New To Mac-Forums?

Welcome to our community! Join the discussion today by registering your FREE account. If you have any problems with the registration process, please contact us!

Get your questions answered by community gurus Advice and insight from world-class Apple enthusiasts Exclusive access to members-only contests, giveaways and deals

Join today!

 
Start a Discussion
 

Mac-Forums Brief

Subscribe to Mac-Forums Brief to receive special offers from Mac-Forums partners and sponsors

Join the conversation RSS
OS X - Operating System General OS operation information and support

Glaring Privacy Hole in Home Folder (Everyone can see self created folders)


Post Reply New Thread Subscribe

 
Thread Tools
andy06

 
Member Since: Feb 15, 2012
Posts: 24
andy06 is on a distinguished road

andy06 is offline
In OS X, any folders that you create in the Home Folder can be viewed by other users of the Computer!
Isn't this a glaring privacy hole? It does not warn while creating, its not well publicised and I think its entirely reasonable for a user to expect that their entire Home Folder is sandboxed from other users and not just the system default folders.

Example: If you goto you Home folder and create a new folder "Projects" or "Assignments", its contents can be viewed and modified by other users!
QUOTE Thanks
rman

 
rman's Avatar
 
Member Since: Dec 24, 2002
Location: Los Angeles, California
Posts: 12,591
rman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud of
Mac Specs: 2 x 3.0GHz Quad-Core, 6GB OS X 10.6.8 | 15in MacBook Pro 2.2GHz OS X 10.6.8 | 64GB iPad 2 WiFi

rman is offline
This is not privacy hole. By default when a folder is created it has owner read/write access and everyone else read access, unless you change it. No one else will be able to write into folder unless you give write access to it.

Life isn't about waiting for the storm to pass, It's about learning to dance in the rain!
QUOTE Thanks
andy06

 
Member Since: Feb 15, 2012
Posts: 24
andy06 is on a distinguished road

andy06 is offline
Then thats an improper default setting, no?
Especially in the Home Folder. Consider the Dropbox folder for example, since it is created in the Home folder, its contents (documents, password sync files) are open for all to see.

In my opinion, its not reasonable behaviour that the default is to allow everyone to view contents of Home Folder user folders
QUOTE Thanks
Dysfunction

 
Dysfunction's Avatar
 
Member Since: Mar 17, 2008
Location: Tucson, AZ
Posts: 6,620
Dysfunction has a brilliant futureDysfunction has a brilliant futureDysfunction has a brilliant futureDysfunction has a brilliant futureDysfunction has a brilliant futureDysfunction has a brilliant futureDysfunction has a brilliant futureDysfunction has a brilliant futureDysfunction has a brilliant futureDysfunction has a brilliant futureDysfunction has a brilliant future
Mac Specs: 2008 and 2011 15" mbps, late 11 iMac, iPhone 4s, and too many ipods and other stuff

Dysfunction is offline
Quote:
Originally Posted by andy06 View Post
In my opinion, its not reasonable behaviour that the default is to allow everyone to view contents of Home Folder user folders
Apple - Feedback

No one here can address your architectural concerns.

mike
This machine kills fascists
Got # ? phear the command line!
QUOTE Thanks
andy06

 
Member Since: Feb 15, 2012
Posts: 24
andy06 is on a distinguished road

andy06 is offline
Is there some terminal command which changes the setting to force everything in the Home Folder to be "locked". I remember seeing such a command couple of years ago but ignored it at the time since I wasn't an OS X user and can't seem to Google it anymore.

While changing permissions is ok once or twice, the likelihood is that users will forget if frequently creating and deleting folders (say by course names, project names, assignment specific etc.), thats all I meant
QUOTE Thanks
Lifeisabeach

 
Lifeisabeach's Avatar
 
Member Since: Sep 30, 2007
Location: Wilmington, NC
Posts: 6,827
Lifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond repute
Mac Specs: iMac i3 (mid-2010) + OS 10.9; TV 3; iPhone 5S; iPad 4

Lifeisabeach is offline
Quote:
Originally Posted by andy06 View Post
Then thats an improper default setting, no?
Especially in the Home Folder. Consider the Dropbox folder for example, since it is created in the Home folder, its contents (documents, password sync files) are open for all to see.

In my opinion, its not reasonable behaviour that the default is to allow everyone to view contents of Home Folder user folders
Well it's reasonable because there are times when you need subitems to be publicly available. That's actually what the Public folder is specifically for. If NOTHING in the Home folder can be at least read, then your Public folder would be wholly inaccessible.

