File sharing Problem: Windows can access each and every file(non-shared too) on my Mac

Discussion in 'macOS' started by Aneef, Dec 23, 2015.

  1. Aneef macrumors regular

    Aneef

    Joined:
    Jun 4, 2015
    Location:
    Lahore, Pakistan
    #1
    Hey there,

    I tried starting file sharing between my Mac and Windows PC. Went to Sharing in Preferences, enabled File sharing, enabled SMB and enabled my user account for sharing as shown in the pic.
    Screen Shot 2015-12-24 at 09.51.04.png
    But when I access my Mac's folder on Windows pc, I can see each and every folder there. Even my Macintosh HD is also shared there, even though I just shared two folders i.e. Dramas and Movies.
    Screen Shot 2015-12-24 at 09.55.11.png
    Now if I uncheck my User name on the options menu, I can't access my Mac at all on my windows pc.

    I only want to access these two folders on my Windows PC, not whole of my Mac HD.
    Help please.
     
  2. jorgk macrumors member

    jorgk

    Joined:
    Mar 20, 2013
    #2
    In the System Preferences / Sharing set up window, you saw the note "Other users can access ..., and administrators all volumes, at ..." ?

    In other words: I suspect you are an administrator of your Mac. If you log in from the PC into the Mac you are granted administrator rights. Which means you can see everything (and where you would not have the privileges to do so, you could change them easily).

    Seems to me the easiest explanation - but I am not doing much of such things, thus happy to be corrected ;-)
     
  3. Aneef thread starter macrumors regular

    Aneef

    Joined:
    Jun 4, 2015
    Location:
    Lahore, Pakistan
    #3
    Yes I'm an administrator of my Macbook pro's user account. But still I want to share only some folders (not all) to other users on my network. But still haven't figured out the correct way to do this.

    Help!
     
  4. jorgk macrumors member

    jorgk

    Joined:
    Mar 20, 2013
    #4
    As said, I have not much clue here either. Just by playing around:

    Turn on File Sharing. Add the folders you want to share into the "Shared Folders:" list. Then select those folders and add a new user in the "Users:" list [for both, click on the + sign below the lists].
    As you see, you will have to either really set up another user account (in "Users & Groups", but have this one without administrator privileges !) or you can actually just use anyone already represented in your "Contacts". Just will need to specify a password once you select a Contact.
    Looks easy.

    Just make sure your Administrator password is a good one. B/c once logged in as Administrator, everything can be 'seen' or made visible. And I don't know how to block the -remote- login into an administrator account. Would be good to know b/c that way all real changes can only be made locally - and not by someone else whom managed to hack into your administrator account.

    Don't fool around with the standard permissions (for Staff, Everyone, and the like). One tends to put Everyone to No Access. But also -you- are Everyone ! (At least to see that there is a folder). If something looses this attribute it's as if it does not exist. You can log yourself out of your harddisk ! Maybe not in this Sharing setup menue, but if you use Get Info on files, folders, or volumes and there start to play with these settings.

    Finally, in Mavericks there is a serious bug (AFAIK it was not patched by 10.9.5) allowing privilege escalation. My knowledge on OSX is too small to know if this applies here for a remote file sharing user. In any case, make sure your OSX version is updated to counter this (yours looks like Yosemite - AFAIK that vulnerability was patched there).

    Good luck,
    jorg
     
  5. grahamperrin macrumors 601

    grahamperrin

    Joined:
    Jun 8, 2007
    #5
    @Aneef please, did you resolve or work around the problem?
     
  6. bcave098 macrumors 6502

    bcave098

    Joined:
    Sep 6, 2015
    Location:
    Northern British Columbia
    #6
    The best solution is to connect as a guest or as a non-administrator user.

    See here for more: https://support.apple.com/kb/PH18697
     
  7. grahamperrin macrumors 601

    grahamperrin

    Joined:
    Jun 8, 2007
    #7
    Please: does that bug allow guests (anonymous/unauthenticated users) to read and write in areas where the file service administrator has set 'Everyone' to 'No Access'?
     

Share This Page