For about nine months now, I have been sharing numerous portions of my "Home" directories amongst three users. These shared directories include the Desktop, Documents, Music and portions of the Library.
I have a Titanium PowerBook, and when I am in my home office, I want access to everything. But, when I set up shop in a cubicle at a client's office, I want to limit access to personal and financial (billing) information while retaining access to everything else. And, when I loan my laptop to a client (I'm very trusting), I want them to have access to a few things but not much else.
Read the rest of the article for a detailed explanation of how I created and modified users, folders and permissions to accomplish these objectives.
[robg adds: If you're interested in some unique ways of creating shared folders and users on one machine, read the rest of the article -- but please, if you're going to try any of this stuff, make sure you have a good backup first!]
The first step in my solution was to create three Users:
/Users/userathome (Admin User - access to everything)
/Users/useratwork (Admin User - access to almost everything)
/Users/guestuser (Guest User - shared preferences)
I then manually created two additional directories in the Users directory:
/Users/mystuff
/Users/openstuff
And, a variety of subdirectories:
/Users/mystuff/Desktop
/Users/mystuff/Documents
/Users/mystuff/Library
/Users/openstuff/Library
/Users/openstuff/Music
Then, logged in as root, I deleted the following directories:
/Users/userathome/Desktop
/Users/userathome/Documents
/Users/userathome/Music
/Users/useratwork/Desktop
/Users/useratwork/Documents
/Users/useratwork/Music
/Users/guestuser/Music
Still logged in as root, I created aliases:
FROM:
/Users/userathome/Desktop[ alias]
/Users/useratwork/Desktop[ alias]
TO:
/Users/mystuff/Desktop
FROM:
/Users/userathome/Documents[ alias]
/Users/useratwork/Documents[ alias]
TO:
/Users/mystuff/Documents
FROM:
/Users/userathome/Music[ alias]
/Users/useratwork/Music[ alias]
/Users/guestuser/Music[ alias]
TO:
/Users/openstuff/Music
Links are fine but aliases seem to work better with Classic apps. Be sure to remove the " alias" from the end of the alias filenames. Next, set the permissions appropriately:
Aliases (or links) are owned by the appropriate user:
/Users/userathome/Desktop[ alias] userathome:admin -rw-r-----
/Users/useratwork/Desktop[ alias] useratwork:admin -rw-r-----
/Users/userathome/Documents[ alias] userathome:admin -rw-r-----
/Users/useratwork/Documents[ alias] useratwork:admin -rw-r-----
/Users/userathome/Music[ alias] userathome:admin -rw-r--r--
/Users/useratwork/Music[ alias] useratwork:admin -rw-r--r--
/Users/guestuser/Music[ alias] guestuser:admin -rw-r--r--
Shared directories (and everything contained therein) are as follows:/Users/mystuff/Desktop userathome:admin drwxrwx---
/Users/mystuff/Documents userathome:admin drwxrwx---
/Users/mystuff/Library userathome:admin drwxrwx---
/Users/openstuff/Library userathome:admin drwxrwxrwx
/Users/openstuff/Music userathome:admin drwxrwxrwx
At this point, when logged in as userathome OR useratwork, you will have full access to the same Desktop and Documents directories. Logged in as ANY user, you will have full access to the same Music directory. In my case, I then created two new directories in my home directory:/Users/userathome/Finance userathome:admin drwx------
/Users/userathome/Personal userathome:admin drwx------
The next step is to selectively move preferences from the users' ~/Library to the appropriate shared/Library and replace the local preferences with aliases (or links). For example, my DragThing preferences are here:/Users/openstuff/Library/Preferences/DragThing PreferencesThes preferences are shared via aliases by all users. DragThing is now the same no matter who is logged in. Any changes made when logged in as one user are applicable to all users. I do the same thing with FruitMenu and my FruitMenu Items. A more complex example would be Entourage. My business email identity is in:
/Users/mystuff/Documents/Microsoft User Data/Office X Identities/DesignrThis identity is accessible when I'm logged in as userathome or useratwork but not guestuser. And, my personal email identity is linked via an alias at:
/Users/mystuff/Documents/Microsoft User Data/Office X Identities/BrianThis alias points back to:
/Users/userathome/Personal/Microsoft User Data/Office X Identities/BrianThis is only accessible when I am logged in as userathome.
try
do shell script "chown -R userathome /Users/mystuff"
password "yourpasswordathome" with administrator privileges
end try
try
do shell script "chgrp -R admin /Users/mystuff"
password "yourpasswordathome" with administrator privileges
end try
try
do shell script "chmod -R u=rwx,g=rwx,o=-rwx /Users/mystuff"
password "yourpasswordathome" with administrator privileges
end try
try
do shell script "chgrp staff /Users/mystuff"
password "yourpasswordathome" with administrator privileges
end try
try
do shell script "chown -R userathome /Users/openstuff"
password "yourpasswordathome" with administrator privileges
end try
try
do shell script "chgrp -R staff /Users/openstuff"
password "yourpasswordathome" with administrator privileges
end try
try
do shell script "chmod -R u=rwx,g=rwx,o=rwx /Users/openstuff"
password "yourpasswordathome" with administrator privileges
end try
Replace "userathome" with "useratwork" and replace "yourpasswordathome" with "yourpasswordatwork" in the Applescript that runs when you login as useratwork. Wrapping each step in a "try" command prevents "file locked" errors from being returned (which stops the script). I considered a cron job but could not figure out a way to execute it at login.
try
do shell script
"chown userathome /Applications\ \(Mac\ OS\ 9\)/QuarkXPress/XTension/PDF\ Filter.prf"
password "yourpasswordathome" with administrator privileges
end try
BTW: Again, back up EVERYTHING before trying this at home!
Mac OS X Hints
http://hints.macworld.com/article.php?story=20030304214738124