The best thing to do would be to simply put items you want no one else to have eyes on in your Documents folder, which by default does have everyone else locked out.


Please verify and include the exact model/year of your Mac and OS X version number (available from "About This Mac", then "More Info" on the Apple menu). Also advise us if you have any antivirus or "cleaning" software installed on your Mac. If you are using MacKeeper, you are hereby advised to uninstall it.
------
Links to commonly recommended software and instructions: Onyx | Apple Hardware Test | How to test your hard drive | How to reveal the User Library
------
Having issues with Safari? Adware is on the rise. See this guide on how to remove it: The Safe Mac Adware Removal Guide
------
Lifeisabeach - Mac-Forums Member of the Month June 2009, Feb 2012, and March 2013.
QUOTE Thanks
andy06

 
Member Since: Feb 15, 2012
Posts: 24
andy06 is on a distinguished road

andy06 is offline
It would be better to have all the folders locked down (including all new ones) except the Public folder. That would be the obvious way to do it.

That is to say, the public folder would have different permissions instead of imposing a compromise on everything for just one folder.
QUOTE Thanks
Lifeisabeach

 
Lifeisabeach's Avatar
 
Member Since: Sep 30, 2007
Location: Wilmington, NC
Posts: 6,827
Lifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond repute
Mac Specs: iMac i3 (mid-2010) + OS 10.9; TV 3; iPhone 5S; iPad 4

Lifeisabeach is offline
Quote:
Originally Posted by andy06 View Post
It would be better to have all the folders locked down (including all new ones) except the Public folder. That would be the obvious way to do it.

That is to say, the public folder would have different permissions instead of imposing a compromise on everything for just one folder.
Except there is no obvious way to do it. Think about it. Anything you create in a subfolder will normally and automatically inherit the parent folder's permissions. The system can't arbitrarily say "well let's use something else". The permissions system simply doesn't work that way, and if they over-engineered it to do something different, there'd be a layer of complexity that would greatly increase the likelihood of confusing or faulty permissions propagating. The Home folder MUST be readable to all in order to get to the Public folder. The alternative would be to not have a Public folder per user. Putting the Public folder elsewhere isn't a viable solution. Not as a default action anyway.

If you don't want a Public folder, or want to put it outside your Home folder, it's an easy fix. First… open Get Info on your Home folder. You'll see permissions like these:

120216-0007.jpg

To change, click the lock at the bottom to authorize the following changes:

Delete staff.
Change everyone from Read only to No Access.
Click on the drop-down box with the gear icon and select "Apply to enclosed items…"

Yer done. No one but you will ever be able to see anything in your Home folder. Nothing now nor anything added later.

If you want a Public folder, create it in the root directory and set permissions as in this screen cap:

120216-0008.jpg

If you want to maintain a Drop Box that can only be written to but not read, then see this screen cap (don't confuse DropBox the cloud service with the Drop Box that OS X maintains):

120216-0009.jpg


Please verify and include the exact model/year of your Mac and OS X version number (available from "About This Mac", then "More Info" on the Apple menu). Also advise us if you have any antivirus or "cleaning" software installed on your Mac. If you are using MacKeeper, you are hereby advised to uninstall it.
------
Links to commonly recommended software and instructions: Onyx | Apple Hardware Test | How to test your hard drive | How to reveal the User Library
------
Having issues with Safari? Adware is on the rise. See this guide on how to remove it: The Safe Mac Adware Removal Guide
------
Lifeisabeach - Mac-Forums Member of the Month June 2009, Feb 2012, and March 2013.
QUOTE Thanks
andy06

 
Member Since: Feb 15, 2012
Posts: 24
andy06 is on a distinguished road

andy06 is offline
Your second solution: Creating the Public folder in another directory (outside HOME) seems like the perfect solution, no?

I checked and that's how Windows 7 does it anyway, the Public folder is at the same level as the User Home folders rather than within them.

Re: The inheritance of attributes. It makes perfect sense but then this would be a default pre-created folder. How is it managed at the back end when you "share"a folder but not anything at a higher level than the shared folder? I guess that implies that the necessary functionality already exists to enable it?

