Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

ImConfusedAgain

macrumors newbie
Original poster
Jul 28, 2020
23
1
Hi guys

I'm new to mac so excuse my ignorance. I just want to make sure my permissions are correct. When I go into MacintoshHD, (finder, get info under sharing and permissions it says)

system: read and write

everyone: read only

What does the "everyone" mean? Can anyone can view my files? My computer is not shared and i am the only administrator. There is a "no access" setting but i don't want to change anything that may be important.

Thanks.
 
Hi guys

I'm new to mac so excuse my ignorance. I just want to make sure my permissions are correct. When I go into MacintoshHD, (finder, get info under sharing and permissions it says)

system: read and write

everyone: read only

What does the "everyone" mean? Can anyone can view my files? My computer is not shared and i am the only administrator. There is a "no access" setting but i don't want to change anything that may be important.

Thanks.
In short, your permissions are correct. The OS is very secure, don't change anything without knowing exactly what you're doing.

"Everyone" is a Group that includes any User with login access to the system, as well as features like Sharing (when enabled - Sharing is disabled by default).

"Everyone" does NOT mean "anyone in the world" can access the computer (via being connected to the same wifi network or the internet, for example). That kind of access is completely shut down by default. You would have to enable that access via System Preferences > Sharing, on a feature-by-feature basis.
 
  • Like
Reactions: Apple_Robert
Thanks for the reply.
Update to this. I believe I may have been hacked. My main user account on mac where all my files are stored was somehow changed to "staff" and "everyone" being able to read this drive. It says it was modified over a month ago and have no idea how it happened. I never noticed it. Can a malicious website or download cause this to happen?

I'm the only user of this computer and nothing is shared but having gone into system preferences under sharing nothing is ticked on. However when i further clicked on file sharing there were two others listed. I was shocked. I deleted them and seems like everything is ok but i have no idea how this permission modification was changed and how staff and everyone had access to my drive.

I am now worried that my information may have been leaked. I have never given anyone user access. Any help would be appreciated.
 
Screen Shot 2020-07-29 at 11.34.44 am.png
This is what i mean
 
You've shown us nothing to date that indicates your permissions were changed from the normal defaults.

Further, what you are referring to as "user accounts" are not user accounts, they are groups.

Your fear that something bad happened when you downloaded youtube videos from a shady website does not mean something bad actually happened. I could spend the better part of the night explaining how macOS makes it difficult for such a thing to happen, but I won't.

"Staff" and "Everyone" are normal groups. Everything you have described to date is normal. If you were to erase your Mac and reinstall the OS, you would find the very same thing again.

"Staff" is a group containing all "administrator" and "standard" user accounts on the Mac. It is more restrictive (or exclusive) than "Everyone." "Everyone" includes more user types (administrator, standard, guest, and sharing).

When a user account is created, it is automatically assigned to one or more groups, based upon the amount of access that kind of user account is designed to have. Administrators have more rights than standard users, standard users and administrators both have more rights than guest. Groups are used to make permissions-setting easier - rather than add each Administrator and Standard user individually to a folder's permissions list, all Administrator and Standard user accounts are automatically added to the Staff group. So, if the contents of a particular folder should be readable and writable by all Administrator and Standard users, the Staff group is given read/write permission to access the contents of that folder.

If you hadn't noticed, specialized fields of endeavor often adopt common words to describe something different than those words' commonly mean in the wider world. "Everyone" in Unix/macOS permissions does not mean "Everyone in the world." For that matter, if the topic of conversation was, "What family members should we invite to the holiday party?" "Everyone" would not mean "Everyone in the world," it would mean "Every family member."

You started by admitted that you know nothing about this topic. Why, then, do you jump to the conclusion that these things that you know nothing about are abnormal? What is your basis for comparison? You are going to keep opening Info pages, you are going to keep seeing different permissions and different groups than you saw in the last folder, because different folders that have different functions are automatically assigned different permissions by design, by default, in order to achieve a particular security goal.

Did you know you can actually find references on the Internet that will explain the function of each and every one of these groups?

