Saturday, December 06, 2014

OS X - moving files between users on one machine - how Apple expected this to work (13 years later)

I think my first version of OS X was 10.1 - “Puma” - probably in the fall of 2001, at the dawn of the Forever War. I certainly remember Jaguar.

OS X had roots in BSD Unix, so it was naturally multi-user with UNIX style permissions from the start. The multi-user bit has worked well, the permissions bit not quite so well. Windows style permissions have always been less troublesome than Mac/Unix permissions.

Maybe that’s why it has taken me 13 years to figure out how to share files between users without having to geek-out and explicitly change permissions (which is what I’d always done). Note that I have always kept a single admin user account separate form the accounts I and other family members use and my personal account is non-admin (which partly breaks Google software btw, Google expects Mac users to be admins) [2].

It goes like this:

  1. Ted logs into Ted account.
  2. Ted creates a folder in /Users/Shared with files for Alice.
  3. Alice logs into Alice account.
  4. Alice copies folder from /Users/Shared to Alice Desktop.

This is what’s happening to permissions…

  1. The folder in Shared, and all files in that folder, are Read & Write for Ted, Read only for everyone else.
  2. After the copy operation, the folder and files on Alice’s desktop is Read & Write for Alice, Read only for “everyone” [1].
Note Alice can’t delete the folder in /Shared, only Ted or an Admin can do that. (Since most Mac users run as Admin they don’t know this.)
 
There you go, it’s documented at last. Not that many people will ever need to know! Most Mac geeks run as admin, so they can probably work with the Shared folder directly.  Or, more often, they just use Google Drive or Dropbox to share files [3]. Non-geeks don’t even see the Shared folder — Apple has deprecated its use in Mountain Lion and later; Apple expects file share to be mediated by iCloud rather than a local file system.

- fn -

[1] Except for OS X veterans who have been infected by Apple’s “fetching forever” viral bug. We get someone else called “Fetching” with Read Only access.

[2] This has worked well for me, and I like the extra security layer it provides. It’s also a quick test of cruddy software — if the app won’t run well without admin privileges it’s a shoddy app. Google’s software is the annoying exception - a shoddy bit of Mac software I use anyway.

[3] We are a Google Apps centric family, so we share with Google Drive.

No comments: