Password protected file sharing of a single folder
Jul 24, '02 08:37:23AM
Contributed by: jima
I ran into a OS X limitation recently when trying to create a directory that both myself and another remote user could access via AppleTalk. I needed it set up where:
- the remote user would be able to see only that directory,
- the remote user would need a password to access that directory, and
- we both could read/write to that directory.
Although in OS X you have a shared folder and a drop box, the person logging in can't write to the shared folder, and (worst of all) you don't even need a password to access it. If I created a new user using the Users pane in the System Preferences, then we would still have the same problem of not having a common folder to read/write to, not to mention that it would create a bunch of unnecessary directories (like Desktop, Library, Music, Movies, etc).
I tried a shareware app called SharePoints, but for some reason couldn't get that to work (I'm sure it was my own fault) ... besides, sometimes I prefer to figure out the geekier ways of doing things. Read the rest of the article to see what I did to solve this problem...
First I created the directory to share (let's call it sharedir), which I put in my own user's directory. Then in the terminal I typed:
% chmod 770 ~/sharedir
This made it so that myself and anyone in the group staff would have all access, and the rest of the world would have none.
Secondly, in NetInfo Manager I created a new user like so:- in the second column of the Directory Browser scroll down and select 'users'.
- highlight 'www' and click Cmd-D to duplicate. Work on the copy from here on down.
- delete the 'realname' line (so that the user won't show up in the login list).
- change the value of 'name' to the username you want.
- change the 'uid' value to one that no other user has (I used 504).
- change the value of 'home' to the directory created earlier.
- change the value of 'gid' to 20 (which is staff, the group that all users belong to).
- set the value of 'password' to the encrypted password that you want (see below).
- click on any other user or directory to get the save dialogs, and save.
To get the encrypted password, in the terminal type: % openssl passwd -crypt
It will ask you for the password on the next line, and then it will display the encrypted version of the password you entered.
That's it! :-)
Note that all users on the host machine will be able to access the new shared folder. If you didn't want to do this, then you'd need to create a new group and make only the users that have should access a part of the new group. Then you'd change the group ownership of the new directory to that of the new group. I didn't need to go this far, so I didn't figure out how to create and add users to groups using NetInfo Manager. Hopefully someone else can fill us in on this.
Comments (17)
Mac OS X Hints
http://hints.macworld.com/article.php?story=20020724083723804