Results 1 to 13 of 13
  1. #1


    Member Since
    Feb 15, 2012
    Posts
    24
    Glaring Privacy Hole in Home Folder (Everyone can see self created folders)
    In OS X, any folders that you create in the Home Folder can be viewed by other users of the Computer!
    Isn't this a glaring privacy hole? It does not warn while creating, its not well publicised and I think its entirely reasonable for a user to expect that their entire Home Folder is sandboxed from other users and not just the system default folders.

    Example: If you goto you Home folder and create a new folder "Projects" or "Assignments", its contents can be viewed and modified by other users!

  2. #2

    rman's Avatar
    Member Since
    Dec 24, 2002
    Location
    Los Angeles, California
    Posts
    12,584
    Specs:
    2 x 3.0GHz Quad-Core, 6GB OS X 10.6.8 | 15in MacBook Pro 2.2GHz OS X 10.6.8 | 64GB iPad 2 WiFi
    Cool
    This is not privacy hole. By default when a folder is created it has owner read/write access and everyone else read access, unless you change it. No one else will be able to write into folder unless you give write access to it.
    Life isn't about waiting for the storm to pass, It's about learning to dance in the rain!

  3. #3


    Member Since
    Feb 15, 2012
    Posts
    24
    Then thats an improper default setting, no?
    Especially in the Home Folder. Consider the Dropbox folder for example, since it is created in the Home folder, its contents (documents, password sync files) are open for all to see.

    In my opinion, its not reasonable behaviour that the default is to allow everyone to view contents of Home Folder user folders

  4. #4

    Dysfunction's Avatar
    Member Since
    Mar 17, 2008
    Location
    Tucson, AZ
    Posts
    6,866
    Specs:
    Way... way too many specs to list.
    Quote Originally Posted by andy06 View Post
    In my opinion, its not reasonable behaviour that the default is to allow everyone to view contents of Home Folder user folders
    Apple - Feedback

    No one here can address your architectural concerns.
    mike
    This machine kills fascists
    Got # ? phear the command line!

  5. #5


    Member Since
    Feb 15, 2012
    Posts
    24
    Is there some terminal command which changes the setting to force everything in the Home Folder to be "locked". I remember seeing such a command couple of years ago but ignored it at the time since I wasn't an OS X user and can't seem to Google it anymore.

    While changing permissions is ok once or twice, the likelihood is that users will forget if frequently creating and deleting folders (say by course names, project names, assignment specific etc.), thats all I meant

  6. #6

    Lifeisabeach's Avatar
    Member Since
    Sep 30, 2007
    Location
    The Republic of Neptune
    Posts
    7,725
    Quote Originally Posted by andy06 View Post
    Then thats an improper default setting, no?
    Especially in the Home Folder. Consider the Dropbox folder for example, since it is created in the Home folder, its contents (documents, password sync files) are open for all to see.

    In my opinion, its not reasonable behaviour that the default is to allow everyone to view contents of Home Folder user folders
    Well it's reasonable because there are times when you need subitems to be publicly available. That's actually what the Public folder is specifically for. If NOTHING in the Home folder can be at least read, then your Public folder would be wholly inaccessible.

    The best thing to do would be to simply put items you want no one else to have eyes on in your Documents folder, which by default does have everyone else locked out.

    Please verify and include the exact model/year of your Mac and OS X version number (available from "About This Mac", then "More Info" on the Apple menu).
    ------
    Links: Onyx | EasyFind | Apple Hardware Test | How to test your hard drive | The Safe Mac Adware Removal Guide | Uninstall MacKeeper
    ------
    Lifeisabeach - Mac-Forums Member of the Month June 2009, Feb 2012, and March 2013.

  7. #7


    Member Since
    Feb 15, 2012
    Posts
    24
    It would be better to have all the folders locked down (including all new ones) except the Public folder. That would be the obvious way to do it.

    That is to say, the public folder would have different permissions instead of imposing a compromise on everything for just one folder.

  8. #8

    Lifeisabeach's Avatar
    Member Since
    Sep 30, 2007
    Location
    The Republic of Neptune
    Posts
    7,725
    Quote Originally Posted by andy06 View Post
    It would be better to have all the folders locked down (including all new ones) except the Public folder. That would be the obvious way to do it.

    That is to say, the public folder would have different permissions instead of imposing a compromise on everything for just one folder.
    Except there is no obvious way to do it. Think about it. Anything you create in a subfolder will normally and automatically inherit the parent folder's permissions. The system can't arbitrarily say "well let's use something else". The permissions system simply doesn't work that way, and if they over-engineered it to do something different, there'd be a layer of complexity that would greatly increase the likelihood of confusing or faulty permissions propagating. The Home folder MUST be readable to all in order to get to the Public folder. The alternative would be to not have a Public folder per user. Putting the Public folder elsewhere isn't a viable solution. Not as a default action anyway.

    If you don't want a Public folder, or want to put it outside your Home folder, it's an easy fix. First… open Get Info on your Home folder. You'll see permissions like these:

    120216-0007.jpg

    To change, click the lock at the bottom to authorize the following changes:

    Delete staff.
    Change everyone from Read only to No Access.
    Click on the drop-down box with the gear icon and select "Apply to enclosed items…"

    Yer done. No one but you will ever be able to see anything in your Home folder. Nothing now nor anything added later.

