Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the '10.5: Share any files between users on the same Mac' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.5: Share any files between users on the same Mac
Authored by: tedw on Jun 04, '09 09:23:10AM
I haven't tested this, but I think you can just:
  1. open the Sharing Preferences
  2. enable File Sharing
  3. add the folder you want to share, and
  4. choose what users get to share it.
you probably have more fine-grained control using ACLs, of course, but this seems a lot simpler.

[ Reply to This | # ]
10.5: Share any files between users on the same Mac
Authored by: SOX on Jun 04, '09 10:22:30AM

sharing is different that write prefs



[ Reply to This | # ]
10.5: Share any files between users on the same Mac
Authored by: Sesquipedalian on Jun 04, '09 10:51:41AM

That won't accomplish what this hint does. With this hint, any files created in the Friday folder can be read, written, and executed by everyone. So if your user adds a photo to iPhoto, your wife's user can edit it.

With just sharing, you are getting nothing more than the permissions on the Shared folder already allow: anyone can read, write, and browse the folder itself, but the files and subfolders in the folder remain subject to the usual permissions restrictions. So if your user added a photo to iPhoto, your wife's user could not edit it.



[ Reply to This | # ]
10.5: Share any files between users on the same Mac
Authored by: tedw on Jun 04, '09 04:57:14PM
err... I'm trying to imagine a case where you'd want to give other users permission to execute arbitrary code in your user space. at best, it adds no value that can't be accomplished by putting scripts in /Library for general access; at worst it's a huge security hole.

execution aside, file sharing can set read and write privileges - so yes, in fact, your wife could open, edit, and save your iPhoto entires from her account (assuming you're married; if you're not, and she does, that would be confusing). you may need to move your iPhoto folders into the shared folder, or easier, you could use the sharing panel to make your iPhoto folder shared in and of itself (which I think automatically propagates to its subfolders). what advantage does the command-line approach offer over the file sharing panel, aside from that highly questionable execution issue?

[ Reply to This | # ]

10.5: Share any files between users on the same Mac
Authored by: Sesquipedalian on Jun 05, '09 11:21:38AM

Execution matters because opening a folder is in fact "executing" it. Intuitively one might think that opening a folder involved "reading" it, but in this case intuition in incorrect.

Have you ever tried to look inside another user's home folder and found folders with little "no access" icons on them that you couldn't open? This is because your user does not have execute permissions for that folder. This is the mechanism used to create the drop box folder inside your user's public folder: everyone has write permissions for the drop box (i.e. they can add files to it), but only you have execute permissions (i.e. only you can see what is inside it).

This matters a lot for things like iPhoto and iTunes libraries, because if a newly created folder inside one of those libraries is not executable by everyone, then the most recently added photos (to return to my previous example), which are stored in their own subfolder, will not be available to any user other than the one who first added them.



[ Reply to This | # ]
10.5: Share any files between users on the same Mac
Authored by: tedw on Jun 05, '09 12:48:51PM
in fact, no.

I just tested this on my system: I enabled file sharing, added the pictures folder from a different account to the shared folders column, gave everyone read and write permission, enabled my main account and the other account in the 'options' section, and then voila! I went and opened a picture from the pictures folder on the other account, and saved it back to the other account under a different file name. the little 'no access' badge that's normally on the another user account's pictures folder disappears as soon as I enable sharing for that folder (though it still appears in the system preferences panel until you quit and restart that app).

have you tried it? in this case my 'intuition' seems to be backed up by practical evidence. I understand what you're saying, and it makes a certain degree of sense within the twisted universe of pure unix, but don't underestimate Apple's ability to make functional GUI methods.

[ Reply to This | # ]

10.5: Share any files between users on the same Mac
Authored by: Sesquipedalian on Jun 05, '09 02:11:33PM

I did try it, apparently more thoroughly than you did.

Sharing a folder with read and write permissions will allow another user or group to open the folder and to put files into the folder (yes, Apple's GUI is simplifying read, write & execute into simply "read & write"). But sharing the folder doesn't allow another user to edit a file inside the folder unless and until the permissions on the individual file in question are manually modified (via Finder's Info window or the command line or some other method).

So if my wife's user adds some documents to a shared folder, I can see the document files in the folder and even open them up to read them, but I can't save any changes to them. If I try, I get an error about not having the proper access privileges.

Having to manually modify the permissions on a file isn't too bad to work with for an occasional individual file, but when dealing with the innards of an iPhoto or iTunes library, where many files all over the place are being added and edited all the time, one needs a system in place that will take care of all the permissions issues on all the files and subfolders automatically. That's what this hint about ACLs provides.



