[tightsocks]

Hi,

I've been using OS X for a while now (currently 10.3.6) and I feel pretty comfortable with it, but every so often something comes up that freaks me out...

Here is the issue:

If another creates a folder in his home directory I am able to access his folder when I am logged into my account (and vice versa)

This does not apply to the standard user folders such as Documents, Library, Pictures, Movies etc. which

Is this normal?

[Mithras]

A created folder inherits the permissions of the "parent" folder. Home directories are readable, so that you can get to someone's Shared folder. So yes, new directories created under the home folder will be world-readable unless you change them.

Of course, one might ask why someone is creating new folders in the top of their homedir. Probably they should be putting things under ~/Documents or ~/Library, no?

Also, you can change the permissions by clicking once on the folder in the Finder, the selecting File:Get Info, and opening the Permissions triangle.

[tightsocks]

Thanks very much for the explanation!

[Millennium]

If you don't want someone to be able to access your Home folder, set its permissions to 700 (everything for the owner, nothing for anyone else).

If you do this, however, you should be aware that Personal Web Sharing will no longer work for you, because the Web server won't be able to access your Sites folder either. The machine's own server (in /Library/WebServer) will continue to work just fine, as will Personal Web Sharing for any users who haven't done this.

As an alternate solution, you could lock down only your Documents and Library folders (and any other folders you deem appropriate) and leave your Home and Sites folders unlocked. This will allow the Web server to get at your Sites folder, so Personal Web Sharing will continue to work. The disadvantage to this is that other users will still be able to see what's in your Home folder (though depending on the permissions, they may not be able to actually access any of it). If you only keep sensitive stuff in folders you've locked down, however, this should not be much of a problem.

[Jellytussle]

Originally posted by Mithras:
A created folder inherits the permissions of the "parent" folder. Home directories are readable, so that you can get to someone's Shared folder. So yes, new directories created under the home folder will be world-readable unless you change them.

This is incorrect. A created folder has permissions set by the system umask, which by default is 022 in Mac OS X. meaning that a folder is read/write by the owner, and readable by group and everyone. You can change the umask either with tinkertool, or system-wide using the tip here. Be warned that this may affect the operation of some applications.

[Big Mac]

Originally posted by Jellytussle:
This is incorrect. A created folder has permissions set by the system umask, which by default is 022 in Mac OS X. meaning that a folder is read/write by the owner, and readable by group and everyone. You can change the umask either with tinkertool, or system-wide using the tip here. Be warned that this may affect the operation of some applications.

I have never heard of the system umask, but unless there's a miscommunication here, your post incorrect. Sub-folders certainly do inherent the permissions of their parents. Create a new folder within your Documents folder and you'll see that Group and Others have No Access. Even if the OS created every folder to be readable by Group and Others, a parent folder that had access for only Owner would override the sub-folder's permissions.

[Jellytussle]

Originally posted by Big Mac:
I have never heard of the system umask, but unless there's a miscommunication here, your post incorrect. Sub-folders certainly do inherent the permissions of their parents. Create a new folder within your Documents folder and you'll see that Group and Others have No Access. Even if the OS created every folder to be readable by Group and Others, a parent folder that had access for only Owner would override the sub-folder's permissions.

No, no they don't. Just try what you described, either in the Finder, or by using mkdir in a shell - the behaviour is as i described, i just confirmed this on 10.3.8. Are you using some kind of Finder replacement, or do you have a network home directory?

[Mithras]

Originally posted by Jellytussle:
This is incorrect. A created folder has permissions set by the system umask, which by default is 022 in Mac OS X. meaning that a folder is read/write by the owner, and readable by group and everyone. You can change the umask either with tinkertool, or system-wide using the tip here. Be warned that this may affect the operation of some applications.

I stand corrected. I thought the parent-dir rule applied to directories and the umask to files, but I was wrong. I guess set-guid is the only inherited property.

[Big Mac]

Originally posted by Jellytussle:
No, no they don't. Just try what you described, either in the Finder, or by using mkdir in a shell - the behaviour is as i described, i just confirmed this on 10.3.8. Are you using some kind of Finder replacement, or do you have a network home directory?

No, no Finder replacement, no strange installations or modifications. Maybe we're confusing each other's statements.