    If you want a Public folder, create it in the root directory and set permissions as in this screen cap:

    120216-0008.jpg

    If you want to maintain a Drop Box that can only be written to but not read, then see this screen cap (don't confuse DropBox the cloud service with the Drop Box that OS X maintains):

    120216-0009.jpg

    Please verify and include the exact model/year of your Mac and OS X version number (available from "About This Mac", then "More Info" on the Apple menu).
    ------
    Links: Onyx | EasyFind | Apple Hardware Test | How to test your hard drive | The Safe Mac Adware Removal Guide | Uninstall MacKeeper
    ------
    Lifeisabeach - Mac-Forums Member of the Month June 2009, Feb 2012, and March 2013.

  9. #9


    Member Since
    Feb 15, 2012
    Posts
    24
    Your second solution: Creating the Public folder in another directory (outside HOME) seems like the perfect solution, no?

    I checked and that's how Windows 7 does it anyway, the Public folder is at the same level as the User Home folders rather than within them.

    Re: The inheritance of attributes. It makes perfect sense but then this would be a default pre-created folder. How is it managed at the back end when you "share"a folder but not anything at a higher level than the shared folder? I guess that implies that the necessary functionality already exists to enable it?

    Thanks

  10. #10


    Member Since
    Feb 15, 2012
    Posts
    24
    What is the Home Folder? - Switch To A Mac Guides

    That seems to indicate that a couple versions back, they were indeed locked down AND also had a Public folder. How was that? Or is the information just wrong?

  11. #11

    Lifeisabeach's Avatar
    Member Since
    Sep 30, 2007
    Location
    The Republic of Neptune
    Posts
    7,725
    Quote Originally Posted by andy06 View Post
    Your second solution: Creating the Public folder in another directory (outside HOME) seems like the perfect solution, no?

    I checked and that's how Windows 7 does it anyway, the Public folder is at the same level as the User Home folders rather than within them.

    Re: The inheritance of attributes. It makes perfect sense but then this would be a default pre-created folder. How is it managed at the back end when you "share"a folder but not anything at a higher level than the shared folder? I guess that implies that the necessary functionality already exists to enable it?

    Thanks
    Tell you what. Why don't you file a complaint with Apple. I'm sure that, once they realize that Microsoft does it to your liking, they'll see the light and change things. /s

    Please verify and include the exact model/year of your Mac and OS X version number (available from "About This Mac", then "More Info" on the Apple menu).
    ------
    Links: Onyx | EasyFind | Apple Hardware Test | How to test your hard drive | The Safe Mac Adware Removal Guide | Uninstall MacKeeper
    ------
    Lifeisabeach - Mac-Forums Member of the Month June 2009, Feb 2012, and March 2013.

  12. #12


    Member Since
    Feb 15, 2012
    Posts
    24
    I actually said your idea on how to implement it was nearly perfect. No need to get snarky

    INCIDENTALLY, when I checked out Windows, its how its done there as well. It was your own suggestion that a public folder would be best implemented at a higher level if needed.

    The rest were sincere questions trying to understand how sharing is implemented if permissions of parent folders would get in the way. But I apologise for daring to question the perfect system. I shall never make this mistake again..

  13. #13

    rman's Avatar
    Member Since
    Dec 24, 2002
    Location
    Los Angeles, California
    Posts
    12,584
    Specs:
    2 x 3.0GHz Quad-Core, 6GB OS X 10.6.8 | 15in MacBook Pro 2.2GHz OS X 10.6.8 | 64GB iPad 2 WiFi
    Cool
    Quote Originally Posted by andy06 View Post
    Is there some terminal command which changes the setting to force everything in the Home Folder to be "locked". I remember seeing such a command couple of years ago but ignored it at the time since I wasn't an OS X user and can't seem to Google it anymore.

    While changing permissions is ok once or twice, the likelihood is that users will forget if frequently creating and deleting folders (say by course names, project names, assignment specific etc.), thats all I meant
    I believe the unix command you are referring to is umask.
    Life isn't about waiting for the storm to pass, It's about learning to dance in the rain!

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. i've created 2 partitions...but isn't any privacy...
    By ImacEma in forum OS X - Operating System
    Replies: 3
    Last Post: 04-11-2013, 08:58 AM
  2. How To Lock Folders For Privacy ???
    By musicmad in forum Apple Notebooks
    Replies: 11
    Last Post: 07-10-2011, 04:43 PM
  3. Wrong access rights on folders created in the Shared folder.
    By RvanK in forum Internet, Networking, and Wireless
    Replies: 0
    Last Post: 11-15-2010, 04:31 PM
  4. Do specific folders get automatically created?
    By quazy in forum Switcher Hangout
    Replies: 7
    Last Post: 06-25-2006, 09:40 PM
  5. iTunes created folders.
    By Desolate One in forum Music, Audio, and Podcasting
    Replies: 4
    Last Post: 12-08-2004, 03:10 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •