Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 'Share an iPhoto library among multiple users' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Share an iPhoto library among multiple users
Authored by: dsouth on Mar 25, '04 01:39:11PM

Interesting hint.

A quick warning though, the SUID root script appears to be insecure. It would allow anyone to make any file on the computer group writeable. A nefarious user could use the`ln` command to create a hard link from some file they wanted to change/delete (say /etc/passwd) to new file someplace in the shared library, then run the SUID script. Once the script has run /etc/passwd (or whatever) can be modified, and your machine has been compromised. SUID scripts are evil.

Granted, this may not be a concern for many, and only staff can run the SUID script, but I thought it was worth mentioning.



[ Reply to This | # ]
Share an iPhoto library among multiple users
Authored by: david.frank on Mar 25, '04 03:55:01PM

much simpler: if you have multiple partitions, move your iPhoto library to another partition and turn off permissions for that partition, then make a normal alias from your ~/Pictures folder to the moved 'iPhoto Library'



[ Reply to This | # ]
Share an iPhoto library among multiple users
Authored by: koncept on Mar 25, '04 05:19:57PM

read number 3 again...



[ Reply to This | # ]
Share an iPhoto library among multiple users
Authored by: tjp on Mar 25, '04 11:27:19PM
I've been looking for a good answer to this problem for some time but I too am concerned about the use of an suid root script in this particular solution. I think I've come up with one that's close to this but much simpler. Do all of the same things for moving the iPhoto library to a commonly accessible location but skip all of the shell script and AppleScript stuff. Instead, open a Terminal window and enter the following:
cd /Applications/iPhoto.app/Contents/MacOS
sudo chown iPhoto_Library_owner_short_name *
sudo chmod u+s *
So, assuming the user that owns this iPhoto library has a short name of dad, a long listing of this directory would look like:
ls -l
-rwsrwxr-x  1 dad  admin  1931776 21 Mar 22:47 iPhoto
-rwsrwxr-x  1 dad  admin   271300 21 Mar 22:47 iPhotoDPAPService
-rwsrwxr-x  1 dad  admin    71820 21 Mar 22:45 photocd
Now, this still uses the set uid bit but instead of running iPhoto as root with suid root scripts (and all the security issues that brings), any user on the system will run the core iPhoto executables as the (unprivileged) user that owns the shared library, no matter who they are. This means all files edited or created within the library will be owned by the same user, no matter who actually ran iPhoto.

Also note that this leaves the group assignment for the iPhoto executables as admin, preserving the ability of any authorized admin account to update the software.

This is also better for me than the "Ignore ownership on this volume" solution because, not only does my wife need to use this system (and the iPhoto library), but my eight year old son does as well and even though I have my photo library on a separate partition, there's a bunch of other stuff there that I don't want him to be able to trash. Sure he could go into iPhoto and mess that up but there's a point at which, if you want this kind of flexibility, you just have to stop chasing your tail.

[ Reply to This | # ]

Share an iPhoto library among multiple users
Authored by: captnswing on Mar 26, '04 02:31:52AM

i like this, this is almost the neatest solution, if not for two drawbacks:

1) you have to reapply the patch, everytime you update iPhoto (granted, thats not too often)

2) you have to reapply the patch, after everytime you ran "repair volume permissions"

not too bad, but it seems that each approach has _some_ drawbacks. Hope apple comes forward with a solution that works without drawbacks one day



[ Reply to This | # ]