Restricting users access to external drive

Discussion in 'macOS' started by GGJstudios, Jun 8, 2008.

  1. GGJstudios macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #1
    If I set up an additional standard user on my Mac, can I restrict all or part of an external drive (backup drive) so they can't browse it from their login?
     
  2. ArthurDaley macrumors regular

    Joined:
    Feb 29, 2008
    #2
    Why not create an encrypted image on it using Disk Utility?
     
  3. richard.mac macrumors 603

    richard.mac

    Joined:
    Feb 2, 2007
    Location:
    51.50024, -0.12662
    #3
    open the Get Info window for the folder on your external hard drive that you want to restrict and under Sharing and Permissions give "No Access" to the standard user.
     
  4. GGJstudios thread starter macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #4
    That was the first thing I tried, and what I wanted. "No Access" is only available as an option for "everyone", which apparently does not include the standard user. For the standard user, as well as "staff", the only options available are "Read & Write", "Read only" and "Write only (Drop Box)".
     
  5. GGJstudios thread starter macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #5
    I want to be able to share some files on the drive, as needed, but leave the rest unavailable for even browsing. Also, I don't want the performance degradation that comes with encryption.
     
  6. richard.mac macrumors 603

    richard.mac

    Joined:
    Feb 2, 2007
    Location:
    51.50024, -0.12662
    #6
    not sure sorry, hopefully a more experianced OS X user will hop on and help you. you might be able to do it in the Terminal.
     
  7. gapfilmvideo macrumors newbie

    Joined:
    Sep 13, 2006
    #7
    "unrestrict" external drive

    my ibook will see and connect to my xp pc and the segate external drive connected to it... my pc will see and connect to my ibook(desktop,documents,library,music,pictures) but the external drive connected to it(ibook) does not show up on xp pc... both external drives are fat32... do i need to create an "alias" or something like it?
     
  8. GGJstudios thread starter macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #8
    You may want to create a separate thread for your question, as it does not relate to the topic in this thread.

    I made the mistake of posting this question too close to the WWDC and I think it may have gotten lost in all the excitement. Either that, or no one has an answer, but I thought it would be worth trying again, so forgive the bump.

    I want to be able to share certain folders on an external drive with standard accounts on the same Mac. But I want other folders on the external drive to be hidden and restricted from even browsing by those standard users. Is this possible? I don't want the degradation in performance by using encryption, unless there's no other way.

    In other words, I want to apply the same characteristics to other folders, even on an external drive, that exist on my Home folder, so when another account logs in, that folder isn't even visible to them.
     
  9. Komiksulo macrumors 6502

    Joined:
    Jan 7, 2008
    Location:
    Ontario
    #9
    I wonder... could you automount the folders inside the user's Home folder? That might leave them visible when the user was not logged in though.
     
  10. GGJstudios thread starter macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #10
    How would I mount an external drive inside my Home folder? If that's possible, it might give me the effect I want, but I'm not sure how that would be accomplished.
     
  11. jeremy.king macrumors 603

    jeremy.king

    Joined:
    Jul 23, 2002
    Location:
    Fuquay Varina, NC
    #11
    Assuming your user account is the owner of all the files on the external you can restrict access using the chmod terminal command.

    The permission mask (mode) you would desire is 700 - again, assuming your user account is the owner of all the files.
     
  12. GGJstudios thread starter macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #12
    Thank you! I think this is exactly what I was looking for! My very old and rusty UNIX memory is slowly being awakened. It's been too long since I worked extensively with Mac and NeXT computers!

    Just to make sure I do this right, if I have an external drive called "Ext 200" and a folder on that drive is "Backup", and I want to give no access to that folder or its contents to anyone other than myself or the root (yes, I am the owner of all the files on the external drive), then the command would be:

    chmod 700 "/Ext 200/backup" ???

    I'm not sure how to deal with the spaces in the drive name in Terminal.
     
  13. jeremy.king macrumors 603

    jeremy.king

    Joined:
    Jul 23, 2002
    Location:
    Fuquay Varina, NC
    #13
    You escape the spaces with a backslash.

    Your command would look similar to

    Code:
    chmod -r 700 /Volumes/Ext\ 200/Backup
    To confirm the path, simply try a safe command BEFORE the above such as

    Code:
    ls /Volumes/Ext\ 200/Backup
    Please understand changing permissions is not without risk. If any of those files are owned by a different user, you run the risk of not being able to change permissions back without using root...
     
  14. GGJstudios thread starter macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #14
    I assume you mean a different user on the Mac. All files on the external drive were created by my user before I even set up another user on the Mac. And if something didn't work as planned, I could always log in as root and correct it, right?
     
  15. jeremy.king macrumors 603

    jeremy.king

    Joined:
    Jul 23, 2002
    Location:
    Fuquay Varina, NC
    #15
    Yes, I meant a different user and yes, root can fix any permissions issues.

    Here's an example:

    User Johnny owns fileX which has permissions of 764 (rwxrw-r--). Let's say the group assigned is people. Sally comes along, also in the people group, thinks she owns the file wants to lock out Johnny and changes permissions to 700. Now only Johnny has access to it! Whoopsy! - now Sally has to ask Johnny to restore it or log in as root and change it, hoping Johnny didn't notice...
     
  16. GGJstudios thread starter macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #16
    OK, here's what happened. I used:

    chmod -r 700 /Volumes/Ext\ 200/backup

    As soon as I did, I got a response back: Permission denied

    When I tried:

    ls /Volumes/Ext\ 200/backup

    I got: Permission denied

    So I went to Finder, Get Info on the folder and it showed everyone, including me, only had Write (Drop box) privileges. So I clicked the lock, entered my password and changed my privilege back to Read & Write.

    Then I logged in as the other (Standard) user and found they still had full access to the folder. So, while still logged in as that Standard user, I did Get Info, clicked the lock, had to enter my (Admin) login name and password, and changed that user's access to Write (Drop box). That locked the other user from being able to browse the folder, so I did the same for another folder they had access to. It worked!

    So the path that worked for me was to log in as the other user, Get Info on the folder I want to change, click the lock and enter my Admin-level user name and password, and change the permissions.

    I'm not sure why the chmod changed mine, too, but at least I got the result I eventually wanted. Thank you so much for your help!
     
  17. jeremy.king macrumors 603

    jeremy.king

    Joined:
    Jul 23, 2002
    Location:
    Fuquay Varina, NC
    #17
    You're welcome? FYI, Those GUI changes you made to the permissions are doing chmod commands under the covers ;)
     
  18. GGJstudios thread starter macrumors Westmere

    GGJstudios

    Joined:
    May 16, 2008
    #18
    Yes, I figured as much... I guess when there's questionable format involved, I'm better off letting the GUI write the command! (I THOUGHT I saw something moving under the covers! :D)

    Hey, maybe you can help getting the single-window function back in Safari 4! I sure miss it!
     

Share This Page