Apple Event: May 7th at 7 am PT

Learn more

Add to your calendar 

Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: Nico M
Nico M Author
User level: Level 1
11 points

Shared folder on external drive

My Mac mini has an internal drive of 512 GB. This is not enough for all the user data as my wife and I have accumulated a lot of photos and videos over the years. I decided to move both of our Photos and iMovie libraries to the external drive in folders specific to our users. I limited the permissions of both users to their respective user folders on this external drive. Basically, I modelled this after the permissions set on the users folders that macOS creates by default. This is working fine, but of course I had to turn off "Ignore ownership on this volume" to get this to work.


I also created a folder that should be a shared folder between the two of us. I am wondering how I should set the permissions in such a way that both my wife and I can read and write to files. Normal behaviour is that only the owner can read and write and other users can only read. At least according to Apple and some other articles I found.


This answer on StackExchange uses access control entries, which I am not really familiar with, but is quite old. Furthermore, it does not work for files moved into the shared directory, which would happen occasionally.


I also noticed that the umask is set to 0022. Would it be an option to set it to 0002? I think this should solve the sharing, as groups would have read and write by default. Would this break other stuff in macOS or make things less secure?


What would be the best option to properly set this up?


By the way, I have a Mac mini 2018 still running macOS Catalina (10.15.7) although I am planning to upgrade it to Big Sur at some point. I assume this does not really matter for the answer to this question.

Mac mini, macOS 10.15

Posted on Jan 10, 2021 7:31 AM

Reply
Question marked as Best reply
User profile for user: Nico M
Nico M Author
User level: Level 1
11 points

Posted on Feb 7, 2021 5:47 AM

In the end, I decided to implement the solution from StackExchange that I also mentioned in my original question. So, by using the following command: 

sudo chmod -R +a "staff allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit" ./Shared/

Everything seems to work as I intended. Even dragging an existing file in the directory from the account of one user seems to allow other users to edit it as well. Something that would not work according to the answer on StackExchange.

View in context

Similar questions

3 replies
Question marked as Best reply
User profile for user: Nico M
Nico M Author
User level: Level 1
11 points

Feb 7, 2021 5:47 AM in response to Nico M

In the end, I decided to implement the solution from StackExchange that I also mentioned in my original question. So, by using the following command: 

sudo chmod -R +a "staff allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit" ./Shared/

Everything seems to work as I intended. Even dragging an existing file in the directory from the account of one user seems to allow other users to edit it as well. Something that would not work according to the answer on StackExchange.

Reply
User profile for user: Nico M
Nico M Author
User level: Level 1
11 points

Jan 10, 2021 11:30 AM in response to steve626

Thanks for the reply. There are two reasons why I do not want permissions to be ignored for this external volume.

  1. Often my wife's Photos library would be locked by a photoanalysisd or photolibraryd process (not sure anymore which one) from my account. My conclusion was that leaving user specific libraries accessible to other users was apparently not supported.
  2. I see this external drive as an extension of the internal drive, which also has permissions enabled. I understand the "ignore permissions" for external drives that you use for multiple computers/Macs, but in this case it will only be used by this Mac mini.

The permissions for the user folders are working fine, it is just the way that "sharing" works that surprises me. Is it not quite normal to expect to be able to read and write in a shared folder if you want to allow this?


By the way, backups are taken care of. I removed the external drive from the Time Machine exceptions and it is backing up to my Time Capsule.

Reply
User profile for user: steve626
steve626
User level: Level 6
10,001 points

Jan 10, 2021 10:54 AM in response to Nico M

I would suggest setting for "ignore permissions on this volume" for the entire external drive, rather than what you are trying to do. What you are trying to do will require constant attention as new folders and subfolders are created. You should regularly backup everything on the external drive -- that will protect against someone inadvertently changing the wrong file or folder. Since it is only the two of you, I expect the chances of this are small anyway. Why are you trying to protect folders form one another? Another option is to set up a separate external drive for each person. The simplest approach is usually the best one, what you are trying to do is a more complicated approach.

Reply

Shared folder on external drive

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up