Computer Protection Program Berkeley Lab
Computer Protection Program at Berkeley Lab Security
Ernest Orlando Lawrence Berkeley National Laboratory
Emergencies | Site Index | Contact Us
CPP Home
Contacts
Policy Guidelines
Scan Information
System Procedures
Tools & Services
ALERTS
Recent CPP Actions
News & Articles
CPP Intranet
 
 
  PROCEDURES FOR SECURING SYSTEMS  
How to Share More Than Public Folders in OS X  

Warning
Note


Back to Macintosh Security >>

________

From John's Apple Advocate Newsletter

File Sharing in Mac OS X only shares a user's Public folder. Even though the Info window may indicate that other folders or volumes have read-write privileges for Everyone, only a user's Public folder is shared. Volumes that are not startup disks are not shared at all.

By design, Mac OS X only shares a user's Public folder. Limited file sharing is a feature of Mac OS X, which also enhances security. If you need a full server feature set, including group management, see the Mac OS X Server product page.

There is also this workaround, which is less secure:

You can share files from any folder on any volume by logging in at the client computer as an Admin user. Admin users log in like any other file sharing user, from either the Chooser or the Connect to Server dialog of the client computer. The Admin user for a computer is either the first user created after setting up Mac OS X or any other user designated "Admin" in the Users pane of System Preferences. A computer can have more than one Admin user.

Warning

1. A user logged in as an Admin has complete read-write access to all files on all volumes connected to a computer running Mac OS X. The level of access that an Admin user has when logged in with AppleShare is greater than the same user would have when logged into the Mac OS X computer directly (barring use of the Terminal). You should never allow other users to log in remotely as Admin in an environment in which security or user skill level concerns could result in the unauthorized introduction or
deletion of data. For users familiar with UNIX-style operating systems,
the Admin user is similar to a root user.

2. Do not connect to your Home directory and the disk that contains it at the same time. If you have connected to one, drag it to the Trash before
connecting to the other. Failing to take this precaution presents a situation in which you could attempt to replace a file with itself, resulting in the loss of the file.

Note

Two volumes with the same name may not appear in the Chooser or Connect to Server dialog. This occurs, for example, if you have both Mac
OS X 10.0 and Mac OS X 10.1 installed on different disks or partitions on
the same computer. Since both disks are named "Mac OS X," only the startup disk is available.
 

Home | Contacts | Policy Guidelines | System Procedures | Tools & Services | ALERTS | News & Articles