Re: I messed with "ignore ownership on this volume" and got burned...
- From: raggio <raggio.nospam@xxxxxxxxxxxxx>
- Date: Sun, 5 Feb 2006 15:28:24 -0500
On 2006-02-05 05:29:50 -0500, me@xxxxxxxxxxxxxxxxx (Seth) said:
raggio <raggio.nospam@xxxxxxxxxxxxx> wrote:Not so fast. I then tried to click the ignore option as a non-admin. It let me check it without prompting for an admin password and then I was able to access the directory. When I tried to uncheck the item I was then prompted for an admin password. I think this is a bug.
I agree, but Apple seems to think it's a "feature." I submitted a bug report about this way back in the Panther days and it hasn't been addressed.I think the admin check should be there for either option, but at a minimum I think they got it backwards. Am I wrong?
Again I agree. I think unprivileged users being able to override permissions settings to get r+w access to a whole volume is a big security concern but Apple doesn't seem to think so. Until they do we've just got to live with it.
Is there a work around? Granted, my kids won;t be able to figure all this out and get into the folder, but I would also like it to work correctly.
No, the only way to lock your kids out of a directory inside the FW drive is to lock them out of the entire drive. If you specify "No Access" to the drive, then the drive will not appear on their desktop, so there's no Ignore Ownership box for them to check. If they have read-only access to the drive then they can check the Ignore Ownership box and get full read-write access to the whole thing, overriding all permissions settings.
Actually, there is ONE way to manage access to FW drives through Simple Finder accounts. Go to System Prefs -> Accounts -> Parental Controls -> Finder & System and check the Simple Finder box for your kids' accounts. Then go to your FW drive, and find the folders to which you want the kids to have read access. Put aliases of those into /Users/Shared on your boot volume. Your kids can then read those files and be locked out of the rest of the FW drive. This is what I do with my kids' accounts. My kids are young so Simple Finder works just fine for them. If your kids are older, and already used to standard accounts, they might protest this.
Seth, thanks for the response. I thought I was losing it when I first figured out was going on. Glad to see I understood it correctly. If I do the alias trick described above will my kids be able to play a subset of mp3 on the FW drive that I added to their iTunes library? BTW, is the best way to share a subset of my mps with them? I basically added tracks to their library making sure to uncheck copy files to the itunes library.
Thanks,
John
.
- Follow-Ups:
- References:
- Prev by Date: Re: SSHD reconfig
- Next by Date: Re: A new Switcher
- Previous by thread: Re: I messed with "ignore ownership on this volume" and got burned...
- Next by thread: Re: I messed with "ignore ownership on this volume" and got burned...
- Index(es):
Relevant Pages
|
