Permissions issue with Home directory

K

koert

Guest
Hi

I don't know if this is "normal", but I don't find it logic, so I googled about 1/2hrs for it, but didn't find anything usefull.

I have 3 accounts on my mac X.2.8, that's me, my brother, and my dad.

You all know the Home folder, where you find the folders "Images", "Music", "Sites", "Public", "Documents", etc.

As you probably know, the HOME directory can be opened by other accounts (when THEY log in). But they can't open what's inside the HOME dir (e.g. my brother can see what's inside my Home, but he can't see the songs in my music folder). The only 2 folders in your Home that can be opened by others, are "Public" and "Sites".

So far, no problem. But when I make a new folder inside my Home (let's call it "Dirty Movies"), then by default any user has read/write permissions for it. I don't find this logic.

I tried to restore the permissions via several ways (reboot with cd, and via terminal), but the home directories remain untouched/unrepaired.

Is this
A) a security issue that cannot be solved, and shold I change permissions for every new folder I make in the Home? or
B) something I messed up...?

I'm not a Win fan, but I must say, in XpPro you can set permissions for a directory, and set/unset that this directory should automatically copy the same permissions for new items created inside. E.g. I can set it for my Home dir, and every new folder created inside the Home, gets te same permissions.
Can this be done with OsX.2.8?

Thanks in advance
 
OP
K

Kokopelli

Guest
there are a number of ways to accomplish what you desire. What I am describing is the *nix way via command line. There may be an easier way via the GUI but I never bothered learning it.

1) Open a terminal
2) type "cd ~;ls -l"

without going into detail "drwx------" means only you have access to the directory. "drwxr-xr-x" means you have read/write rights and everyone else can read as well as get directory listings. So we want to change the latter to the former.
3) from our home directory (which you should be in unless you changed it) type :
"chmod -R og-rwx 'dirty movies'"
in order this command says we are:
a) changing permissions (chmod)
b) want the change to effect all subfolders (-R)
c) the change is to the permissions of others and the group (og)
d) we are removing read, write, and execute rights (-rwx)
e) on the directory 'dirty movies'

NOTE: you will need the single quotes if there is a space in the name such as 'dirty movies'. Further while your family will not be able to enter the folder they will be aware there is a folder called 'dirty movies' so I suggest sticking such a folder inside a more innocently named folder that only you have access to.

for more reading on this esoteria you can use the command "man chmod"

hope that helps.
 
OP
K

Kokopelli

Guest
By the way, the behavior is correct from a Unix standpoint. Any new directory created will by default inherit the parent directories access settings. In the case of home folders that is dwrxr-x-r-x with the owner and group being the user whose home folder it is. If custom permissions are required they should be configured by hand either from the GUI or command line.
 
Joined
Feb 9, 2005
Messages
2,340
Reaction score
82
Points
48
Location
DFW
Your Mac's Specs
MacBook Pro 13" | MacBook Pro 13" | Mac Mini 2GHz C2D
Kokopelli said:
there are a number of ways to accomplish what you desire. What I am describing is the *nix way via command line. There may be an easier way via the GUI but I never bothered learning it.

1) Open a terminal
2) type "cd ~;ls -l"

without going into detail "drwx------" means only you have access to the directory. "drwxr-xr-x" means you have read/write rights and everyone else can read as well as get directory listings. So we want to change the latter to the former.
3) from our home directory (which you should be in unless you changed it) type :
"chmod -R og-rwx 'dirty movies'"
in order this command says we are:
a) changing permissions (chmod)
b) want the change to effect all subfolders (-R)
c) the change is to the permissions of others and the group (og)
d) we are removing read, write, and execute rights (-rwx)
e) on the directory 'dirty movies'

NOTE: you will need the single quotes if there is a space in the name such as 'dirty movies'. Further while your family will not be able to enter the folder they will be aware there is a folder called 'dirty movies' so I suggest sticking such a folder inside a more innocently named folder that only you have access to.

for more reading on this esoteria you can use the command "man chmod"

hope that helps.
wow, just wow

i tried adding to your karma for this but i had just given you karma for another post.
 
Joined
Jun 25, 2004
Messages
1,779
Reaction score
65
Points
48
Location
Luxemburg, Europe
Your Mac's Specs
PowerMac G5 Dual 2GHz (June 2004), 2.5GB, Airport, black 5G iPod 30GB, white MacBook 2.0 2GB
The GUI-way for changing a folder's access permissions and ownership is to ctrl-klick the folder, choose "Get Info" in the context menu. There you will find at the bottom "Ownership & Permissions" and "Details".
Here you can set the access rights.
 
OP
K

koert

Guest
Kokopelli said:
If custom permissions are required they should be configured by hand either from the GUI or command line.

Okay, so I will just have to learn how to live with it.
Anyway, it sucks. Maybe I will try to make my life easier by writing a small script that can be run periodically, and does this for me, for all items but not Pub and Sites.

By the way thanks for the first reply, but it's the same when I select my Home folder, then open the Finder info window (Applebutton-I), and change the crap listed here. This is the GUI way you said. Issue remains: solution isn't sticky, so I have to do this everytime when I make a new item in my Home.
 
OP
K

Kokopelli

Guest
Or you could put your added folders into a subfolder with adjusted permissions. Then you will not need to remember to do anything. This will only be a problem if you are continually creating directories in the base of your home folder. Another option would be to lock down your base home directory (don't do it recursively though) and create links to the directories you want to share somewhere publicly accessible like the Shared folder.

On a side note why is it that using info prompts you for a password? I'll stick with chmod, it's faster once you learn the commands.

Finally, fearlessfreap24, you're making me blush. :)
 
OP
J

jeremyjones

Guest
I posted on another thread that a utility to change permissions is Batchmod. It works great. You can find it here.

It is a GUI to change permissions. No more command line. I use it all the time at work.
 
OP
K

koert

Guest
Kokopelli said:
Or you could put your added folders into a subfolder with adjusted permissions.
That's an easy and good solution, but it had been nice to see these items listed when clicking the "home" button in the finder.

Kokopelli said:
On a side note why is it that using info prompts you for a password?
...you don't have to use the "hanglock" feature, but it's advised. If you change permissions of an item, you can "secure" them by clicking the hanglock symbol, so nobody will be able to change permissions on the fly via the GUI. We all know that this isn't waterproof if you know some terminal basics, but it might avoid accidental changings of permissions (maybe by others).
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top