PDA

View Full Version : Moved Home folders for all user accounts, now no longer secure.




kirkbross
Jul 12, 2012, 06:35 PM
I installed Lion and created three user accounts. Because the SSD is small I moved the three new user accounts to a large storage drive (and changed the Home directory locations). All is well except...

The User > Name folders on the new drive no longer have the red circle (no access) icon and are so all are accessible from all accounts.

AND...

The old, unused Home folders on the system drive (which I haven't deleted yet) still have the "no access" red circle w/ white minus sign icon.

How do I make the new Home folders only accessible to the current user, i.e. get the red icon on those folders? Does it have to do with Sharing & Permissions on the new user drive? I have ignore ownership on this drive checked, but that seems to make no difference either way.



Alameda
Jul 13, 2012, 08:21 AM
Did you try running Disk Utility to Repair Permissions?

Bear
Jul 13, 2012, 09:42 AM
...
How do I make the new Home folders only accessible to the current user, i.e. get the red icon on those folders? Does it have to do with Sharing & Permissions on the new user drive? I have ignore ownership on this drive checked, but that seems to make no difference either way.Ignore ownership will guarantee no security.

I suggest you disable "ignore ownership" and then instead of relying on a red icon, log in to one of the other accounts and see what it can access. Do check individual files and not just folders themselves.

Depending on if the copy was affected by how you did it and with ignore ownership enabled, you might have to reset ownership for the files you copied.

kirkbross
Jul 15, 2012, 02:03 PM
Ignore ownership will guarantee no security.

I suggest you disable "ignore ownership" and then instead of relying on a red icon, log in to one of the other accounts and see what it can access. Do check individual files and not just folders themselves.

Depending on if the copy was affected by how you did it and with ignore ownership enabled, you might have to reset ownership for the files you copied.I guess my whole premise is silly because if all three users are Admins, and all three accounts have no password (just Enter) then anyone can access anything anyway. Heh.

charlituna
Jul 15, 2012, 02:12 PM
I guess my whole premise is silly because if all three users are Admins, and all three accounts have no password (just Enter) then anyone can access anything anyway. Heh.

it's actually not that silly given that one of them might decide to put on a password and there's the issue is making certain the right docs go in the right folders etc.

But for what you did you didn't move the home folder so much as back it up. that's why they are accessible. The system doesn't recognize it as a home folder anymore. There is a way in the advanced options in users and groups to remap the moved folders as a home folder and that should move the access blocks as well. It's generally only used for networked systems but you could give it a try.

kirkbross
Jul 16, 2012, 02:59 PM
it's actually not that silly given that one of them might decide to put on a password and there's the issue is making certain the right docs go in the right folders etc.

But for what you did you didn't move the home folder so much as back it up. that's why they are accessible. The system doesn't recognize it as a home folder anymore. There is a way in the advanced options in users and groups to remap the moved folders as a home folder and that should move the access blocks as well. It's generally only used for networked systems but you could give it a try.I did remap the paths for all 3 accounts in Advanced Options in Users & Groups to the new drive. The old ones are still there and locked but the lock didn't transfer to the new drive. I could probably log into each account one by one and allow only the current user, but I'm not going to worry about it. This is mainly to keep separate desktops and settings. All 3users are friends and no one is going to snoop or store anything worth snooping on this machine.