11 Replies Latest reply: Jan 7, 2013 10:36 PM by twtwtw
cars--10 Level 1 (0 points)



I try to figure out how multiple users (my wife and I) on the same mac can have equal access to files on the local drive without granting that access to all users on that machine or even the rest of the world.


My research sofar hasn't come up with a satisfying solution. Here are the solutions that I am looking at:


1. Enable a permission system that ensures access to both users in all cases (file/directory creation, copy and move).


I only found a suitable solution for creating and copying files/directories but not for moving them.

See the following articles for reference:

https://discussions.apple.com/message/20787617#20787617 Setting up a shared structure that works e.g. for iPhoto Library but not for moving files to and from

https://discussions.apple.com/message/4005647#4005647 Helpful information on POSIX Permissions, ACL's an Permission inheritance


This would be my first choice if I can get around the problem of moving files...


2. Disk Image

Create a disk image which ignores persmissions and set permissions for the file that contains the image instead.

Read this article to get further details: http://support.apple.com/kb/HT1198


This solution will work but has a few disadvatages:

There's no mutual access from multiple user accounts since an image may only be mounted by one user at a time.

One has to create a startup script that mounts the image upon login which would create a first come first serve for access to the image content.


3. Using a file sharing protocol (e.g. afp or smb) locally.

The idea behind it is to have a server providing the files mutually to multiple users one the same machine. At them moment this seems to be the most promising approach to me.


Unfortunately I can get acces from another machine but not from the same machine. Has anyone ever tried to access the file sharing (afp or smb) from the same machine on which the server is located?


Has anyone got some helpful hints for me?


Thanks in advance.

iMac, OS X Mountain Lion (10.8.2)
  • twtwtw Level 5 (4,910 points)

    well, my first-blush reaction is to suggest you create a new group on the machine that only includes you and your wife (call it 'spouses'), and then create a local folder that is only accessible to that group.  Then you and your wife can do whatever you like in it (within the constraints of morality and personal dignity) and no one else will have access.  I haven't really thought it through,though, much less tested it.

  • cars--10 Level 1 (0 points)

    Hello twtwtw,


    the general thought of using a group for the both of us is part of my approach 1. You find details if you read the linked articles. The articles provide a complete solution to the problem except for the case of moving files with predefined priviliges into such a shared folder or out of that shared folder.





  • twtwtw Level 5 (4,910 points)

    Sorry, but you didn't specify details, and it was worth checking whether or not you had overlooked this approach.


    The problem you're having (as I suppose you already know) is that any new disk item inherits the permissions of the folder it is originally created in in.  These permissions (sensibly enough) need owner or administrator permission to change once they've been established; that will happen when you copy a file to a new location (because that's essentially creating a new file) but not when you move it. any of the following would work:


    • changing the permissions on newly created files for both users so that they all explicitly give r/w access to a particular group.
    • writing a droplet that would change the permissions of files dropped on it and move them programmatically to the shared folder
    • set up a folder action or launchd job that would watch the shared folder and automatically convert permissions on files placed in it.


    The last would be the approach I would take, but...  which appeals to you?

  • cars--10 Level 1 (0 points)

    Hi twtwtw,


    no worries. You first suggestion on changing permission on newly created files does not seem to be practical to me. I am planning to share an organised folder-file-hirarchy between to accounts. I assume that a droplet only works for one folder an not for a hirachy of folders. Can a droplet really help here? The same question applies to the folder action.


    Your third suggestion is the one I would choose as well.


    But before I do I would like to find help for my third approach using a file sharing server such as afp? Have you got a suggestion for that?


    Best regards

  • twtwtw Level 5 (4,910 points)

    To my understanding (which may be flawed) sharing files between machines and sharing files between users on a single machine are different processes.  To do what you'd ask, you'd have to set your machine up as a network server for itself, which (though it may be possible) is a bit of a head-scratcher.  I tried it on my machine as a test, but it timed out with a 'server not available' error message (which is what I expected), so the simplest approach won't work.  Maybe someone else knows something trickier...

  • cars--10 Level 1 (0 points)

    I am experiencing the exact same problem. Does anyone know about a solution to this?

  • Pierre L. Level 5 (4,205 points)

    My two cents…


    Why not a shared account, with a shared password, instead of a shared folder? Each one of you could also have their own account for those files that you don't want to share.


    Message was edited by: Pierre L. (“their own account” of course, not “own folder”)

  • rccharles Level 5 (7,090 points)

    Look into this:


    Directory Set Group ID

    "This attribute is helpful when several users need access to certain files.  If the users work in a directory with the setgid attribute set then any files created in the directory by any of the users will have the permission of the group."






    There is probably some way of doing what you want with ACL's.



  • Frank Caggiano Level 7 (25,715 points)

    I'm not seeing why the ACL solution won;t work. The issue of copying files should not be that big of a problem if you set up the workflow correctly.


    All work that is to be shared between you and your wife is done in the folder setup with the ACL's. As long as all files are created there they will have the correct permissions.


    If you work outside of this folder on material that is to be shared then simply copy into the shared folder. Of course if you are setting this up to allow sharing  then why work on something outside this folder.


    As for any current work that was created before you set up the folder then thee is a one time cost of copying or moving it all into the shared space.

  • wikidest6666 Level 1 (5 points)

    Well you can always save all of your files under Macintosh HD ( hard drive) and make a folder in macintosh hd and then your wife can a sees your files to Just make sure you both have administrator privileges

  • twtwtw Level 5 (4,910 points)

    A random thought: I think you could get the effect you're looking for by creating a new HFS partition on the drive, and setting the permissions on the root folder of the file system (the mount point) that restrict access to you and your spouse - e.g. root/yourspousegroup 770. No one else will have read permissions so they won't even see the partition, and it should work just like any other mounted volume in that moving something into it becomes a defacto copy and chages permissions to match.  You might be able to accomplish the same effect using a dmg, but I think a partition would be a cleaner solution.