Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

File sharing Problem: Windows can access each and every file(non-shared too) on my Mac

Aneef

Aneef

macrumors regular
Original poster
Jun 4, 2015
237
70
Lahore, Pakistan
Hey there,

I tried starting file sharing between my Mac and Windows PC. Went to Sharing in Preferences, enabled File sharing, enabled SMB and enabled my user account for sharing as shown in the pic.
Screen Shot 2015-12-24 at 09.51.04.png

But when I access my Mac's folder on Windows pc, I can see each and every folder there. Even my Macintosh HD is also shared there, even though I just shared two folders i.e. Dramas and Movies.
Screen Shot 2015-12-24 at 09.55.11.png

Now if I uncheck my User name on the options menu, I can't access my Mac at all on my windows pc.

I only want to access these two folders on my Windows PC, not whole of my Mac HD.
Help please.
 
jorgk

jorgk

macrumors regular
Mar 20, 2013
112
43
In the System Preferences / Sharing set up window, you saw the note "Other users can access ..., and administrators all volumes, at ..." ?

In other words: I suspect you are an administrator of your Mac. If you log in from the PC into the Mac you are granted administrator rights. Which means you can see everything (and where you would not have the privileges to do so, you could change them easily).

Seems to me the easiest explanation - but I am not doing much of such things, thus happy to be corrected ;-)
 
Aneef

Aneef

macrumors regular
Original poster
Jun 4, 2015
237
70
Lahore, Pakistan
jorgk said:
In the System Preferences / Sharing set up window, you saw the note "Other users can access ..., and administrators all volumes, at ..." ?

In other words: I suspect you are an administrator of your Mac. If you log in from the PC into the Mac you are granted administrator rights. Which means you can see everything (and where you would not have the privileges to do so, you could change them easily).

Seems to me the easiest explanation - but I am not doing much of such things, thus happy to be corrected ;-)
Click to expand...
Yes I'm an administrator of my Macbook pro's user account. But still I want to share only some folders (not all) to other users on my network. But still haven't figured out the correct way to do this.

Help!
 
jorgk

jorgk

macrumors regular
Mar 20, 2013
112
43
Aneef said:
But still haven't figured out the correct way to do this.
Click to expand...

As said, I have not much clue here either. Just by playing around:

Turn on File Sharing. Add the folders you want to share into the "Shared Folders:" list. Then select those folders and add a new user in the "Users:" list [for both, click on the + sign below the lists].
As you see, you will have to either really set up another user account (in "Users & Groups", but have this one without administrator privileges !) or you can actually just use anyone already represented in your "Contacts". Just will need to specify a password once you select a Contact.
Looks easy.

Just make sure your Administrator password is a good one. B/c once logged in as Administrator, everything can be 'seen' or made visible. And I don't know how to block the -remote- login into an administrator account. Would be good to know b/c that way all real changes can only be made locally - and not by someone else whom managed to hack into your administrator account.

Don't fool around with the standard permissions (for Staff, Everyone, and the like). One tends to put Everyone to No Access. But also -you- are Everyone ! (At least to see that there is a folder). If something looses this attribute it's as if it does not exist. You can log yourself out of your harddisk ! Maybe not in this Sharing setup menue, but if you use Get Info on files, folders, or volumes and there start to play with these settings.

Finally, in Mavericks there is a serious bug (AFAIK it was not patched by 10.9.5) allowing privilege escalation. My knowledge on OSX is too small to know if this applies here for a remote file sharing user. In any case, make sure your OSX version is updated to counter this (yours looks like Yosemite - AFAIK that vulnerability was patched there).

Good luck,
jorg
 
grahamperrin

grahamperrin

macrumors 601
Jun 8, 2007
4,942
648
jorgk said:
… in Mavericks there is a serious bug (AFAIK it was not patched by 10.9.5) allowing privilege escalation. My knowledge on OSX is too small to know if this applies here for a remote file sharing user. …
Click to expand...

Please: does that bug allow guests (anonymous/unauthenticated users) to read and write in areas where the file service administrator has set 'Everyone' to 'No Access'?
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom