For security reasons should I delete all users from sharing and privaleges before encrypting drive?

You don't need to get rid of them.

Those extra permissions are standard for access to your public folder and Sites.

Everyone isn't everybody in the world. It is logged in users who are not the owner or a member of the group that is associated with the file/folder. Everyone is really Others in the Posix permissions. See here for a quick rundown: http://www.thetechrepo.com/main-articles/494

The more you mess with the permissions you don't understand, the less you will be able to use your Mac. For instance, when you decide that you want to set everyone to No Access on your hard drive, you will not be able to boot your Mac.

Unchecking Ignore ownership on an external doesn't really do anything for security. It is the OS that reads the permissions associated with the files and provides access to the users that are granted access. You can plug that drive into any computer and have another OS completely ignore those permissions. Posix permissions are designed to control access to logged in users. It doesn't encrypt or password protect anything on the drive.

And what options does someone have if they do this?

Boot into single-user mode and fix the permissions using chmod

And why would some folders have a drop box sharing permission on write only when I don't have dropbox?

A drop box has nothing to do with the application of the same name. A drop box in unix is a place where other users can drop files into your user account. They can't read the contents of the folder, but they can write to it.

zedsded4me wrote:

And why would some folders have a drop box sharing permission on write only when I don't have dropbox?

DropBox the file sharing service and dropbox permissions on OS X are two different things.

You can open your Finder > Computer > Macintosh HD > Users > Public and there will be a Dropbox folder in there, this is to allow other users to drop files and change the ownership and permissions to your account like a mailbox.

I'm become a bit concerned about security of late, as I found out that both my external drives with sensitive info on had the "Ignore ownership on this volume" selected. I presume this decreases security? I have unchecked both now.

It allows any user who has physical access to the drive to read/write to that drive. It's usually the standard procedure as external drives are shared with other machines and users accounts.

If someone has access to your Mac, then it won't matter what the permissions are on the external drive in most cases.

Also having got rid of extra sharing permissions I have never added (drop box, staff) I still have another user group named 'everyone' that I can not get rid of as the minus button underneath is greyed out, so will not work for this group.

I would very much like to restore my drive to just me with access before I go ahead and encrypt it, but I can't for the life of me work out how to get rid of that group with the greyed out button. All I can do is add another one.

Your messing around with some serious poo-poo messing with groups and permissions, I've seen people here brick their entire machines doing that.

In fact I ran a experiment exactly what happens and it wasn't pretty, had a hard time even restoring the operating system later.

I don't know what you did, but I would backup files off the machine to external storage drive (with ignore permissions turned on) then erase your Macintosh HD partition from the Recovery HD partition, reinstall OS X + iLife then your programs and return files

Erase, formatting, OS X installs on Mac's

Never enable Filevault because it's cracked in certain circumstances and you have to give up the password to have your machine fixed. So it's not really 100% or private. Especially when Apple has to give backdoor to law enforcement types.

http://www.tuaw.com/2012/02/03/apple-filevault-2-encryption-cracked-but-dont-pan ic/

How do I securely delete data from the machine?

Also if you ever need to boot from a external drive and fix your internal one, you can't because Filevaulted boot drives are one big image. So it's not idea for a boot drive.

Only a external hardware encrypted drive is secure. Software encrytion is problematic and hackable as the keys are in RAM memory.

http://www.datalocker.com/products/datalocker-dl3.html