AD Banner

Featured

3/featured/recent

footer about

Videos

6/cate2/videos
Adv (300 x 250)

Find us on Facebook

5/cate3/lifestyle

Advertisement

6/breakingnews/random

Instagram posts

About us

3/cate1/entertainment

Recent Comments

Lorem Ipsum is simply dummy text of the printing and typesetting industry. Lorem Ipsum has been the industry's standard dummy text ever since the 1500s, when an unknown printer took a galley of type and scrambled it to make a type specimen book.
Copyright ©2019 by Mogtemplates

contact form

Name

Email *

Message *

Other News

[Related][recentmag]

EHI ONLINE LESSONS

EHI ONLINE LESSONS

Powered by Blogger.

Random Posts

World News

[World News][recentmag]
featured

Header Ads

Total Pageviews

Search This Blog

Blog Archive

Search This Blog

Latest

Brexit

Brexit

Football

Football

Random posts

5/cate4/random

Random Post

Adv (880 x 120)

News By Picture

pictures

Hot News

5/cate3/hottrend
Adv (880 x 120)

Labels

Hot News

[Hot News][recentmag]

Labels Cloud

Get In Touch
Footer Logo

Trending Posts Display

Labels List

Home Layout Display

Posts Title Display

Theme Layout

Theme Translation

Tech

tech

Games

games

Popular Posts

127 Likes
3,240 Followers
12.7k Subscribers
136 Followers

Pages

Recent Comments

How accessories make you a better lover. 18 ways devices are completely overrated. Operating systems in 12 easy steps.

Recent Posts

Adv (300 x 250)

Popular Posts

Trending Posts

Tags:

How to secure files from other users on external disks

By Ehijoshua (Jboss) → Tuesday, 9 July 2013

How to secure files from other users on external disks

If you use an external disk drive with OS X, you may notice that when it is mounted, it becomes available for all users on the system. Therefore, if you have files you have saved to a USB drive and you attach it to your system and you switch user accounts, those files will be viewable within the second account.
In addition, if you have network file sharing enabled, the files on this drive will be accessible to any user who logs in via the network.
This behavior may seem a bit concerning, especially for those who have set up encryption on secondary drives in hopes of preventing others from viewing their files, but this is normal behavior in OS X, and essentially means two things:
Mounted external drive in OS X
An attached and mounted drive and even private contents on it will be viewable in all user accounts.
(Credit: Screenshot by Topher Kessler/CNET)
  1. Encryption by itself is only meant to secure a drive's contents from access if the drive has been locked (ie, removed from the system, or the system shut down). It is not meant to protect one users' files from another user on the same system. While unlocking the drive is limited to those who have the password, once unlocked then all users will have access just like any other USB or Firewire drive.

    On a related note, there has been past concern about encrypted drives being easily remounted if you tell it to eject but do not detach them from the system; however, this is ultimately not a security threat. Simply do not use encryption to protect data from another account on the system, as this purpose is not its intent. Instead, only use it to prevent a thief or other third-party who you have not given access to your computer, from accessing your files.
  2. External hard drives are open to all users by default. Even though all hard drives are capable of containing permissions restrictions like any other folder on the system, for external drives OS X turns this feature off. This is primarily because permissions settings are specific to one operating system installation, so those set by one system may either not be observed by another, or be interpreted to mean something entirely different and result in improper access to the files.
If set up independently, encryption will not protect your files from other local users, and permissions may be overcome by using the drive with another system. Therefore, the way to fully secure the files on your external drive is to enable both of these features.
To do this, first enable encryption on the drive by right-clicking it in the Finder and choosing the Encrypt Drive option. Supply the password to use when prompted, and then wait for the drive to remount as an encrypted volume.
Permissions settings for external hard drives in OS X
Uncheck this box to enable observation of access permissions on the external drive. Then set specific access privileges in the list of users and groups.
(Credit: Screenshot by Topher Kessler/CNET)
Next, enable permissions observation on the drive by selecting it and pressing Command-I to get information on the drive. In the information window that appears, expand the Sharing section and click the lock to authenticate. Then uncheck the option to "Ignore Ownership on this volume."
With this setting in place, the system will now observe permissions restrictions on the drive, which you can set to permit or deny access to specific users (note that this will only work to manage access for nonadministrator accounts -- admin accounts will always be able to grant themselves access to files and folders).
By default, the drive will be owned by the account that formatted it, so you should see your username listed as the first item in the Sharing & Permissions list. Next the drive should have a group association of "staff" (underneath your username) which is the default group for all local accounts on the system. This allows you to set global permissions for accounts other than yours.
Finally, there should be an "everyone" group that encompasses all other users on the system, such as a guest user account that is not a member of the "staff" group.
At this point, you have two possible approaches for the drive. The first is to set its permissions so only you have access to it, and the second is to set it up with a subdirectory or two that is only restricted to your account, so other accounts can do the same and have their sequestered and private folders.
Single user access permissions for external drive
To only allow your account access, remove all groups and users except for your account, and set "everyone" to "no access."
(Credit: Screenshot by Topher Kessler/CNET)
Single-user access
To set the drive so only you have access, in the Sharing & Permissions section of the information window, choose "no access" for the "staff" group (or simply select and remove this group altogether). Then set the "everyone" group to likewise have "no access."
When finished, click the small gear menu and select the option to apply these settings to all enclosed items (this step is not needed on an empty drive).
At this point the entire drive will be a private, detachable folder for your account. Even though it will show up as a device in other accounts on the system, if they try to access it then they will be given a "permission denied" error.
Multi-user access permissions for external drive
To allow multiple users to read the drive, set the "staff" permissions accordingly. If you set it to "Read Only" (so the top level of the drive cannot be modified) then be sure to put a folder on the drive, and set its permissions so each user can read it. Additionally, be sure to set "everyone" to have no access.
(Credit: Screenshot by Topher Kessler/CNET)
Multiuser access
To set the drive up so other users have access, leave the drive's permissions as their default so the "staff" group is intact and has full read and write permissions. Then open the drive in the Finder and create a folder on it to store your files. Now get information on this folder and set it so only your account is in the Sharing & Permissions list, with "read & write" access, and with all others set to "no access."
From here, your account will be able to view the files in this folder, but other accounts will not.
As an additional security measure, you can set up a similar folder for each account on the system, and when finished get information on the drive itself and set the "staff" group to "read only" permissions (do not use the gear menu's option to apply permissions to enclosed items). With this setup, when another user opens the drive, they will only be able to drag items to their specific folder, and neither to another user's folder nor to the top level of the drive.
Regardless of the approach you use, at this point you will have a drive that has secured resources from other users, and one that is also encrypted and thereby protected from someone attempting to override the permissions settings by attaching it to another computer.

Post Tags:

Jillur Rahman

I'm Jillur Rahman. A full time web designer. I enjoy to make modern template. I love create blogger template and write about web design, blogger. Now I'm working with Themeforest. You can buy our templates from Themeforest.

1 comment to '' How to secure files from other users on external disks"

ADD COMMENT