Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

wayland1985

macrumors 6502a
Original poster
Jan 16, 2008
556
28
My wife and I have quite a bit of media between the two of us: I have two external hard drives (One for time machine, one for extra storage), taking up my two Thunderbolt ports.

I'm thinking I want to partition the extra storage hard drive into "his and hers" accounts so that we can move our movies/photos onto it and free up internal storage.

However, my wife is also notorious for downloading junk that makes me nervous (hence our separate apple accounts on the computer).

Is there a way to partition one hard drive: and make it so that my partition isn't accessible when she signs into her account?
 
Interesting. I have a 3 TB WD that I partitioned into two 1.5 TB partitions, one for CCC and the other for TM. Both are encrypted with their own key and different format (one APFS and the other is Mac OS Journaled - both encrypted).

Now I haven't tried just typing the key of one partition in one Mac and the other key of the other partition in another Mac but my assumption is that this would work?
 
I'll give it a shot:

I'm curious though: Disk Utility is saying that I should just add a volume instead of partitioning.

I wonder if a volume can have certain user restrictions? Or am I better off just partitioning? (This is a Samsung T5 drive)
 
A volume can definitely have user restrictions. When I try to access my wife's external drive I need the encryption key then I have to add myself as a user who has read/write permissions because by default it is only read.

I'll let someone take over who knows a lot more about Mac and formatting than I do. @Weaselboy knows a TON, maybe we can ask him to help.

Here are the pictures of my external drive setup (Apologies for the Borg names, I'm a huge Trekkie fan):

Screen Shot 2019-01-27 at 9.08.35 AM.png


Screen Shot 2019-01-27 at 9.09.18 AM.png


Screen Shot 2019-01-27 at 9.09.09 AM.png
 
I wonder if a volume can have certain user restrictions? Or am I better off just partitioning?
With APFS you are better off with Volumes since they can share the same space on the disk and you don't have to pick a fixed size.

I just played around a little with a blank USB key and here is what I would do.

Insert the drive then in Disk Util select the drive itself like in my screenshot. Then click erase and select APFS encrypted with GUID and enter a password when prompted. That will reformat the whole disk and put one volume on it inside an APFS container. Now click Partition and uncheck the partition checkbox and click add volume. Pick APFS Encrypted GUID again and enter a password.

This will give you two volumes that are password protected and it should look like my shot.

Now eject the drive then in your account open Disk Util and right click then mount your volume. Enter your password and check the box to save the PW to your Keychain.

Eject the disk again then login to your wife's account and open Disk Util and repeat the same exercise for her volume.

So now both will be encrypted and neither will be accessible from the other account (unless you manually mount and enter the password).

Screen Shot 2019-01-27 at 9.29.45 AM.png
 
  • Like
Reactions: BigMcGuire
With APFS you are better off with Volumes since they can share the same space on the disk and you don't have to pick a fixed size.

I just played around a little with a blank USB key and here is what I would do.

Insert the drive then in Disk Util select the drive itself like in my screenshot. Then click erase and select APFS encrypted with GUID and enter a password when prompted. That will reformat the whole disk and put one volume on it inside an APFS container. Now click Partition and uncheck the partition checkbox and click add volume. Pick APFS Encrypted GUID again and enter a password.

This will give you two volumes that are password protected and it should look like my shot.

Now eject the drive then in your account open Disk Util and right click then mount your volume. Enter your password and check the box to save the PW to your Keychain.

Eject the disk again then login to your wife's account and open Disk Util and repeat the same exercise for her volume.

So now both will be encrypted and neither will be accessible from the other account (unless you manually mount and enter the password).

View attachment 818452
Hmm: I'm having trouble getting this to work.

So I erased and created one Disk (Andrew's Volume: APFS Encrypted).
Then I added a second volume off of that (Lucy's Volume, APFS (not encrypted, but added a quota))


I then ejected the disk from both accounts... But whenever I mount my volume back, it appears on both accounts?

