DCarchaeopteryx

Q: Remove entire account from other accounts' spotlight search

I recently bought a new iMac with latest Yosemite OS X operating system and set up accounts for my kids. After playing around with spotlight search, it soon dawned on me that my search results may show up in their account search results. After testing sure enough, the other accounts search results were an open book of my account, including my private text messages and emails! I was kind of shocked this was a default because I can't imagine most parents (or any Mac users) would want other accounts peering in to every bit of info stored on their computer. Did I configure something wrong? I'm aware of adding files and folders to the spotlight privacy window, but how about completely hiding my account (which is the master account) from their search results? I've been searching online for half an hour and can't find a thing.

iMac (27-inch, Late 2013), OS X Yosemite (10.10.5)

Posted on Sep 2, 2015 4:35 PM

Close

Q: Remove entire account from other accounts' spotlight search

  • All replies
  • Helpful answers

Page 1 Next
  • by Barney-15E,

    Barney-15E Barney-15E Sep 2, 2015 4:52 PM in response to DCarchaeopteryx
    Level 9 (50,047 points)
    Mac OS X
    Sep 2, 2015 4:52 PM in response to DCarchaeopteryx

    It should only show things directly inside you home folder. Anything beyond that should not appear.

    Did you ever change any permissions on your Home folder?

     

    Get Info on one of your subfolders, like Documents. What does it say in the Sharing section?

  • by DCarchaeopteryx,

    DCarchaeopteryx DCarchaeopteryx Sep 3, 2015 6:34 AM in response to Barney-15E
    Level 1 (0 points)
    Sep 3, 2015 6:34 AM in response to Barney-15E

    I never would have changed permissions on my Home folder, but sure enough when I checked it showed as "read only" access to everyone. Problem is I changed it to no access, applied to all enclosing folders, and it still doesn't work. Surely I'm not the only one this has happened to, seems like a real serious security flaw. It should be relatively simple to lock down my home account (considering I'm the admin!) so other users can't search it but so far no luck.

  • by Barney-15E,

    Barney-15E Barney-15E Sep 3, 2015 6:49 AM in response to DCarchaeopteryx
    Level 9 (50,047 points)
    Mac OS X
    Sep 3, 2015 6:49 AM in response to DCarchaeopteryx

    DCarchaeopteryx wrote:

     

    I never would have changed permissions on my Home folder, but sure enough when I checked it showed as "read only" access to everyone. Problem is I changed it to no access, applied to all enclosing folders, and it still doesn't work. Surely I'm not the only one this has happened to, seems like a real serious security flaw. It should be relatively simple to lock down my home account (considering I'm the admin!) so other users can't search it but so far no luck.

    The Home folder should have Read access to everyone. That is necessary for others to access the Public folder, and for the web server to see into the Sites folder.

    It is the subfolders that should not have anything but you as the owner. That's why I asked about the Documents folder, not your Home folder.

     

    There have been other reports of similar behavior, but I have not found the cause.

  • by Linc Davis,

    Linc Davis Linc Davis Sep 3, 2015 7:00 AM in response to DCarchaeopteryx
    Level 10 (207,958 points)
    Applications
    Sep 3, 2015 7:00 AM in response to DCarchaeopteryx

    Back up all data before proceeding.

    Triple-click anywhere in the line below on this page to select it:

    /.Spotlight-V100

    Right-click or control-click the highlighted line and select

              Services Open

    from the contextual menu. A folder should open with a subfolder named ".Spotlight-V100" selected. Move the subfolder to the Trash. You may be prompted for your administrator login password.

    Restart the computer. If you try to search now from the magnifying-glass icon in the top right corner of the display, there should be an indication that indexing is in progress.

    You can't see the folder in the Trash because it's invisible. The next time you empty the Trash, it should be deleted.

  • by DCarchaeopteryx,

    DCarchaeopteryx DCarchaeopteryx Sep 3, 2015 9:03 PM in response to Linc Davis
    Level 1 (0 points)
    Sep 3, 2015 9:03 PM in response to Linc Davis

    Thanks, but after trying that it looks like that just reset the Spotlight feature, it indexed, but I still have the permissions problem. Other accounts have full search access to everything on the home account even though the permissions on all my folders read as "no access." Really wish Apple had user friendly security settings that addressed this, no one would ever set up a computer to allow accounts search  access to the admin account.