There's a human tendency to attribute the unknown and mysterious to the supernatural. Ghosts, gods, demons, vampires, zombies, Little Green Men, and yes, *hackers. Knowledge and reason exists, in large part, to convert the scary Unknown into the comforting Known. But if a person would rather not be comforted and would prefer to believe that some faceless, malevolent force is actually out to get them, personally, despite the fact that they are probably just as ordinary as most of the world's population... There's a certain amount of vanity involved. People would rather persist in the belief that they are worthy of that attention than accept the disappointing truth that they are not worthy.

*Of course, hackers do exist. They're just not the cause of every unexplained thing that happens on a computer.
 
I'm not sure why you feel the need to make me feel stupid for having limited knowledge and coming to a forum to want to learn. You seem to think Apple is unhackable when they have shown in many instances data breaches of information and back door attacks.
Why i find it odd is that the sharing tab had two users on there that i did not authorise or knew who they were. Is that vanity? Also, under finder preferences sidebar all the shared options were ticked. Again this was not done by me. I am the only administrator of this computer no other users have access. It is not a work computer or a shared computer at all. Repeat i am the only person that ever uses this computer.
These are the reasons why I find it odd and if you can tell me how 2 users were created and sharing folders that i did not authorise then I will understand. If you're going to berate me with your smug, rude answers i really don't want to know!
 
Last edited:
I'm not sure why you feel the need to make me feel stupid for having limited knowledge and coming to a forum to want to learn. You seem to think Apple is unhackable when they have shown in many instances data breaches of information and back door attacks.
Why i find it odd is that the sharing tab had two users on there that i did not authorise or knew who they were. Is that vanity? Also, under finder preferences sidebar all the shared options were ticked. Again this was not done by me. I am the only administrator of this computer no other users have access. It is not a work computer or a shared computer at all. Repeat i am the only person that ever uses this computer.
These are the reasons why I find it odd and if you can tell me how 2 users were created and sharing folders that i did not authorise then I will understand. If you're going to berate me with your smug, rude answers i really don't want to know!

Hi,

Mac runs on a *NIX operating core - so UNIX and LINUX and Mac all use these permissions to get stuff to work.

*Nix systems were built from the ground up to be multi-user so at their core are ways of managing and containing users, when Apple built the pretty mac OSX on top of *nix core they left all the users and permissions in place.

I first used a Unix machine way back in 1987, I've had a mac since 2004 and currently run a Linux home server - why do I say all of this - I still don't really understand users and permissions, they do just work.

I'd be amazed if any body could reply to your thread with answers other than - it's all right or a 1000 page essay.

If you really want to understand what is going on then you will have search for "Unix user groups and permissions" and read a lot of websites - it's going to take you quite a few weeks/months to find a site that explains this weird concept in a way you are going to relate to and understand.

FWIW, I've had this mac since 2012 - I've been on TOR and numerous 'dodgy' PRON sites and so far never been hacked.

You used to be able to 'repair permissions' but that was deleted when El Capitan launched - this might help your understanding a little https://www.howtogeek.com/195912/how-when-and-why-to-repair-disk-permissions-on-your-mac/

Hope this helps - if nothing else, please don't go changing your permissions, it could end with you needing a complete reinstall
 
  • Like
Reactions: cdcastillo
The short answer is that the system created them. As mentioned, *nix systems have several users and groups that are used to manage access. On my Mojave system I have 127 groups and 101 users, but I only created an admin and standard user when I installed the OS (well, a few more got added for Xcode stuff and folders I am sharing via File Sharing settings in System Preferences). These others include all kinds of stuff like the App Store, web access, mail, system processes, etc, that have different permissions based on what they need to access.

From your posted image, staff is a group that includes all user accounts, and everyone is a group that includes everyone else on your system - this is a standard permission, since everyone would need to be able to read the file system to navigate it. If you take a look at one of the standard folders in your user's account, such as Pictures, you will see different access permissions, but note that everyone will still be able to at least read your home folder in order to access the Public folder, which is where shared documents are placed.

