If you use an external disk drive with OS X, you may notice that when
it is mounted, it becomes available for all users on the system.
Therefore, if you have files you have saved to a USB drive and you
attach it to your system and you switch user accounts, those files will
be viewable within the second account.
In addition, if you have network file sharing enabled, the files on
this drive will be accessible to any user who logs in via the network.
This behavior may seem a bit concerning, especially for those who
have set up encryption on secondary drives in hopes of preventing others
from viewing their files, but this is normal behavior in OS X, and
essentially means two things:
|An attached and mounted drive and even
private contents on it will be viewable in all user accounts.
- Encryption by itself is only meant to secure a drive’s contents from
access if the drive has been locked (ie, removed from the system, or
the system shut down). It is not meant to protect one users’ files from
another user on the same system. While unlocking the drive is limited to
those who have the password, once unlocked then all users will have
access just like any other USB or Firewire drive.
On a related note, there has been past concern about encrypted drives being easily remounted
if you tell it to eject but do not detach them from the system;
however, this is ultimately not a security threat. Simply do not use
encryption to protect data from another account on the system, as this
purpose is not its intent. Instead, only use it to prevent a thief or
other third-party who you have not given access to your computer, from
accessing your files.
- External hard drives are open to all users by default. Even though
all hard drives are capable of containing permissions restrictions like
any other folder on the system, for external drives OS X turns this
feature off. This is primarily because permissions settings are specific
to one operating system installation, so those set by one system may
either not be observed by another, or be interpreted to mean something
entirely different and resulting in improper access to the files.
If set up independently, encryption will not protect your files from
other local users, and permissions may be overcome by using the drive
with another system. Therefore, the way to fully secure the files on
your external drive is to enable both of these features.
To do this, first enable encryption on the drive by right-clicking it
in the Finder and choosing the Encrypt Drive option. Supply the
password to use when prompted, and then wait for the drive to remount as
an encrypted volume.
Uncheck this box to enable observation of access
permissions on the external drive. Then set specific
access privileges in the list of users and groups.
Next, enable permissions observation on the drive by selecting it and
pressing Command-I to get information on the drive. In the information
window that appears, expand the Sharing section and click the lock to
authenticate. Then uncheck the option to “Ignore Ownership on this
With this setting in place, the system will now observe permissions
restrictions on the drive, which you can set to permit or deny access to
specific users (note that this will only work to manage access for
nonadministrator accounts — admin accounts will always be able to grant
themselves access to files and folders).
By default, the drive will be owned by the account that formatted it,
so you should see your username listed as the first item in the Sharing
& Permissions list. Next the drive should have a group association
of “staff” (underneath your username) which is the default group for all
local accounts on the system. This allows you to set global permissions
for accounts other than yours.
Finally, there should be an “everyone” group that encompasses all
other users on the system, such as a guest user account that is not a
member of the “staff” group.
At this point, you have two possible approaches for the drive. The
first is to set its permissions so only you have access to it, and the
second is to set it up with a subdirectory or two that is only
restricted to your account, so other accounts can do the same and have
their sequestered and private folders.
|To only allow your account access, remove
all groups and users except for you
r account, and set “everyone” to “no access.”
To set the drive so only you have access, in the Sharing &
Permissions section of the information window, choose “no access” for
the “staff” group (or simply select and remove this group altogether).
Then set the “everyone” group to likewise have “no access.”
When finished, click the small gear menu and select the option to
apply these settings to all enclosed items (this step is not needed on
an empty drive).
At this point the entire drive will be a private, detachable folder
for your account. Even though it will show up as a device in other
accounts on the system, if they try to access it then they will be given
a “permission denied” error.
|To allow multiple users to read the drive, set the “staff”
permissions accordingly. If you set it to “Read Only”
(so the top level of the drive cannot be modified) then be
sure to put a folder on the drive, and set its permissions
so each user can read it. Additionally,
be sure to set “everyone” to have no access.
To set the drive up so other users have access, leave the drive’s
permissions as their default so the “staff” group is intact and has full
read and write permissions. Then open the drive in the Finder and
create a folder on it to store your files. Now get information on this
folder and set it so only your account is in the Sharing &
Permissions list, with “read & write” access, and with all others
set to “no access.”
From here, your account will be able to view the files in this folder, but other accounts will not.
As an additional security measure, you can set up a similar folder
for each account on the system, and when finished get information on the
drive itself and set the “staff” group to “read only” permissions (do
not use the gear menu’s option to apply permissions to enclosed items).
With this setup, when another user opens the drive, they will only be
able to drag items to their specific folder, and neither to another
user’s folder nor to the top level of the drive.
Regardless of the approach you use, at this point you will have a
drive that has secured resources from other users, and one that is also
encrypted and thereby protected from someone attempting to override the
permissions settings by attaching it to another computer.