File & Folder Sharing & Permissions...Discussion...

Question

File & Folder Sharing & Permissions...Discussion...

There is a difference in how Windows handles (allows configuration of) SMB vis-a-vis MacOS.

Background

On Windows laptop, I login using my Microsoft account username and password. For sharing folders on the local network, I set permissions for each folder (and this applies to all sub-folders & files) as Read only, Read & Write or No access. When I connect to my laptop from other devices over SMB, I have to enter my Microsoft username and password and only the shared folders become accessible as per individual folder permissions set.

The advantage of this method is to have just one user account on the laptop and there is no need to add multiple user accounts in the laptop. Permissions are set at the folder level.

How is it different with macOS?

On MacOS, it appears to work differently. Here, permissions are set at user account level on the Mac, and these same permissions are automatically applied to SMB connections. This means that if I have an administrator account on my Mac, and I enter these credentials when accessing my Mac from other devices over SMB, I have Read & Write access to all folders and volumes (because an administrator account has R&W permissions for all folders and volumes by default). In order to have read only access over SMB connections (which is advisable for most folders to prevent accidental deletion or modifications), a separate user account (standard account) with limited access must be created on the Mac, and that account credentials must be used to login over SMB.

The only advantage of this method is that permissions are set at user account level, and anything you can do on the Mac, much of that can be done from other devices as well over SMB. Not sure if this is a good idea.

MacBook Pro with Touch Bar

Posted on Oct 8, 2019 7:10 AM

Reply

Answer 1

Oct 8, 2019 10:23 AM in response to Sridhar Ananthanarayanan

The other disadvantage of the Mac method is the fact that the Home folder of the account used for login, and this includes everything inside the user libraries like Documents, Pictures, Videos, Downloads, Music, etc - everything is Read & Write permission over SMB. When we share folders over the local network, it is usually a select few to enable reading of data and transferring of files. But in a setup where there is R&W access to all folders in the user directory, in addition to other folders set for sharing, isn't a very good implementation in my opinion.

Reply

Answer 2

Oct 9, 2019 11:10 AM in response to Sridhar Ananthanarayanan

I wish I could edit my existing posts to add new information.

Does someone know how to connect to Mac from Windows 10? All the different combinations to the connection I have tried is getting rejected.

From my Android phone, some apps can connect and some can't. With those apps that can't connect over SMB, I am using SFTP. The problem is again with folder permissions. SFTP connections don't seem to respect the folder permissions set. I am able to write to even those folders/ Volumes that are supposed to be "Read only".

Am I making a mistake in these configurations or are all these poorly implemented in macOS?

Thanks.

Reply

Answer 3

Oct 11, 2019 11:30 AM in response to Sridhar Ananthanarayanan

Another disadvantage of the Mac method:

If you use a different account for SMB connections (as mentioned in the original post), files transferred to your Mac won't be accessible to you unless you manually edit their permissions.

Despite read only permissions, you can still create folders/ files inside a read-only volume (you can completely block volume/ folder access on SMBv2/v1 by selecting "Only allow SMB encrypted connections" under Advanced Options).

In other words, you can't have a read-only volume, and SFTP even ignores folder permissions.

I am not sure if these are bugs or very poor/ flawed implementation by Apple.

Reply

Answer 4

Oct 21, 2019 6:30 AM in response to Sridhar Ananthanarayanan

I think some of the above problems have been fixed in the most recent Catalina update.

Read only folders are now "read only" only. It is no longer possible to delete files either via SMB or SFTP. Glad they fixed this.

The problem with SFTP configuration is that it allows you to see all the folders and files in the system. This is something they are yet to fix.

With Catalina, the system partition is now 'read only', so inadvertent deletion or modification of files in that partition is not possible. This is a very good thing. But I hope they can just limit the connections to see only the folders that are shared, and block access to everything else.

Reply

Answer 5

Oct 21, 2019 7:05 PM in response to Sridhar Ananthanarayanan

I have the Beta 10.15.1 and the SMB troubles are resolved.

For me when I try to log to my SMB always have an error whit the login and password. The only solutions was in the router select the anonymous access but in the 10.15.1 Beta the login and password works again.

Reply

Answer 6

Oct 31, 2019 10:20 AM in response to Monica Paulina

May be the login issues have been resolved. But the problem with macOS is that it will automatically share all folders on the network, unless you specifically exclude it. Also, I didn't find a way to exclude folders with SFTP. I think the Microsoft (or Windows) way of only showing folders that are specifically shared is superior to the Mac method.

Reply

File & Folder Sharing & Permissions...Discussion...

Similar questions