Create access-controlled folders on an external drive

Discussion in 'Mac Basics and Help' started by jackotack, Mar 8, 2016.

  1. jackotack macrumors newbie

    Joined:
    Oct 26, 2012
    #1
    Suppose I have OSX running on Hard Drive A (an SSD)

    And I want to use Hard Drive B (a spinning platter drive) for storing big files, stuff that doesn't need to be hogging precious SSD space.

    BUT I have multiple users and I want each user to have a sandboxed folder on Hard Drive B. So each user can only read/write his own folder.

    Sure I could create folders with corresponding ownerships and permissions, but then if a user (some of them are admins) can click "Ignore Ownership on this Volume" then that defeats the purpose, does it not? Although this might be fine if I trust the users not to check that option (or don't know it exists).

    Other option: I could create encrypted partitions or disk images on Hard Drive B. I'm not sure but I wonder if that would add another layer of complexity - you have to enter a password and mount the drive every session? And then if User X logs in and then User Y sits at the computer, does a Switch User to User Y, then maybe he can read User X's mounted disk?

    Not sure what to do mainly because I don't completely understand how access control works.

    Any ideas appreciated!
     
  2. mfram, Mar 10, 2016
    Last edited: Mar 10, 2016

    mfram macrumors 65816

    Joined:
    Jan 23, 2010
    Location:
    San Diego, CA USA
    #2
    If the users have admin permissions, then there's nothing you can do to absolutely prevent them from accessing other people's folders without using encrypted images and requiring them to enter a password. I recommend creating different encrypted 'sparebundles'. That won't pre-allocate the space on the drive but instead allow the space to be used up over time as they add more files. The contents of the folders will potentially be available to everyone else on the machine until they are unmounted (ejected).

    Another option is to use folders on a server. It would be easier to control access to server folders. But, again, that would require the users to have a password. This time to the server.
     
  3. jackotack thread starter macrumors newbie

    Joined:
    Oct 26, 2012
    #3
    Thanks for the thoughtful reply.
     

Share This Page