As for "unhackable", if anyone has physical access (to any machine) all bets are off, but all modern operating systems, especially when running from a standard account, pretty much need something to be installed by the user.
 
  • Like
Reactions: cdcastillo
Hi,

Mac runs on a *NIX operating core - so UNIX and LINUX and Mac all use these permissions to get stuff to work.

*Nix systems were built from the ground up to be multi-user so at their core are ways of managing and containing users, when Apple built the pretty mac OSX on top of *nix core they left all the users and permissions in place.

I first used a Unix machine way back in 1987, I've had a mac since 2004 and currently run a Linux home server - why do I say all of this - I still don't really understand users and permissions, they do just work.

I'd be amazed if any body could reply to your thread with answers other than - it's all right or a 1000 page essay.

If you really want to understand what is going on then you will have search for "Unix user groups and permissions" and read a lot of websites - it's going to take you quite a few weeks/months to find a site that explains this weird concept in a way you are going to relate to and understand.

FWIW, I've had this mac since 2012 - I've been on TOR and numerous 'dodgy' PRON sites and so far never been hacked.

You used to be able to 'repair permissions' but that was deleted when El Capitan launched - this might help your understanding a little https://www.howtogeek.com/195912/how-when-and-why-to-repair-disk-permissions-on-your-mac/

Hope this helps - if nothing else, please don't go changing your permissions, it could end with you needing a complete reinstall

Thanks for the reply. Problem was that everything was being shared all my user files. This is what made me suspicious. And all the remote sharing options were switched on which I never switch on. Later I found out that the permissions were changed/modified on the same day I downloaded from this youtube converter site.
I do know there was a bug in mac os x that causes names to appear under the shared.

Can someone on my wifi network share my mac without my permission or password? Hoping that its just a bug and I definitely wont be making any changes without researching.
 
The short answer is that the system created them. As mentioned, *nix systems have several users and groups that are used to manage access. On my Mojave system I have 127 groups and 101 users, but I only created an admin and standard user when I installed the OS (well, a few more got added for Xcode stuff and folders I am sharing via File Sharing settings in System Preferences). These others include all kinds of stuff like the App Store, web access, mail, system processes, etc, that have different permissions based on what they need to access.

From your posted image, staff is a group that includes all user accounts, and everyone is a group that includes everyone else on your system - this is a standard permission, since everyone would need to be able to read the file system to navigate it. If you take a look at one of the standard folders in your user's account, such as Pictures, you will see different access permissions, but note that everyone will still be able to at least read your home folder in order to access the Public folder, which is where shared documents are placed.

As for "unhackable", if anyone has physical access (to any machine) all bets are off, but all modern operating systems, especially when running from a standard account, pretty much need something to be installed by the user.

Thanks for the reply
What about the sharing though? I never allowed any sharing options and all the remote options had been turned on without my knowledge. I ended up revoking the random users that were sharing files and switched off any sharing.
 
Thanks for the reply
What about the sharing though? I never allowed any sharing options and all the remote options had been turned on without my knowledge. I ended up revoking the random users that were sharing files and switched off any sharing.

This is indeed strange. Can you tell us the user names or showing the screenshot? Also, check your Users & Groups tab in Preferences, do you have any unfamiliar names there?
 
If you are talking about the file sharing in System Preferences, the Public folder for each user is shared (that is what it is there for). Not sure what the defaults are for the other remote settings, but normally an administrator would be needed to enable those. You are running from a standard account, yes?
 
If you have accounts that should not be there, go to "users & groups" and delete them.
If sharing is enabled and you don't want it, go to "sharing" and turn it off.
 
This is indeed strange. Can you tell us the user names or showing the screenshot? Also, check your Users & Groups tab in Preferences, do you have any unfamiliar names there?