  • by Barney-15E,

    Barney-15E Barney-15E Sep 3, 2015 9:11 PM in response to DCarchaeopteryx
    Level 9 (50,047 points)
    Mac OS X
    Sep 3, 2015 9:11 PM in response to DCarchaeopteryx
    Really wish Apple had user friendly security settings that addressed this

    They do. None of my accounts can search the others. There is some problem with yours, could be a bug, but at this point, I don't know what it is.

  • by Linc Davis,

    Linc Davis Linc Davis Sep 3, 2015 9:17 PM in response to DCarchaeopteryx
    Level 10 (207,958 points)
    Applications
    Sep 3, 2015 9:17 PM in response to DCarchaeopteryx

    This procedure is a diagnostic test. It makes no changes to your data.

    Please triple-click anywhere in the line below on this page to select it:

    ls -@Oaen | pbcopy

    Copy the selected text to the Clipboard by pressing the key combination command-C.

    Launch the built-in Terminal application in any of the following ways:

    ☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)

    ☞ In the Finder, select Go Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.

    ☞ Open LaunchPad and start typing the name.

    Paste into the Terminal window by pressing the key combination command-V. I've tested these instructions only with the Safari web browser. If you use another browser, you may have to press the return key after pasting.

    Wait for a new line ending in a dollar sign ($) to appear below what you entered.

    The output of the command will be automatically copied to the Clipboard. If the command produced no output, the Clipboard will be empty. Paste into a reply to this message.

    The Terminal window doesn't show the output. Please don't copy anything from there.

    If any personal information appears in the output, anonymize before posting, but don’t remove the context.

  • by DCarchaeopteryx,

    DCarchaeopteryx DCarchaeopteryx Sep 3, 2015 9:34 PM in response to Linc Davis
    Level 1 (0 points)
    Sep 3, 2015 9:34 PM in response to Linc Davis

    OK just ran that, thanks for reviewing:

     

    Last login: Thu Sep  3 23:49:38 on console

    XXXXX-iMac:~ XXXXX$ ls -@Oaen | pbcopy

    XXXXX-iMac:~ XXXXX$ total 72

    -bash: total: command not found

    XXXXX-iMac:~ XXXXX$ drwxr-x---+  17 501  20  -        578 Sep  3 23:42 .

    -bash: drwxr-x---+: command not found

    XXXXX-iMac:~ XXXXX$  0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    -bash: 0:: command not found

    XXXXX-iMac:~ XXXXX$ drwxr-xr-x    7 0    80  -        238 Jul  2 18:31 ..

    -bash: drwxr-xr-x: command not found

    XXXXX-iMac:~ XXXXX$ -rw-r-----    1 501  20  -          7 May 19 22:01 .CFUserTextEncoding

    -bash: -rw-r-----: command not found

    XXXXX-iMac:~ XXXXX$ -rw-r-----@   1 501  20  -      26628 Sep  3 10:06 .DS_Store

    -bash: -rw-r-----@: command not found

    XXXXX-iMac:~ XXXXX$ com.apple.FinderInfo   32

    -bash: com.apple.FinderInfo: command not found

    XXXXX-iMac:~ XXXXX$ drwx------    4 501  20  -        136 Sep  3 23:47 .Trash

    -bash: drwx------: command not found

    XXXXX-iMac:~ XXXXX$ -rw-r-----    1 501  20  -        206 Jun 27 00:19 .bash_history

    -bash: -rw-r-----: command not found

    XXXXX-iMac:~ XXXXX$ drwxr-x---    3 501  20  -        102 May 23 20:12 .cups

    -bash: drwxr-x---: command not found

    XXXXX-iMac:~ XXXXX$ drwxr-x---    3 501  20  -        102 May 24 23:51 .mplayer

    -bash: drwxr-x---: command not found

    XXXXX-iMac:~ XXXXX$ drwxr-x---+  11 501  20  -        374 Aug 27 22:00 Desktop

    -bash: drwxr-x---+: command not found

    XXXXX-iMac:~ XXXXX$  0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    -bash: 0:: command not found

