Is there a purpose in Sharing to use “Everyone” with Privileges set to “No Access?"

The permissions you speak of only pertain to regular users on your system. The read-only setting is to prevent anyone from accidentally modifying your backup files, but allow access to recover a file safely from the backup. The default macOS permissions are meant to keep the system safe but still easily usable so certain compromises are made to local security. Of course users are free to modify settings to lock the system down even more, but you need to do it carefully or you could break something.

If you don't want anyone accessing your files, then enable encryption on the drive. If someone gets physical access to your computer or just the external drive and it is not encrypted, then it doesn't matter what those permissions are. Anyone can connect an un-encrypted drive or device to another system and access everything on it. If your computer has multiple users and you don't want them accessing files within your user account, then make sure to only make them a Standard user account. Anyone with an Admin account on the computer can potentially access files located in your own user account (even if the drive is encrypted since the drive must be unlocked when another user is using it).

Anyone that has physical access to your computer does not need permissions, as permissions are enforced by the operating system, and if the person with physical access can use any operating system they want to access your storage.

This is why it is a good idea to encrypt your storage, internal or external.

If the intruder gains access via the network, then they must gain access to an existing account. Your account is the most likely, unless they found a security flaw that gave them 'root' access and 'root' does not care about file system permissions. 'root' is allowed to access anything its heart desires. It may need to jump through some hoops to gain write access on a Mac with SIP or on a Catalina Mac with a readonly boot partition.

So you are left with protecting against network access to a secondary account that you most likely do not have on your system.

Besides if someone gets into your Mac via the network, you have bigger problems.

Finally, globally blocking "everyone" access may have unintended consequences, as there are various agents and daemons that run in the background that may need to access files they do not own.

The concept of User, Group, Other read/write/execute permissions comes from the days when Unix based operating system were multi-user time-sharing systems, used in corporations and universities.

These days personal computers, especially Macs, are typically single user systems. Yes I know some families may have a single computer and everyone has to share it. In those cases, it would be wise to remove Other (Everyone) permission from sensitive files and folders to the kids do not get into the household finances, etc... But that is a rare situation.

terry999 wrote:

nonetheless I've avoided encryption after my son's bad experience years ago where the Mac lost power while open on an encrypted volume and his data were unrecoverable.

That is what backups are for. Ideally you should have three backups with one of them stored offsite.

Hello,

This is just an added security measure.