentially said, "let 'bob' log into this machine using SMB."

If you just select the option to share files via SMB, you can set access to specific folders for particular users. You can even make up new users that don't have an account on the Mac, but can access folders that you specifically give them access to.

So, for what you want, don't select an account to share via SMB, just select "Share files and folders using SMB."
Now, at the bottom of the file sharing dialog, Add the folders you want to share. Choose the users you want to have access to those folders and set the type of access, Read & Write, Read Only, or Write Only. If you want to create a username and password to access those folders, without having an account on the Mac, Add a person and choose "New Person." That person will be a "Sharing Only" user. You can't log into the Mac as that user, but you can access the specific folders you have set up.

NEGATiZE wrote:
But the help file does [what?] It makes no mention of sharing an entire hard drive's contents.

From the "Sharing files on your network" help file, item 2 (my emphasis added):

Users you have set up with accounts in Accounts preferences can access your computer by connecting to it over the network. *A user with an administrator account can access your entire computer.*

The point I'm trying to make is that by default, this should NOT be the case. Not for my sake, but the average user that doesn't understand file permissions. Especially for an OS touted as "user-friendly".

It has nothing to do with file permissions. It has everything to understanding a multi-user operating system like unix. Unix does not require you to be sitting at the physical machine to log into it. As a matter of fact, when it was developed, you didn't have a computer, you had a terminal that allowed you to log into the mainframe from anywhere there was a terminal connected to it.

Why would you give someone else your admin username and password?

"Storing passwords in a less secure manner" does not equate to allowing the sharing of the entire hard drive's contents.

But the help file does.