None of the sharing was ticked on in system preferences but when I clicked further on to the file sharing i noticed my account was being shared. In my haste i deleted the two users one might have been staff but not sure i really cant remember. Users and groups is just me as admin and guest user is off. The strange part was that all my remote sharing was on in finder. Back to my mac connected servers and bonjour computing. I have since turned them off but i'm wondering how that could have been switched on because i certainly didn't do it.
This is why i suspect either remote access or someone else on my wifi.
[automerge]1596035618[/automerge]
If you have accounts that should not be there, go to "users & groups" and delete them.
If sharing is enabled and you don't want it, go to "sharing" and turn it off.
I have done this but trying to work out how it happened.
[automerge]1596035970[/automerge]
If you are talking about the file sharing in System Preferences, the Public folder for each user is shared (that is what it is there for). Not sure what the defaults are for the other remote settings, but normally an administrator would be needed to enable those. You are running from a standard account, yes?
Yes standard account where i am the admin and no guest users. Having a password and a firmware password also. If someone had access to my mac could they make these changes without a password?
 
Last edited:
Also I am running an older version of mac os x the updates don't come through anymore. I believe i am on 10.12.6. Should i try and update to a newer version through apple. Possibly to patch up any security issues I may have?
 
As I mentioned before, if someone has physical access they can do stuff like pull the drive, but if you are talking about remotely, then no, they would need a password to change those kinds of things. The Public folders are normally shared, otherwise you wouldn't be able to share anything, although you don't need to put anything in there.

By "standard account where i am the admin", you are using a standard account but also have an admin account that you don't normally use?
 
You started by admitted that you know nothing about this topic. Why, then, do you jump to the conclusion that these things that you know nothing about are abnormal? What is your basis for comparison? You are going to keep opening Info pages, you are going to keep seeing different permissions and different groups than you saw in the last folder, because different folders that have different functions are automatically assigned different permissions by design, by default, in order to achieve a particular security goal.

Did you know you can actually find references on the Internet that will explain the function of each and every one of these groups?

There's a human tendency to attribute the unknown and mysterious to the supernatural. Ghosts, gods, demons, vampires, zombies, Little Green Men, and yes, *hackers. Knowledge and reason exists, in large part, to convert the scary Unknown into the comforting Known. But if a person would rather not be comforted and would prefer to believe that some faceless, malevolent force is actually out to get them, personally, despite the fact that they are probably just as ordinary as most of the world's population... There's a certain amount of vanity involved. People would rather persist in the belief that they are worthy of that attention than accept the disappointing truth that they are not worthy.

*Of course, hackers do exist. They're just not the cause of every unexplained thing that happens on a computer.
@ApfelKuchen, I think the latter part of your post is rude and unwarranted. Always remember to focus on the issue or behavior without getting personal. Treat everyone with dignity. We should always encourage people who ask questions. On this type of forum we should expect questions from novices through to experts.
Having said that, I thank you for your explanation. Despite many years of experience with computing systems, including as a sysadmin, I've had similar concerns to those of the original poster and have had difficulty finding sites that help. Your explanation of staff and everyone groups was succinct and answered the questions I've had.
I'd also like to thank @Slarti.BartFast and @Red Menace. Your explanations of how OSx permissions have adopted *nix system approaches were important additions.
I must say that as part of the focus on security in Catalina, I see changes to permissions and groups I hadn't noticed before. I suspect Apple were cleaning up some things related to groups and permissions.
 
Last edited:
  • Like
Reactions: cdcastillo
As I mentioned before, if someone has physical access they can do stuff like pull the drive, but if you are talking about remotely, then no, they would need a password to change those kinds of things. The Public folders are normally shared, otherwise you wouldn't be able to share anything, although you don't need to put anything in there.

By "standard account where i am the admin", you are using a standard account but also have an admin account that you don't normally use?

Yes I am the admin only use this account. Its funny as i am typing this an update has come up. And it says that apple remote desktop was installed in the last 30 days. Also a new software update came up. I have no idea why this software was installed. I can't even find it on my computer. Any ideas?
 
Yes I am the admin only use this account. Its funny as i am typing this an update has come up. And it says that apple remote desktop was installed in the last 30 days. Also a new software update came up. I have no idea why this software was installed. I can't even find it on my computer. Any ideas?

