Share folder on external hard drive formatted in AFPS over network

By default, an external drive has "Ignore ownership" set. You can change this in the Finder under "Get Info" on the drive.

MacChristoph wrote:

Thank you Barney-15E

That makes total sense.

I tried it out with a "sharing only" user and unfortunately it seems to be the same for the shares on external hard drives.

I did only share Folder 1 to the sharing only user, but he can see Folder 1 and Folder 2 once connected and has read/write permissions in both folders.

I wonder if I need to change the permissions on the external hard drive to only allow access to certain users or user groups instead. 🤔

I don’t have the ability to mess around with it right now, but I think you’re right about the permissions on the external drive. File sharing is not sharing out specific items to everyone. When you login remotely, albeit via file sharing, you have whatever access that user would have on that Mac. So if everyone is r/w on the external drive, then everyone will be able to read and write everywhere on the external drive. The file sharing set up will override the POSIX permissions on the drive with ACL‘s so you don’t necessarily have to give the sharing owner user specific permissions on the drive. If they’re all getting their own folder, then I would probably assign POSIX permissions to that folder for that user. The enclosing folder must have read permissions to everyone, or perhaps create a group and assign the group to that folder with read only.

File Sharing is a bit of a misnomer. When a user logs into the Mac remotely (via File Sharing), they have the same access on that Mac as their actual account on that Mac.

To restrict access you would need to create Sharing Only users that log into the Server.

You can restrict their access within the File Sharing system settings.

MacChristoph wrote:

Thanks for your help, Barney.

Essentially I have the same issue.

I wonder where would be the best location to raise such an issue and try to get a fix or workaround.

If I should get any further with this, I will let you know.

You’d have to talk to Apple directly and you’re gonna go through a whole bunch of waste of time script execution with the first level person you talk to and maybe eventually you’ll get it escalated. https://getsupport.apple.com/

I submitted a fairly detailed bug report, but as is normal, I haven’t heard a thing back from Apple.

It is the same whether internal or external. File sharing is not really sharing of files. It is merely remote login to the Mac. Whatever user you login with has all of the permissions they would have if they were sitting at the Mac and logged into their account. Users cannot edit other users files. They only have read access to other users files. To enable users to edit other users files you must set up an ACL to allow that. I’ll get to that when I produce some examples of how to set up your file system.

I’ll try to throw together a set of examples with screenshots such that you can create whatever you need, but I can’t do it right now.

I've tried to set up sharing as it used to work and I can't make it work. The only way I can make it work is giving all users Full Disk Access on the File Sharing settings. That essentially removes all restrictions.

You should not need to do anything with the ACL’s—File Sharing setup will do that.

If you need a File Server—different users editing files in one shared folder—I can point you to that.