Thanks
QUOTE Thanks
andy06

 
Member Since: Feb 15, 2012
Posts: 24
andy06 is on a distinguished road

andy06 is offline
What is the Home Folder? - Switch To A Mac Guides

That seems to indicate that a couple versions back, they were indeed locked down AND also had a Public folder. How was that? Or is the information just wrong?
QUOTE Thanks
Lifeisabeach

 
Lifeisabeach's Avatar
 
Member Since: Sep 30, 2007
Location: Wilmington, NC
Posts: 6,827
Lifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond reputeLifeisabeach has a reputation beyond repute
Mac Specs: iMac i3 (mid-2010) + OS 10.9; TV 3; iPhone 5S; iPad 4

Lifeisabeach is offline
Quote:
Originally Posted by andy06 View Post
Your second solution: Creating the Public folder in another directory (outside HOME) seems like the perfect solution, no?

I checked and that's how Windows 7 does it anyway, the Public folder is at the same level as the User Home folders rather than within them.

Re: The inheritance of attributes. It makes perfect sense but then this would be a default pre-created folder. How is it managed at the back end when you "share"a folder but not anything at a higher level than the shared folder? I guess that implies that the necessary functionality already exists to enable it?

Thanks
Tell you what. Why don't you file a complaint with Apple. I'm sure that, once they realize that Microsoft does it to your liking, they'll see the light and change things. /s


Please verify and include the exact model/year of your Mac and OS X version number (available from "About This Mac", then "More Info" on the Apple menu). Also advise us if you have any antivirus or "cleaning" software installed on your Mac. If you are using MacKeeper, you are hereby advised to uninstall it.
------
Links to commonly recommended software and instructions: Onyx | Apple Hardware Test | How to test your hard drive | How to reveal the User Library
------
Having issues with Safari? Adware is on the rise. See this guide on how to remove it: The Safe Mac Adware Removal Guide
------
Lifeisabeach - Mac-Forums Member of the Month June 2009, Feb 2012, and March 2013.
QUOTE Thanks
andy06

 
Member Since: Feb 15, 2012
Posts: 24
andy06 is on a distinguished road

andy06 is offline
I actually said your idea on how to implement it was nearly perfect. No need to get snarky

INCIDENTALLY, when I checked out Windows, its how its done there as well. It was your own suggestion that a public folder would be best implemented at a higher level if needed.

The rest were sincere questions trying to understand how sharing is implemented if permissions of parent folders would get in the way. But I apologise for daring to question the perfect system. I shall never make this mistake again..
QUOTE Thanks
rman

 
rman's Avatar
 
Member Since: Dec 24, 2002
Location: Los Angeles, California
Posts: 12,591
rman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud ofrman has much to be proud of
Mac Specs: 2 x 3.0GHz Quad-Core, 6GB OS X 10.6.8 | 15in MacBook Pro 2.2GHz OS X 10.6.8 | 64GB iPad 2 WiFi

rman is offline
Quote:
Originally Posted by andy06 View Post
Is there some terminal command which changes the setting to force everything in the Home Folder to be "locked". I remember seeing such a command couple of years ago but ignored it at the time since I wasn't an OS X user and can't seem to Google it anymore.

While changing permissions is ok once or twice, the likelihood is that users will forget if frequently creating and deleting folders (say by course names, project names, assignment specific etc.), thats all I meant
I believe the unix command you are referring to is umask.

Life isn't about waiting for the storm to pass, It's about learning to dance in the rain!
QUOTE Thanks

Post Reply New Thread Subscribe


« iMac wi-fi issue | No output or input sound »
Thread Tools

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are Off
Forum Jump

Similar Threads
Thread
Thread Starter
Forum
Replies
Last Post
Sorting iPhoto Folders by Folder Name DirtyJunk OS X - Apps and Games 0 12-27-2011 02:15 AM
Accidentally changed "Home" folder name... confusing reprecussions... uli_kunkel OS X - Operating System 3 01-19-2010 06:34 PM
I need specific type of backup software benijuana OS X - Apps and Games 5 03-23-2007 12:37 PM
Permissions issue with Home directory koert OS X - Operating System 8 05-23-2005 02:48 PM
Cannot Access Home Folder Dalton29 OS X - Operating System 0 11-16-2004 10:06 AM

All times are GMT -4. The time now is 02:44 PM.

Powered by vBulletin
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
X

Welcome to Mac-Forums.com

Create your username to jump into the discussion!

New members like you have made this community the ultimate source for your Mac since 2003!


(4 digit year)

Already a member?