Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Letting my friend borrow my mac, wanna block my files

M. Malone

M. Malone

macrumors 6502a
Original poster
Mar 11, 2004
677
2
hey everyone, so I have a friend who is considering switching over, I offered to let him borrow my old PowerBook that I occasionally use, I have some important files I don't want him accessing, so I was thinking of making him a separate account, but at the same time I want him to have all the administrative freedom since he will download programs and experiment with it, so what is the best way to do this? thanks
 
Jericho2550 said:
hey everyone, so I have a friend who is considering switching over, I offered to let him borrow my old PowerBook that I occasionally use, I have some important files I don't want him accessing, so I was thinking of making him a separate account, but at the same time I want him to have all the administrative freedom since he will download programs and experiment with it, so what is the best way to do this? thanks
Click to expand...

you could just put your important files inside an encrypted disk image. That way if he gets into your account (reasonably easy) then he will have to guess your "strong" password.
 
xUKHCx said:
you could just put your important files inside an encrypted disk image. That way if he gets into your account (reasonably easy) then he will have to guess your "strong" password.
Click to expand...

so is there a way I can BLOCK him out, noway for him to get into my account but still have administrative rights?
 
Jericho2550 said:
so is there a way I can BLOCK him out, noway for him to get into my account but still have administrative rights?
Click to expand...

Sure, when you create an account for him, check this box:
 

Attachments

  • Picture 8.png
    Picture 8.png
    12.7 KB · Views: 97
smokeyrabbit said:
Sure, when you create an account for him, check this box:
Click to expand...

Are you sure? I thought that if an account had administrator privileges it could access any file in any account by entering an admin password. I could be wrong though.
 
Jericho2550 said:
thnaks guys, but I want him to have administrative rights, he wants to experiment with it all the way...
Click to expand...
I don't see any benefit to this.

motulist said:
Are you sure? I thought that if an account had administrator privileges it could access any file in any account by entering an admin password. I could be wrong though.
Click to expand...
They'd need a little bit of Terminal knowledge to do that but they could wreck any other system level files.
 
Jericho2550 said:
thnaks guys, but I want him to have administrative rights, he wants to experiment with it all the way...
Click to expand...

Unless you go the encrypted disk image route, I'm pretty sure there's no way to lock him out of any files if he's an administrator.
 
motulist said:
Are you sure? I thought that if an account had administrator privileges it could access any file in any account by entering an admin password. I could be wrong though.
Click to expand...

Nope, the root user can. Admin users can install apps and update the OS, but can't see into other user's private areas. You can see into the Public folder and Drop Box, but that's about it, as illustrated:
 

Attachments

  • Picture 9.png
    Picture 9.png
    16.8 KB · Views: 644
smokeyrabbit said:
If he's going to be fooling around with Terminal and knows his way around unix, then you probably should go the encrypted disk route if you have sensitive files.
Click to expand...

the guy barely knows how to point and click...so this will be the route, thank you all so much :D
 
Your friend can get into your account any number of ways: by enabling root, booting from the Install CD and running Change Password, booting it on an System 9 machine, etc. etc. :eek:
If this isn't your primary machine, I would suggest putting those files on a CD or thumb drive.
 
smokeyrabbit said:
If he's going to be fooling around with Terminal and knows his way around unix, then you probably should go the encrypted disk route if you have sensitive files.
Click to expand...
Haha, oh wow. 10 seconds on Google and you can at least chown the files. chmod would require a little more work for something a bit more complicated then making it world readable.
 
Eidorian said:
sudo chmod it.
Click to expand...

Don't even need to use terminal, Just select the other users folder, "get info" then go down to "Ownership & Permissions" - Details - Hit the padlock, change the owner to you, enter an admin password. BOOM their files are your files.

That is why if they have administrator rights you have to go down the encrypted disk image route, as previously suggested.
 
xUKHCx said:
Don't even need to use terminal, Just select the other users folder, "get info" then go down to "Ownership & Permissions" - Details - Hit the padlock, change the owner to you, enter an admin password. BOOM their files are your files.

That is why if they have administrator rights you have to go down the encrypted disk image route, as previously suggested.
Click to expand...
Neh, you and your GUI. Just -R the whole thing.

Still gentleman repeat after me: admin -> sudo -> root = god
 
Eidorian said:
Haha, oh wow. 10 seconds on Google and you can at least chown the files. chmod would require a little more work for something a bit more complicated then making it world readable.
Click to expand...

You're freakin me out man, I depend on encrypted disk images as a very strong security measure. Are you saying that's not the case? I googled chown but can't really figure out how that applies. Please fill me in!
 
Eidorian said:
Neh, you and your GUI. Just -R the whole thing.

Still gentleman repeat after me: admin -> sudo -> root = god
Click to expand...

Hey i do like my GUI but i am learning my Unix.

i was merely highlighting how easy it is with an admin account to get into someone else's files (by easy i mean no terminal knowledge, just point and click)
 
motulist said:
You're freakin me out man, I depend on encrypted disk images as a very strong security measure. Are you saying that's not the case? I googled chown but can't really figure out how that applies. Please fill me in!
Click to expand...
The encrypt disk image would work. chown = change ownership and chmod = change modifiers (permissions being one thing you can change).

You can pretty much do the same via the GUI using Get Info.
 
xUKHCx said:
Don't even need to use terminal, Just select the other users folder, "get info" then go down to "Ownership & Permissions" - Details - Hit the padlock, change the owner to you, enter an admin password. BOOM their files are your files.

That is why if they have administrator rights you have to go down the encrypted disk image route, as previously suggested.
Click to expand...

I have multiple admin accts on my office machines and this routine doesn't work. You need to have root access to see other admin's files. I don't know enough about Unix to comment on the sudo chmod commands, but I can't just sudo ls the other admin's directories.

EDIT: OK that's weird. It didn't let me see into the other admin's directory until I logged into that account, and now it acts just like you guys all described. Now I'm going to have to restart and see if it still lets me.
 
motulist said:
You're freakin me out man, I depend on encrypted disk images as a very strong security measure. Are you saying that's not the case? I googled chown but can't really figure out how that applies. Please fill me in!
Click to expand...

Nah, encrypted disk images are good. The most he can do is change their ownership- but he still won't be able to get into it without the password.

Any other file on the computer though...is up for grabs.
 
smokeyrabbit said:
I have multiple admin accts on my office machines and this routine doesn't work. You need to have root access to see other admin's files. I don't know enough about Unix to comment on the sudo chmod commands, but I can't just sudo ls the other admin's directories.
Click to expand...

Must have a different set up because on my computer i have multiple admin accounts and it works.

I did nothing special to set this up, just hit the check box "Allow user to administer this computer" in system preferences.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back