External Drive permissions & Security

Posted:
in macOS edited January 2014
Okay... I know that under OSX's partition (or drive) there are directories setup for each user where one user cannot access anothers data unless it is shared or in a common space. "Fine & dandy"



But... what about my drives...? I want to be able to "Lock-Down" my data on my externals so that they only appear for MY user login... NOT others.



I work out of my home-office and my external drives keep all my valuable data; Years of miscellaneous files, one drive as a back-up, an Audio drive, Video drive, current projects, etc.



I want to be able to setup a "Guest" account that can ONLY access it's own user area and the apps I specify... not the External drives or to have access to my "High-End" apps (I guess I should move the high-end apps to my USER Apps folder)... but still... is there any way to assign (or DE-assign) a drive or multiple drives to a user...?



Also... would this setup be a moot-point if the user simply disconnected the FireWire cable and plugged the drive into a DIFFERENT computer...?



I want to protect my data. Any insight...?



- Scott

Comments

  • Reply 1 of 7
    scott f.scott f. Posts: 276member
    P.S. - Follow-up.



    To clarify... my girlfriend has her own iBook, so she never really needs to use the account I set-up for her... but I created a "Guest" account for those that want to just go "look something-up on the web" or to check their e-mail or whatever.



    Recently, we went away for a week to Florida, and my girlfriend had her friend (ex-roommate) house-sit for us; take-in the mail, water the plants, etc.



    I setup an account for her on my girlfriend's iBook. Unfortunately, my girlfriend forgot to "Logout" before we left, so the screensaver kept her friend "Locked-out" of her iBook. Since her friend is a PeeCee person, she didn't know what to do about it... so she thought... "Well... I'll just go use that other computer in Scott's office (without asking... GGGggrrrrr...) even though it was all powered-down and I had the door shut.



    She booted-up and saw there was a guest account... I gave it the OBVIOUS password of "GUEST" and she proceeded to use my computer all week.



    No harm... but it made me think of the damage the COULD have happened if she were so inclined to "accidentally" delete things or modify files... or whatever.



    Just thought I'd give insight to my motives...
  • Reply 2 of 7
    create a directory on the removable disk for each user. remove the group and world priviledges (using the unix chmod command). make sure that the appropriate users own them (using the unix chown command).



    example:



    [code]

    cd /Volumes/VOLNAME

    mkdir dillyo

    chmod 700 dillyo

    chown dillyo dillyo (redundant if I am dillyo)

    </pre><hr></blockquote>



    That way, each user only has read/write/execute privs in their own folders.
  • Reply 3 of 7
    scott f.scott f. Posts: 276member
    [quote]Originally posted by dillyo1001:

    <strong>create a directory on the removable disk for each user. remove the group and world priviledges (using the unix chmod command). make sure that the appropriate users own them (using the unix chown command).



    example:



    [code]

    cd /Volumes/VOLNAME

    mkdir dillyo

    chmod 700 dillyo

    chown dillyo dillyo (redundant if I am dillyo)

    </pre><hr></blockquote>



    That way, each user only has read/write/execute privs in their own folders.</strong><hr></blockquote>



    I have to be honest with you...



    I'm a big WUSS...!!!



    UNIX or command lines make me nervous... I've already messed-up my computer three times - THREE!!! - while doing command line stuff. Twice was while a "UNIX guy" was right here with me, and he did a couple "Ooops" things, and another when I followed online instructions to do something and they had a frickin' TYPO in their instructions!!!



    So basically... there is no way through the Mac UI to do this (Yet...?).



    I would LOVE it (and I will write to Apple) if there was a way to do this through some sort of UI, Disk Utility, Preferrence Pane, or SOMETHING more intuitive.



    Thanks for the response.

    - Scott
  • Reply 4 of 7
    mithrasmithras Posts: 165member
    You can do this easily within the Finder now.



    Jaguar will make it easier to change owners and 'unlock' things you've messed up the permissions of, as shown in <a href="http://www.thinksecret.com/features/jaguarmiscellaneous/images/showinfo.html"; target="_blank">this screenshot</a>.



    Here's what you do:

    1. Create a folder on your external drive. Call it "Scott's Stuff" or somesuch.

    2. Put your porn collection or emails with your old girlfriend or whatever inside it.

    3. Select the folder and hit command-I, or the menu File:Get Info.

    4. Change to the "Permissions" pane.

    5. Under the 'Everyone' line, change the permissions to "None".

    6. Click "Apply".



    You can do the same for your special applications:

    1. In the Applications folder, make a new folder called "Scott's TOP SECRET Apps!! Stay away JERK!!!" or whatever.

    2. As above, deny others the ability to read this folder.



    If permissions get messed up or you want to change who the 'owner' of a folder is, you can (1) wait for Jaguar, (2) learn to use the command line (you can practice as 'guest' so you know nothing will break), or (3) download the great utility <a href="http://www.versiontracker.com/moreinfo.fcgi?id=12057&db=mac"; target="_blank">BatChmod</a>.



    good luck!

    mithras



    [ 07-02-2002: Message edited by: Mithras ]</p>
  • Reply 5 of 7
    scott f.scott f. Posts: 276member
    That screenshot looks promising.



    Although your info is clear and seems easy... since I am in no "real" hurry, I think I might wait until Jaguar (10.2...?) is available, and if it is not capable of doing what I need, I'll re-address the issue the way that you suggest.



    (still a wuss)







    Anyhow... thanks for the response(s)
  • Reply 6 of 7
    mithrasmithras Posts: 165member
    I changed the post to reflect the much easier solution (duh) so check it out again.
  • Reply 7 of 7
    scott f.scott f. Posts: 276member
    Again... great solution for protecting the FOLDER in the drive... but I'm looking for a way to make the drive "Invisible" to the other users... so it won't even SHOW-UP in their finder in any-way-shape-or-form.



    So I'm probably out-of-luck for now...



    I don't want anything SAVED to it, read from it, deleted from it... nothing.



    Heheh... porn would be the LEAST of my worries to hide... I'd just hate to lose YEARS of design work, audio, images, etc. I'm looking for a fool-proof way that a user never even SEES the drive to begin with... to them, it doesn't exist.



    Oh well... thanks, yet again...



Sign In or Register to comment.