Does her volume need to be password protected to work?
 
Does her volume need to be password protected to work?
Yep... that is the whole idea to protect them from one another in the two accounts.

It won't be any hassle once you do what I said. With the PW saved in Keychain each of your individual volumes will auto mount at login.
 
  • Like
Reactions: BigMcGuire
Yep... that is the whole idea to protect them from one another in the two accounts.

It won't be any hassle once you do what I said. With the PW saved in Keychain each of your individual volumes will auto mount at login.
Alright: I'll try again! Thanks for the help!


Now, while I have you I had a couple of other questions:

1) If we were to lose power, and the computer restarts: will both volumes show on both accounts?
1a) If yes, she would need my password in order to have access to the volume, correct?

2) Is there a way to keep volumes from showing on guest accounts?

3) If I use this volume for my primary Photos location, does the encryption/password rules affect the App itself from working correctly? (Will it still safely store photos, etc?)
 
1) If we were to lose power, and the computer restarts: will both volumes show on both accounts?
1a) If yes, she would need my password in order to have access to the volume, correct?

2) Is there a way to keep volumes from showing on guest accounts?

3) If I use this volume for my primary Photos location, does the encryption/password rules affect the App itself from working correctly? (Will it still safely store photos, etc?)

1) No... they will both eject and won't remount until you log back in to one of the accounts and it mounts.

2) Not really. They won't be mounted and will look greyed out like my Other volume here. The guest won't be able to do anything with it since they don't have the password. I suppose if the guest user wanted to be a jerk they could erase the whole drive though.

Screen Shot 2019-01-27 at 10.00.02 AM.png

3) Not at all. Once it is mounted at login it will work like any other drive.

The only issue I am seeing here is if you are running Time Machine backup under your account, any data on your wife's unmounted volume will not be backed up. Dunno if that matters to you or not.
 
  • Like
Reactions: BigMcGuire
1) No... they will both eject and won't remount until you log back in to one of the accounts and it mounts.

2) Not really. They won't be mounted and will look greyed out like my Other volume here. The guest won't be able to do anything with it since they don't have the password. I suppose if the guest user wanted to be a jerk they could erase the whole drive though.

View attachment 818456

3) Not at all. Once it is mounted at login it will work like any other drive.

The only issue I am seeing here is if you are running Time Machine backup under your account, any data on your wife's unmounted volume will not be backed up. Dunno if that matters to you or not.


Ah: found my problem: I had to log out of both accounts completely for this to work (I couldn't just switch between accounts with them both active).




As for Time Machine; Everything should back up as long as I add her Volume's password to my account, correct?

Essentially, I just want my volume to be protected from her accessing/modifying the files.
 
Everything should back up as long as I add her Volume's password to my account, correct?
Yep... that would do the trick.

Also, TM by default excludes external volumes, so make sure once you set this all up you go into TM settings and remove these volumes from the exclude list.
 
  • Like
Reactions: BigMcGuire
So: after trying this solution for a few days: it works... But if I'm actively logged in, and fast switch users, my Volume will appear in the other account.

I'm curious, then: if I make a Folder in my volume, and add a lock on TOP of the encryption: would programs like Photo still be able to work normally (assuming my complete album is in the password locked folder?)
 
So: after trying this solution for a few days: it works... But if I'm actively logged in, and fast switch users, my Volume will appear in the other account.

I'm curious, then: if I make a Folder in my volume, and add a lock on TOP of the encryption: would programs like Photo still be able to work normally (assuming my complete album is in the password locked folder?)
That would work, but you will have the same issue I believe. Why don't you just eject the volume before you switch accounts?

https://kainjow.com

There is an app called Semulov (volumes backwards) that sits in the menu bar and makes it quick and easy to eject and mount volumes. That might make this easier for you.

23347_1521640953_scr.jpg
 
  • Like
Reactions: BigMcGuire
Best solution:
Buy your wife her own drive (HDD or SSD).
Plug it into a USB-a port.
Problems... solved.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.