Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Accessing Other Users' Home Folders

R

rs7

macrumors regular
Original poster
Oct 24, 2008
137
0
So I turned on my computers guest account today and while logged onto my username I tried to access the Guest's desktop folder. I was able to open the home folder but it said I was denied access to all the folders inside it, though I'm an administrator. It seems if I hit get info and add myself to the access list I can get into a folder, but is there a simpler way?

Thanks
 
The only user with access to every folder/file on the system is the root user. Being in root user also reveals all the hidden files by default so if you accidentally delete something vital to the normal operation of the computer, you'll have to reload the operating system or restore from a Time Machine backup. Steps for enabling/disabling root user: http://support.apple.com/kb/HT1528
 
I don't have Leopard, so I'm not perfectly familiar with the way the GUI ACL tool in Leopard looks, but the basic idea is that, if you want your admin user to be able to open/modify files in your other user(s)'s home directories, you should just put the admin on the ACL for the top level home directory (e.g. /Users/guest/) and then enable the ACL recursively so that it applies to all subdirectories.

I think at the command line, this would be something like:

Code: 
sudo chmod -R +a "admin allow read,write,append,delete,list,search,add_subdirectory,delete_child,file_inherit,directory_inherit" /Users/Guest

Where admin is the short name of your administrator account and Guest is the short name of the other account. With any additional access rights you want beyond that. Then you would have access to the whole home directory and all its contents.
 
mkrishnan said:
I don't have Leopard, so I'm not perfectly familiar with the way the GUI ACL tool in Leopard looks, but the basic idea is that, if you want your admin user to be able to open/modify files in your other user(s)'s home directories, you should just put the admin on the ACL for the top level home directory (e.g. /Users/guest/) and then enable the ACL recursively so that it applies to all subdirectories.

I think at the command line, this would be something like:

Code: 
sudo chmod -R +a "admin allow read,write,append,delete,list,search,add_subdirectory,delete_child,file_inherit,directory_inherit" /Users/Guest

Where admin is the short name of your administrator account and Guest is the short name of the other account. With any additional access rights you want beyond that. Then you would have access to the whole home directory and all its contents.
Click to expand...

Thanks. I'm not too familiar with Terminal though and don't want to me playing around with sudo commands. Is there a way to apply it to all subdirectories using the GUI?
 
Also looking at the access lists...to the Guest folder one of the people on the access list is called "unknown"...and on the Shared folder one of the people is "wheel". What do these mean?
 
For the GUI command, I'd have to defer to someone who's used Leopard more than I have -- sorry.

rs7 said:
Also looking at the access lists...to the Guest folder one of the people on the access list is called "unknown"...and on the Shared folder one of the people is "wheel". What do these mean?
Click to expand...

For this latter question, these are groups. Groups define another wrinkle to the way permissions are handled. Even without an access control list, every user belongs to at least one group. The default group for users is called staff in OS X. I think in some places there is a bug that causes the staff group to be misidentified as "unknown," however (there is a real group that is defined conventionally as "unknown" but that's beyond necessary here).

Each file and directory belongs to a user and a group -- so if you look at files in your home folder, they belong to your username and to the group staff -- the one to which you belong. Files have specified permissions at three levels -- one for the user who owns them, one for the group that owns them, and one for others who are neither the user nor in the group. This is why, for instance, applications in the /Applications folder belong to root:admin (root is the user and admin is the group), and so admins can edit the files, even though they are not root.

Wheel is a group the system sets up automatically -- the members of wheel are the users who are able to to execute the su and sudo commands, basically. Don't worry too much about wheel. You should really never have to give or take away permissions or ownership by wheel. You should basically just leave them alone.

You could use this, in principle, if you want, for instance by giving ACL permissions for a folder or group of folders to the entire admin group instead of just your admin account. If you did this, any new admins you created would also have access automatically.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back