OSX File Sharing - everybody can see everything :/

Discussion in 'OS X Yosemite (10.10)' started by islade, Nov 21, 2014.

  1. islade macrumors newbie

    Joined:
    Mar 6, 2014
    #1
    Hi,

    I've set up two shares on my nMP running Yosemite:
    I've shared my 12tb external drive for just myself and I've shared a 'movies' folder for both myself and a 'sharing-only' account for my girlfriend.

    When I log in on my MBP as myself, I can access both shares as I should be able to (i have permission to both).

    When she logs in as her, she can also access both, even though her account only has access to the 'movies' folder and 'everyone' is denied to the 12tb share. If I add her to the share, there isn't a deny option, so I've just left her out and denied everybody.

    What can I do to make sure she can access movies but not the 12tb drive?

    I've tried updating all computers involved, removing and recreating share, triple checking sharing permissions on the folders in finder without success.
     
  2. grahamperrin macrumors 601

    grahamperrin

    Joined:
    Jun 8, 2007
    #2
  3. grahamperrin macrumors 601

    grahamperrin

    Joined:
    Jun 8, 2007
    #3
    https://gist.github.com/grahamperrin/0c05a92c685cc86123d0f67e4ab6596a/revisions

     
  4. KALLT macrumors 601

    Joined:
    Sep 23, 2008
    #4
    This is indeed disturbing. I have compared a directory, a mounted disk image and a mounted thumb drive (HFS+) on Mavericks. Only for the latter are the permissions overridden to read & write for ‘everyone’. That is... good to know. o_O
     
  5. grahamperrin macrumors 601

    grahamperrin

    Joined:
    Jun 8, 2007
    #5
    Yeah, and –

    – the problem is not limited to USB or thumb drives.

    At its simplest, it's an Apple workflow problem:
    1. connect a drive with an HFS Plus volume
    2. share the volume, and set 'Everyone' to 'No Access'
    3. discover that the access restriction is not enforced.
     
  6. KALLT macrumors 601

    Joined:
    Sep 23, 2008
  7. grahamperrin macrumors 601

    grahamperrin

    Joined:
    Jun 8, 2007
    #7
    https://www.wilderssecurity.com/threads/386302/ offers additional context but it's not intended to be a comprehensive summary of interactions between me and Apple.

    From a follow-up in January 2016: "… we do not see any actual security implications. …". There is some understandable justification for that observation by Apple, and you might slap your forehead when you realise the justification, however we can not assume that all Mac users of file sharing will have that head-slapping moment.

    When I next boot pre-release Sierra, I'll look to see whether the GUI has been improved to avoid future incidents.
     
  8. rshrugged macrumors 6502a

    Joined:
    Oct 11, 2015
    #8
    If you haven't booted into it yet, no worries. Just wanted to let you know that there is interest in hearing your findings.
     
  9. grahamperrin macrumors 601

    grahamperrin

    Joined:
    Jun 8, 2007
    #9

Share This Page