Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Create access-controlled folders on an external drive

J

jackotack

macrumors newbie
Original poster
Oct 26, 2012
21
0
Suppose I have OSX running on Hard Drive A (an SSD)

And I want to use Hard Drive B (a spinning platter drive) for storing big files, stuff that doesn't need to be hogging precious SSD space.

BUT I have multiple users and I want each user to have a sandboxed folder on Hard Drive B. So each user can only read/write his own folder.

Sure I could create folders with corresponding ownerships and permissions, but then if a user (some of them are admins) can click "Ignore Ownership on this Volume" then that defeats the purpose, does it not? Although this might be fine if I trust the users not to check that option (or don't know it exists).

Other option: I could create encrypted partitions or disk images on Hard Drive B. I'm not sure but I wonder if that would add another layer of complexity - you have to enter a password and mount the drive every session? And then if User X logs in and then User Y sits at the computer, does a Switch User to User Y, then maybe he can read User X's mounted disk?

Not sure what to do mainly because I don't completely understand how access control works.

Any ideas appreciated!
 
If the users have admin permissions, then there's nothing you can do to absolutely prevent them from accessing other people's folders without using encrypted images and requiring them to enter a password. I recommend creating different encrypted 'sparebundles'. That won't pre-allocate the space on the drive but instead allow the space to be used up over time as they add more files. The contents of the folders will potentially be available to everyone else on the machine until they are unmounted (ejected).

Another option is to use folders on a server. It would be easier to control access to server folders. But, again, that would require the users to have a password. This time to the server.
 
Last edited:
  • Like
Reactions: jackotack
mfram said:
If the users have admin permissions, then there's nothing you can do to absolutely prevent them from accessing other people's folders without using encrypted images and requiring them to enter a password. I recommend creating different encrypted 'sparebundles'. That won't pre-allocate the space on the drive but instead allow the space to be used up over time as they add more files. The contents of the folders will potentially be available to everyone else on the machine until they are unmounted (ejected).

Another option is to use folders on a server. It would be easier to control access to server folders. But, again, that would require the users to have a password. This time to the server.
Click to expand...

Thanks for the thoughtful reply.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back