Looks like no one’s replied in a while. To start the conversation again, simply ask a new question.

User profile for user: vxc342
vxc342 Author
User level: Level 1
0 points

home folder on external drive accessible to all users

I have performed these steps:


  • create test account with user name test
  • create test folder on an external HD
  • changed home folder for the user to the test folder on the ext. HD using Advanced Options under Users & Groups.
  • rebooted


I have observed that any user can see content of test/Documents and ls -l shows that the current user is the owner.


So for example if there is an account Frank, Frank can see the content of test/Documents and Frank is shown as an owner.


How to fix this mess?


Thank you.

Posted on Apr 28, 2012 7:30 PM

Reply
Question marked as Best reply
User profile for user: Niel
Niel
User level: Level 10
726,923 points

Posted on Apr 28, 2012 7:36 PM

Ensure that permissions are enabled for that drive in the Get Info window, and change the ownership of it to your account even if it seems to be your account already.


If a folder is owned by UID 99, any non-root user who checks the permissions on it will appear to be the owner. If someone checks its ownership as root, they'll see what it really is.


(66046)

View in context
10 replies
Question marked as Best reply
User profile for user: Niel
Niel
User level: Level 10
726,923 points

Apr 28, 2012 7:36 PM in response to vxc342

Ensure that permissions are enabled for that drive in the Get Info window, and change the ownership of it to your account even if it seems to be your account already.


If a folder is owned by UID 99, any non-root user who checks the permissions on it will appear to be the owner. If someone checks its ownership as root, they'll see what it really is.


(66046)

Reply
User profile for user: vxc342
vxc342 Author
User level: Level 1
0 points

Apr 28, 2012 8:08 PM in response to Niel

Ignore ownership on this volume was checked! I uncheck it. I think that is what you are reffering to.


That drive is owned by the admin user, which is me and the group is staff.


(I have tested with 'test' user which had its home folder on the same ext. drive as the admin)


I am going to reboot and see what happens.

Reply
User profile for user: vxc342
vxc342 Author
User level: Level 1
0 points

Apr 28, 2012 9:00 PM in response to vxc342

  • I uncheck 'ignore ownership on this volume', myExtHD
  • ran 'chown me:staff myExtHD' that left subfolders to be owned by UID 99
  • ran 'chown -R me:staff myExtHD', that failed for some files like thrash. It changed the owner for Documents for example, but Movies folder was left to be owned by UID 99
  • I tried resetpassword command: http://osxdaily.com/2011/11/15/repair-user-permissions-in-mac-os-x-lion/

But myExtHD did not show up in the list.


Any help is appreciated....

Reply
User profile for user: Barney-15E
Barney-15E
User level: Level 10
112,638 points

Apr 29, 2012 10:52 AM in response to vxc342

vxc342 wrote:


Are you sure? Would you not need admin credentials to change the permissions to see the private files?

Not at all. You can connect an external drive up to any operating system and do whatever you want with it. There is nothing in the drive controller that handles permissions, unless it has specialized software. The computer operating system has to choose to respect the permissions on the drive or not. There is nothing special about the permissions that, in and of themselves, protects the information. They are just flags to the Operating system on how it should make certain files available to certain users.

Reply
User profile for user: red_menace
red_menace
User level: Level 6
17,030 points

Apr 29, 2012 11:25 AM in response to vxc342

As long as it stays connected to the original computer, you would need admin credentials to see private files.

That is true for internal drives, since they are assumed to be more-or-less "permanently" connected - the OS will respect the permissions. However, in order for external drives to work you would need to be able to ignore permissions, otherwise I couldn't give someone a disk and have them do anything with the files. Of course, once an internal drive has been removed it now becomes external, and anyone can read it - this is why physical access trumps all security (except encryption).


You might be ble to set the ownership of the drive, as Niel suggested, which should prevent it from being mounted by another user, but I haven't tried that.

Reply

home folder on external drive accessible to all users

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple ID.
Learn more Sign up