Why don't you backup your data on an external drive and rebuild your machine?

Also, running as Admin for daily use is a formula for trouble - don't do that!!

Back up your data, format your hard-drive, install your OS - if you want security then probably best to go with Mojave and up - lock down your system, create a "stadnard" user account for day-to-day stuff, turn on your firewall, set a firmware password, choose separate long and secure passwords for each user account, turn on FDE, and that should be a decent start.
 
Updates get cached somewhere, I'm not sure if the system exposes them in any obvious way. Remote Access is one of those apps that gets updated regularly, and security updates are pretty regular these days as well. You can disable the automatic update from System Preferences if you prefer to look at them first.

You can avoid a lot of the malware issues by running from a standard account, since any malware (or rogue application) would only have the access your user does. I create an admin account when I install the OS, but almost never use it - the system will prompt for admin credentials when needed, which is also a dead giveaway that something wants to install stuff.

The system files are read-only on current OSes so they are a bit more difficult to alter, but a troublesome app can still do a bit of damage with admin access.
 
Toast wrote:
"Also, running as Admin for daily use is a formula for trouble - don't do that!!"

I've been running OS X using an administrative account since my first PowerMac G4 in 2004.
Same on a 24" white Intel iMac.
Same on two MacBook Pros.
Same on a 2012 Mini and now a 2018 Mini.

No problems to speak of.
Certainly not like those YOU have...! :mad:
 
Toast wrote:
"Also, running as Admin for daily use is a formula for trouble - don't do that!!"

I've been running OS X using an administrative account since my first PowerMac G4 in 2004.
Same on a 24" white Intel iMac.
Same on two MacBook Pros.
Same on a 2012 Mini and now a 2018 Mini.

No problems to speak of.
Certainly not like those YOU have...! :mad:

For an otherwise intelligent guy, this one takes the cake.

If you want to do foolish things with your Mac and data, then so be it, but don't give hints of foolishness to a less experienced user.

I don't know any competent IT pro that would say that running as Admin all of the time is a good idea...

(Sorta like saying, "I have been driving and texting for years now, and I have yet to have an accident!")

:rolleyes: :rolleyes: :rolleyes:
 
Why don't you backup your data on an external drive and rebuild your machine?

Also, running as Admin for daily use is a formula for trouble - don't do that!!

Back up your data, format your hard-drive, install your OS - if you want security then probably best to go with Mojave and up - lock down your system, create a "stadnard" user account for day-to-day stuff, turn on your firewall, set a firmware password, choose separate long and secure passwords for each user account, turn on FDE, and that should be a decent start.

I didn't know this about admin accounts. Firewall is on firmware password is on I may have to format the hard drive. The part I don't understand is how the shared services were switched on. Lets say for argument sake my computer was being shared and remote access was on can anyone just connect to my computer? Or do they need my password to connect to my files and see what i'm seeing? Thanks for the above info its very helpful.
[automerge]1596048507[/automerge]
Updates get cached somewhere, I'm not sure if the system exposes them in any obvious way. Remote Access is one of those apps that gets updated regularly, and security updates are pretty regular these days as well. You can disable the automatic update from System Preferences if you prefer to look at them first.

You can avoid a lot of the malware issues by running from a standard account, since any malware (or rogue application) would only have the access your user does. I create an admin account when I install the OS, but almost never use it - the system will prompt for admin credentials when needed, which is also a dead giveaway that something wants to install stuff.

The system files are read-only on current OSes so they are a bit more difficult to alter, but a troublesome app can still do a bit of damage with admin access.

I feel like this is what has happened. Some app or download could possibly be causing these issues. I turned off the sharing and deleted the users nothing is sharing anymore and it hasn't changed. I may need to do what you suggested and start a user account i will look up how to do it and try it. Also used malwarebytes but the scan didn't find anything. I've learned so much. Still feel uneasy about the whole thing if sensitive data was exposed when my computer was somehow sharing.
 
Last edited:
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.