Spotlight permission issue with multiple users - user A can search files from user B

Question

Spotlight permission issue with multiple users - user A can search files from user B

Hello everybody,

i need your help with a bad and precarious spotlight issue.

Mavericks is a clean install on my 2010 MacPro and Everything runs fine - but this issue is very annoying.

User A is admin - user B a normal user.

The Problem:

If user B uses spotlight in his account, he also gets the search results from files of User A.

This meens the files in the user folder from User A and also the files on his own extra hard-drive.

For Example to get it clear to you:

On the Desk of User A is a file called "birthday-presents.rtf".

User B searches in his Spotlight "birthday" - now he gets as a result also this file from User A.

He can not open it at all - but he can se it in the spotlight search results.

This also affects the mails, calendars etc.....

This is of course very bad to User A - because his file-names aren't secure anymore.

But also User B has a problem - because his Spotlight results are much longer with a lot files he don't want to see because this files are not his ones.

What can i do?

I rebuilded the spotlight index, but this does not help.

Permissions also seem to be OK - here is a screenshot (german, but i think you catch it).

Posted on Jan 6, 2014 5:08 PM

Reply

Answer 1

Barney-15E

Level 10

112,416 points

Jan 6, 2014 5:59 PM in response to Harald Köhler

Did you migrate these users?

Log in as User A and run this command in Terminal and see if you have any ACLs set with _spotlight as the user.

ls -le ~/

That will list the home folder contents and show the ACLs. ACLs show up below the entry prefixed with a number and : like this:

drwx------   9 user  staff   306 Dec 16 21:24 Applications
drwx------@ 23 user  staff   782 Jan  5 20:16 Desktop
 0: group:everyone deny delete

The 0: line is a standard ACL.

I noticed when I migrated accounts on a test install, the users had these _spotlight ACLs which gave spotlight read access to everything. That is what I think may be the problem.

Reply

Answer 2

Jan 6, 2014 6:20 PM in response to Barney-15E

No there was no migration.

Its a complete Clean install - i only copies Files, Mailboxes, etc. manually.

Here is the result of your advise - is it OK?

Last login: Tue Jan 7 01:28:47 on console

home-MacPro:~ harry$ ls -le ~/

total 0

drwxr-xr-x 2 harry staff 68 5 Nov 12:06 Applications

drwx------+ 30 harry staff 1020 7 Jan 02:07 Desktop

0: group:everyone deny delete

drwx------+ 8 harry staff 272 5 Nov 19:42 Documents

0: group:everyone deny delete

drwx------+ 4 harry staff 136 4 Dez 15:42 Downloads

0: group:everyone deny delete

drwx------@ 55 harry staff 1870 28 Nov 22:34 Library

0: group:everyone deny delete

drwx------+ 6 harry staff 204 7 Dez 01:20 Movies

0: group:everyone deny delete

drwx------+ 7 harry staff 238 7 Jan 02:04 Music

0: group:everyone deny delete

drwx------+ 5 harry staff 170 4 Nov 14:54 Pictures

0: group:everyone deny delete

drwx-wx-wx+ 8 harry staff 272 7 Jan 00:25 Public

0: group:everyone deny delete

home-MacPro:~ harry$

Reply

Answer 3

Barney-15E

Level 10

112,416 points

Jan 6, 2014 6:29 PM in response to Harald Köhler

That's normal. So, what I thought was happening wasn't.

Reply

Answer 4

Jan 6, 2014 6:31 PM in response to Barney-15E

OK, however thanks for your help.

Other Ideas?

Reply

Answer 5

Barney-15E

Level 10

112,416 points

Jan 6, 2014 6:36 PM in response to Harald Köhler

Does User A get search results from User B?

If no, I doubt this will help, but open Disk Utility, select your hard drive and Repair Disk Permissions.

Reply

Answer 6

Jan 6, 2014 6:39 PM in response to Barney-15E

No - User A (my user "harry") does not get search resuts from user B. In this case everything is as it should be.

I reppair the Disk Permissions periodical - this isn't the solution.

Reply

Answer 7

Barney-15E

Level 10

112,416 points

Jan 6, 2014 6:46 PM in response to Harald Köhler

I reppair the Disk Permissions periodical - this isn't the solution.

It rarely is.

Do you have a backup that is attached? If so, can you eject that disk and try again?

Reply

Answer 8

Jan 6, 2014 6:50 PM in response to Barney-15E

There is a Firewire Backup Hard Disc - but the result is the same - with or without it.

Reply

Answer 9

Barney-15E

Level 10

112,416 points

Jan 6, 2014 7:11 PM in response to Harald Köhler

I'm really out of ideas, but I would like to confirm the location of the found files (although I'm pretty sure it will be your folder).

If using the Spotlight Menu, hover over one of the found files and hold down cmd+option(alt). You should see the path at the bottom of the preview window.

If using Finder, Show the Path Bar from the View menu of Finder. Select a found file and look at the path.

Are they pointing into your home folder, or somewhere else?

I've seen one other similar situation, having to do with Tags appearing from another user, but they had the _spotlight ACLs, and it wasn't resolved.

Reply

Answer 10

Jan 6, 2014 7:31 PM in response to Barney-15E

Yes, it is my Folder.

But the Key-Command does not work - because the User B does not have any rights to show it.

Also no icon etc. will appear - only the name of the Files, Mails, Folders etc. in the Spotlight Menu....

No other Details like location, size, preview etc. is shown.

Heres a Screenshot:

Reply

Answer 11

Barney-15E

Level 10

112,416 points

Jan 6, 2014 7:44 PM in response to Harald Köhler

Your permissions are all such that it shouldn't be visible, so it must be something that the spotlight process has incorrect permissions. However, if that was the case, I woudl think it would work the other direction.

Reply

Answer 12

Tlix

Level 4

1,425 points

Jan 6, 2014 7:50 PM in response to Harald Köhler

If you make a third account; does it also see the data in Spotlight from the A user? This may help narrow down the issue to either User A or User B depending on if it happens in another account as well.

Reply

Answer 13

Jan 6, 2014 10:40 PM in response to Tlix

OK - i made a third user.

User C can't see any files in spotlight search from User A or User B.

Also the secondary hard drive from User A doesn't list in the search results.

So everything is fine here.

Now we can say the Problem is User B.

But how can we solve it now?

Reply

Answer 14

Linc Davis

Level 10

209,535 points

Jan 6, 2014 11:31 PM in response to Harald Köhler

Rebuild the Spotlight index. If you try to search now from the magnifying-glass icon in the top right corner of the display, there will be an indication that indexing is in progress.

Reply

Answer 15

Jan 7, 2014 3:55 AM in response to Linc Davis

I rebuild the Index - in addition as well over the terminal.

But same behavior than before :-(

User B still gets the results from User A......

Any ideas?

Reply