Suppose I have OSX running on Hard Drive A (an SSD) And I want to use Hard Drive B (a spinning platter drive) for storing big files, stuff that doesn't need to be hogging precious SSD space. BUT I have multiple users and I want each user to have a sandboxed folder on Hard Drive B. So each user can only read/write his own folder. Sure I could create folders with corresponding ownerships and permissions, but then if a user (some of them are admins) can click "Ignore Ownership on this Volume" then that defeats the purpose, does it not? Although this might be fine if I trust the users not to check that option (or don't know it exists). Other option: I could create encrypted partitions or disk images on Hard Drive B. I'm not sure but I wonder if that would add another layer of complexity - you have to enter a password and mount the drive every session? And then if User X logs in and then User Y sits at the computer, does a Switch User to User Y, then maybe he can read User X's mounted disk? Not sure what to do mainly because I don't completely understand how access control works. Any ideas appreciated!