    XXXXX-iMac:~ XXXXX$ drwxr-x---+ 171 501  20  -       5814 Sep  2 19:08 Documents

    -bash: drwxr-x---+: command not found

    XXXXX-iMac:~ XXXXX$  0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    -bash: 0:: command not found

    XXXXX-iMac:~ XXXXX$ drwxr-x---+  18 501  20  -        612 Sep  2 18:36 Downloads

    -bash: drwxr-x---+: command not found

    XXXXX-iMac:~ XXXXX$  0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    -bash: 0:: command not found

    XXXXX-iMac:~ XXXXX$ drwxr-x---@  50 501  20  hidden  1700 Aug 19 15:04 Library

    -bash: drwxr-x---@: command not found

    XXXXX-iMac:~ XXXXX$ com.apple.FinderInfo   32

    -bash: com.apple.FinderInfo: command not found

    XXXXX-iMac:~ XXXXX$  0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    -bash: 0:: command not found

    XXXXX-iMac:~ XXXXX$ drwxr-x---+   6 501  20  -        204 May 24 17:30 Movies

    -bash: drwxr-x---+: command not found

    XXXXX-iMac:~ XXXXX$  0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    -bash: 0:: command not found

    XXXXX-iMac:~ XXXXX$ drwxr-x---+  10 501  20  -        340 May 24 17:31 Music

    -bash: drwxr-x---+: command not found

    XXXXX-iMac:~ XXXXX$  0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    -bash: 0:: command not found

    XXXXX-iMac:~ XXXXX$ drwxr-x---+  55 501  20  -       1870 Aug  2 12:46 Pictures

    -bash: drwxr-x---+: command not found

    XXXXX-iMac:~ XXXXX$  0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    -bash: 0:: command not found

    XXXXX-iMac:~ XXXXX$ drwxr-xr-x+   5 501  20  -        170 May 19 22:00 Public

    -bash: drwxr-xr-x+: command not found

    XXXXX-iMac:~ XXXXX$  0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    -bash: 0:: command not found

    XXXXX-iMac:~ XXXXX$ drwxr-x---    4 501  20  -        136 Jun 27 00:15 cfg

    -bash: drwxr-x---: command not found

    XXXXX-iMac:~ XXXXX$

  • by DCarchaeopteryx,

    DCarchaeopteryx DCarchaeopteryx Sep 3, 2015 9:35 PM in response to Barney-15E
    Level 1 (0 points)
    Sep 3, 2015 9:35 PM in response to Barney-15E

    Yeah I should have rephrased that more elegantly, but a user friendly way to address this bug.

  • by DCarchaeopteryx,

    DCarchaeopteryx DCarchaeopteryx Sep 3, 2015 9:39 PM in response to DCarchaeopteryx
    Level 1 (0 points)
    Sep 3, 2015 9:39 PM in response to DCarchaeopteryx

    Sorry, it's late and I misread, obviously pasted from terminal. Here are the clipboard contents as requested:

    total 72

    drwxr-x---+  17 501  20  -        578 Sep  3 23:42 .

    0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    drwxr-xr-x    7 0    80  -        238 Jul  2 18:31 ..

    -rw-r-----    1 501  20  -          7 May 19 22:01 .CFUserTextEncoding

    -rw-r-----@   1 501  20  -      26628 Sep  3 10:06 .DS_Store

      com.apple.FinderInfo   32

    drwx------    4 501  20  -        136 Sep  3 23:47 .Trash

    -rw-r-----    1 501  20  -       1791 Sep  4 00:34 .bash_history

    drwxr-x---    3 501  20  -        102 May 23 20:12 .cups

    drwxr-x---+  11 501  20  -        374 Aug 27 22:00 Desktop

    0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    drwxr-x---+ 171 501  20  -       5814 Sep  2 19:08 Documents

