Glaring Privacy Hole in Home Folder (Everyone can see self created folders)

andy06 · Feb 15, 2012

In OS X, any folders that you create in the Home Folder can be viewed by other users of the Computer!
Isn't this a glaring privacy hole? It does not warn while creating, its not well publicised and I think its entirely reasonable for a user to expect that their entire Home Folder is sandboxed from other users and not just the system default folders.

Example: If you goto you Home folder and create a new folder "Projects" or "Assignments", its contents can be viewed and modified by other users!

rman · Feb 15, 2012

This is not privacy hole. By default when a folder is created it has owner read/write access and everyone else read access, unless you change it. No one else will be able to write into folder unless you give write access to it.

andy06 · Feb 15, 2012

Then thats an improper default setting, no?
Especially in the Home Folder. Consider the Dropbox folder for example, since it is created in the Home folder, its contents (documents, password sync files) are open for all to see.

In my opinion, its not reasonable behaviour that the default is to allow everyone to view contents of Home Folder user folders

Dysfunction · Feb 15, 2012

andy06 said:
In my opinion, its not reasonable behaviour that the default is to allow everyone to view contents of Home Folder user folders

Apple - Feedback

No one here can address your architectural concerns.

andy06 · Feb 16, 2012

Is there some terminal command which changes the setting to force everything in the Home Folder to be "locked". I remember seeing such a command couple of years ago but ignored it at the time since I wasn't an OS X user and can't seem to Google it anymore.

While changing permissions is ok once or twice, the likelihood is that users will forget if frequently creating and deleting folders (say by course names, project names, assignment specific etc.), thats all I meant

Lifeisabeach · Feb 16, 2012

andy06 said:
Then thats an improper default setting, no?
Especially in the Home Folder. Consider the Dropbox folder for example, since it is created in the Home folder, its contents (documents, password sync files) are open for all to see.

In my opinion, its not reasonable behaviour that the default is to allow everyone to view contents of Home Folder user folders

Well it's reasonable because there are times when you need subitems to be publicly available. That's actually what the Public folder is specifically for. If NOTHING in the Home folder can be at least read, then your Public folder would be wholly inaccessible.

The best thing to do would be to simply put items you want no one else to have eyes on in your Documents folder, which by default does have everyone else locked out.

andy06 · Feb 16, 2012

It would be better to have all the folders locked down (including all new ones) except the Public folder. That would be the obvious way to do it.

That is to say, the public folder would have different permissions instead of imposing a compromise on everything for just one folder.

Lifeisabeach · Feb 16, 2012

andy06 said:
It would be better to have all the folders locked down (including all new ones) except the Public folder. That would be the obvious way to do it.

That is to say, the public folder would have different permissions instead of imposing a compromise on everything for just one folder.

Except there is no obvious way to do it. Think about it. Anything you create in a subfolder will normally and automatically inherit the parent folder's permissions. The system can't arbitrarily say "well let's use something else". The permissions system simply doesn't work that way, and if they over-engineered it to do something different, there'd be a layer of complexity that would greatly increase the likelihood of confusing or faulty permissions propagating. The Home folder MUST be readable to all in order to get to the Public folder. The alternative would be to not have a Public folder per user. Putting the Public folder elsewhere isn't a viable solution. Not as a default action anyway.

If you don't want a Public folder, or want to put it outside your Home folder, it's an easy fix. First… open Get Info on your Home folder. You'll see permissions like these:

To change, click the lock at the bottom to authorize the following changes:

Delete staff.
Change everyone from Read only to No Access.
Click on the drop-down box with the gear icon and select "Apply to enclosed items…"

Yer done. No one but you will ever be able to see anything in your Home folder. Nothing now nor anything added later.

If you want a Public folder, create it in the root directory and set permissions as in this screen cap:

If you want to maintain a Drop Box that can only be written to but not read, then see this screen cap (don't confuse DropBox the cloud service with the Drop Box that OS X maintains):

andy06 · Feb 17, 2012

Your second solution: Creating the Public folder in another directory (outside HOME) seems like the perfect solution, no?

I checked and that's how Windows 7 does it anyway, the Public folder is at the same level as the User Home folders rather than within them.

Re: The inheritance of attributes. It makes perfect sense but then this would be a default pre-created folder. How is it managed at the back end when you "share"a folder but not anything at a higher level than the shared folder? I guess that implies that the necessary functionality already exists to enable it?

Thanks

andy06 · Feb 17, 2012

What is the Home Folder? - Switch To A Mac Guides

That seems to indicate that a couple versions back, they were indeed locked down AND also had a Public folder. How was that? Or is the information just wrong?

Lifeisabeach · Feb 17, 2012

andy06 said:
Your second solution: Creating the Public folder in another directory (outside HOME) seems like the perfect solution, no?

I checked and that's how Windows 7 does it anyway, the Public folder is at the same level as the User Home folders rather than within them.

Re: The inheritance of attributes. It makes perfect sense but then this would be a default pre-created folder. How is it managed at the back end when you "share"a folder but not anything at a higher level than the shared folder? I guess that implies that the necessary functionality already exists to enable it?

Thanks

Tell you what. Why don't you file a complaint with Apple. I'm sure that, once they realize that Microsoft does it to your liking, they'll see the light and change things. /s

andy06 · Feb 17, 2012

I actually said your idea on how to implement it was nearly perfect. No need to get snarky

INCIDENTALLY, when I checked out Windows, its how its done there as well. It was your own suggestion that a public folder would be best implemented at a higher level if needed.

The rest were sincere questions trying to understand how sharing is implemented if permissions of parent folders would get in the way. But I apologise for daring to question the perfect system. I shall never make this mistake again..

rman · Feb 18, 2012

andy06 said:
Is there some terminal command which changes the setting to force everything in the Home Folder to be "locked". I remember seeing such a command couple of years ago but ignored it at the time since I wasn't an OS X user and can't seem to Google it anymore.

While changing permissions is ok once or twice, the likelihood is that users will forget if frequently creating and deleting folders (say by course names, project names, assignment specific etc.), thats all I meant

I believe the unix command you are referring to is umask.