[ Reply to This | # ]
10.5: Share any files between users on the same Mac
Authored by: Sesquipedalian on Jun 05, '09 02:17:12PM

Addendum:

The key point here is that in your test you "saved it back to the other account under a different file name." You had to save it into the shared folder with a new name because you were only allowed to create new files, not to edit ones you didn't already own. That won't work when dealing with iTunes and iPhoto. They need to be able to edit files, or the library breaks.



[ Reply to This | # ]
10.5: Share any files between users on the same Mac
Authored by: Sesquipedalian on Jun 05, '09 11:49:15AM
Also, this hint doesn't give other users "permission to execute arbitrary code in your user space." Any code they might execute is run as themselves, not as you.

Perhaps you have this confused with the setuid and setgid bits, which do allow a user to run code as if they were someone else.

[ Reply to This | # ]

10.5: Share any files between users on the same Mac
Authored by: tedw on Jun 05, '09 12:56:42PM
what I meant was they can place any script they like in your user directory and execute it. what happens if someone wrote a script like
#! /bin/bash rm -fr ..
from a script located in your pictures folder. it probably wouldn't work, but if it did it would delete your home directory. again, what advantage do you get out of granting execute privileges that makes opening the door to this kind of thing acceptable?

[ Reply to This | # ]
10.5: Share any files between users on the same Mac
Authored by: Sesquipedalian on Jun 05, '09 01:41:12PM

This hint describes using the ACLs to set permissions on a folder inside /Users/Shared, not a user's home folder (/Users/username). A bash script such as the one you mention would only affect the Shared folder, not anyone's home folder.



[ Reply to This | # ]
10.5: Share any files between users on the same Mac
Authored by: Dr. T on Jun 05, '09 11:54:07AM

"err... I'm trying to imagine a case where you'd want to give other users permission to execute arbitrary code in your user space."

How about your spouse who also uses your home Mac? My wife wouldn't want to and wouldn't know how to "execute arbitrary code" (which I assume is a bizarre phrase meaning "run malware").

I gave up on separate "his" and "her" accounts years ago, because the benefits were too small to justify the hassles. Our main account is a regular user account. I maintain the admin account. iTunes and some iPhoto files are shared across accounts.



[ Reply to This | # ]
10.5: Share any files between users on the same Mac
Authored by: tedw on Jun 05, '09 01:01:47PM

I can see you've never been through a nasty break-up. :) and (knock wood) you never will. my philosophy is 'don't fix what aint broke' but also 'don't make something that breaks just cuz you can't imagine having to fix it'.



[ Reply to This | # ]
10.5: Share any files between users on the same Mac
Authored by: Sesquipedalian on Jun 05, '09 01:45:24PM

Now you are just being silly. If you had a nasty breakup, why are you giving this girl access to your machine? Delete her account, and then she won't be able to log in at all.



[ Reply to This | # ]
10.5: Share any files between users on the same Mac
Authored by: tedw on Jun 05, '09 02:31:07PM

dude, you rarely know in advance that you're going to have a nasty breakup.

I don't actually know whether you're right or wrong about the other stuff, but you're way too involved in the issue for me to bother discussing it further. do it the way you want to do it; not a big issue either way.



[ Reply to This | # ]
10.5: Share any files between users on the same Mac
Authored by: ragmaxone on Jun 05, '09 10:04:39AM

I did the trick using PrefPane and it works...
I compared the result for the 'ls -le' and it's exactly the same. (oops sorry for the mistake: the group's name and the folder's name are not the same)



[ Reply to This | # ]
10.5: Share any files between users on the same Mac
Authored by: Sesquipedalian on Jun 05, '09 02:20:29PM

I also posted this in reply to tedw, but its buried in there and I thought you might not see it, ragmaxone. I'd hate for you to accidentally mess up your iPhoto or iTunes library, so I'm reposting it here too. :)

Sharing a folder with read and write permissions will allow another user or group to open the folder and to put files into the folder (yes, Apple's GUI is simplifying read, write & execute into simply "read & write"). But sharing the folder doesn't allow another user to edit a file inside the folder unless and until the permissions on the individual file in question are manually modified (via Finder's Info window or the command line or some other method).

So if my wife's user adds some documents to a shared folder, I can see the document files in the folder and even open them up to read them, but I can't save any changes to them. If I try, I get an error about not having the proper access privileges.

Having to manually modify the permissions on a file isn't too bad to work with for an occasional individual file, but when dealing with the innards of an iPhoto or iTunes library, where many files all over the place are being added and edited all the time, one needs a system in place that will take care of all the permissions issues on all the files and subfolders automatically. That's what this hint about ACLs provides.



[ Reply to This | # ]