    0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    drwxr-x---+  18 501  20  -        612 Sep  2 18:36 Downloads

    0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    drwxr-x---@  50 501  20  hidden  1700 Aug 19 15:04 Library

      com.apple.FinderInfo   32

    0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    drwxr-x---+   6 501  20  -        204 May 24 17:30 Movies

    0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    drwxr-x---+  10 501  20  -        340 May 24 17:31 Music

    0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    drwxr-x---+  55 501  20  -       1870 Aug  2 12:46 Pictures

    0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    drwxr-xr-x+   5 501  20  -        170 May 19 22:00 Public

    0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    drwxr-x---    4 501  20  -        136 Jun 27 00:15 cfg

  • by Linc Davis,

    Linc Davis Linc Davis Sep 3, 2015 9:40 PM in response to DCarchaeopteryx
    Level 10 (207,958 points)
    Applications
    Sep 3, 2015 9:40 PM in response to DCarchaeopteryx

    You pasted the output of the command back into the Terminal window, then posted the contents of the Terminal window. Please don't do that. Review the instructions and try again. If something is unclear, please specify what it is.

  • by DCarchaeopteryx,

    DCarchaeopteryx DCarchaeopteryx Sep 3, 2015 9:45 PM in response to Linc Davis
    Level 1 (0 points)
    Sep 3, 2015 9:45 PM in response to Linc Davis

    Yes sorry, I misread. Here are the clipboard contents as requested:

    total 72

    drwxr-x---+  17 501  20  -        578 Sep  3 23:42 .

    0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    drwxr-xr-x    7 0    80  -        238 Jul  2 18:31 ..

    -rw-r-----    1 501  20  -          7 May 19 22:01 .CFUserTextEncoding

    -rw-r-----@   1 501  20  -      26628 Sep  3 10:06 .DS_Store

      com.apple.FinderInfo   32

    drwx------    4 501  20  -        136 Sep  3 23:47 .Trash

    -rw-r-----    1 501  20  -       1810 Sep  4 00:40 .bash_history

    drwxr-x---    3 501  20  -        102 May 23 20:12 .cups

    drwxr-x---+  11 501  20  -        374 Aug 27 22:00 Desktop

    0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    drwxr-x---+ 171 501  20  -       5814 Sep  2 19:08 Documents

    0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    drwxr-x---+  18 501  20  -        612 Sep  2 18:36 Downloads

    0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    drwxr-x---@  50 501  20  hidden  1700 Aug 19 15:04 Library

      com.apple.FinderInfo   32

    0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    drwxr-x---+   6 501  20  -        204 May 24 17:30 Movies

    0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    drwxr-x---+  10 501  20  -        340 May 24 17:31 Music

    0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    drwxr-x---+  55 501  20  -       1870 Aug  2 12:46 Pictures

    0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    drwxr-xr-x+   5 501  20  -        170 May 19 22:00 Public

    0: ABCDEFAB-CDEF-ABCD-EFAB-CDEF0000000C deny delete

    drwxr-x---    4 501  20  -        136 Jun 27 00:15 cfg

  • by Barney-15E,

    Barney-15E Barney-15E Sep 4, 2015 4:44 AM in response to DCarchaeopteryx
    Level 9 (50,047 points)
    Mac OS X
    Sep 4, 2015 4:44 AM in response to DCarchaeopteryx

    All of your sub folders have read permission for the staff group, which all users are in.

    If that was like that from the outset, then that might have been the problem; however, that likely happened when you "applied to enclosed" on the Home folder.

    The home folder allows read access for a reason. The sub folders do not. But, you copied the read permissions throughout when you applied to enclosed.

  • by Linc Davis,

    Linc Davis Linc Davis Sep 4, 2015 5:45 AM in response to DCarchaeopteryx
    Level 10 (207,958 points)
    Applications
    Sep 4, 2015 5:45 AM in response to DCarchaeopteryx

    Back up all data. Enter the following command in the Terminal window in the same way as before (triple-click, copy, and paste):

    chmod g-rx {[DLMc],Pi}*
Page 1 Next