[angelmb]

Scenario as follows:

- main hard disk (A) running Tiger 10.4.8 with two user accounts, being AMB my user account name,

- a second hard disk (B) with Tiger 10.4.8 installed with the same AMB main user account name, it was a fresh installation, no Mac OS X Tiger Setup Assistant used.

It seems that even when both OSes are installed on different hard disks, the computer behavior is not that correct… it is like there is only one AMB user:

1)
AMB user from B hard disk can read-write-whatever any folder belonging to the AMB user on A hard disk.

AMB user from A hard disk can read-write-whatever any folder belonging to the AMB user on B hard disk.

A different user from A hard disk can not read-write any folder belonging to the AMB user on A and/or B hard disk.

2)
Spotlight set-up on the first hard disk does reflect changes made on the second hard disk Spotlight System Preferences… let's say I don't want B's Tiger to do any search on A hard disk, OK, I just add A hard disk icon to B's Spotlight System Preferences… Once I go back to A's Tiger I can see how its Spotlight System Preferences have included A hard disk to being excluded for any Spotlight search.

Needless to say by 'bad idea' I didn't mean our fellow german macnner member…

[Art Vandelay]

It doesn't have anything to do with the user name but the user id number. The first account created on OS X has an id of 501. So, anyone with an id of 501 can access anything that has permissions for 501.

So everything is behaving correctly, just not as you intended.

[angelmb]

Thanks Vandelay, that is the kind of answer I was looking for.

I wonder how safe is such behaviour, if someone would like to access my files he would only need to attach an internal or external drive and once it does boot Mac OS X as first account from it, he would be able to get access to my files… did I miss something?

[Tomchu]

Look, if someone has physical access to your computer, *all* security can and will be compromised anyway.

You shouldn't be relying on filesystem permissions to secure your data if your computer is physically accessible by other people.

[Art Vandelay]

Originally Posted by angelmb 

Thanks Vandelay, that is the kind of answer I was looking for.

I wonder how safe is such behaviour, if someone would like to access my files he would only need to attach an internal or external drive and once it does boot Mac OS X as first account from it, he would be able to get access to my files… did I miss something?

That is correct. However, if anyone can get physical access to your machine, all bets are off. There are many ways to gain access to data if you have physical access. The only way to protect your data in that scenario is encryption.

[chris v]

Originally Posted by angelmb 

Thanks Vandelay, that is the kind of answer I was looking for.

I wonder how safe is such behaviour, if someone would like to access my files he would only need to attach an internal or external drive and once it does boot Mac OS X as first account from it, he would be able to get access to my files… did I miss something?

oops, missed the point. Never mind.

[romeosc]

Originally Posted by chris v 

oops, missed the point. Never mind.

The second drive is basically a clone of your original drive. You can disable the ability of another person booting off an external drive. You can go to preferences and select startup disk and lock with password.

[Art Vandelay]

Originally Posted by romeosc 

The second drive is basically a clone of your original drive. You can disable the ability of another person booting off an external drive. You can go to preferences and select startup disk and lock with password.

That just makes you authenticate whenever you go to System Prefs. It doesn't stop someone from booting from another drive or using Target Disk Mode. A firmware password is required for that, but if they have physical access then they will still be able to do whatever they want. Like I said before, only data encryption will prevent access.

Btw, using the lock in System Prefs doesn't prevent settings from ever being changed. It just makes you enter a password in System Prefs. One can still change things via the Terminal, etc. It's not the same thing as locking a file in Get Info.

[angelmb]

Thanks all, "funny" thing is that it is not about anyone getting access to my files but quite the opposite… recently a friend did ask me about recovering all data as being possible from his hard disk, I installed it onto my Mac and was able to recover something like 25 GBs worth of data, some of them I wish I had never saw…

Enough, I don't want to derail the thread…

[badidea]

Originally Posted by angelmb 

Needless to say by 'bad idea' I didn't mean our fellow german macnner member…

I already wondered why you post a thread about my computer setup!

[CharlesS]

Originally Posted by angelmb 

Spotlight set-up on the first hard disk does reflect changes made on the second hard disk Spotlight System Preferences… let's say I don't want B's Tiger to do any search on A hard disk, OK, I just add A hard disk icon to B's Spotlight System Preferences… Once I go back to A's Tiger I can see how its Spotlight System Preferences have included A hard disk to being excluded for any Spotlight search.

The reason for that, if I understand correctly how Spotlight works, is that the setting not to search a particular folder is stored in the folder itself rather than in your OS's settings. So if you set hard disk A not to be searched, the setting gets stored in hard disk A itself, so it won't get searched whether you boot from hard disk A, hard disk B, or something else.

[angelmb]

Originally Posted by badidea 

I already wondered why you post a thread about my computer setup!

Don't know for sure, maybe because it is placed on the wrong side of the river Elbe ?