2

I would like to share this between two users on my Mac. Specifically, I would like the encrypted image to be under user1's Documents directory but allowing user2 to open and modify it.

I know that MacOS is a Unix variant. In Linux/Unix I would create a group and add the two users belong that group and make the shared files rw-accessible by that group. I can do this from the command line. Is this the best approach on Mac as well? I was looking for clues under the "Users & Groups" setting under "System Preferences" but I couldn't understand it. There are groups in there that I don't see in /etc/group.

bmike
  • 235,889
Stephen Rasku
  • 342
  • Access permissions (your second paragraph) are not the same as encryption. Are you looking for ways to give several users access to the same files/directories or do you want to encrypt files? – nohillside Jun 17 '22 at 15:33
  • I want to give several users access to a certain file. It happens to be an encrypted image. As I mentioned, on Linux/Unix I would just add the two users to the same group and set the file to use that group. I was wondering if there is a better way to do this on MacOS. I apologize if this was confusing. – Stephen Rasku Jun 17 '22 at 17:42

1 Answers1

3

The preferred way, in macOS, to share files is to create a directory in /Users/Shared and place the files in that directory. And, of course, give that directory and the enclosed files (in this case an encrypted image) the permissions you require to give the two users r/w access.

Whilst you can give user2 access to files in user1's home folder, this can get messy as default permissions do not, for example, allow world read of "Documents" folder. Further, these folders are subject to special privacy protection rules in addition to regular file permissions. So do use /Users/Shared.

You also need to consider the permissions of file and folders inside the encrypted image. Since the two users are the only ones with access to the image and, presumably, know the encryption password, the easiest way to manage these permissions is to ignore permissions on the volume.

All of these changes can be made in Finder's Get Info (Command-I) windows. But if you really want or need to set POSIX permissions at the command line, have at it.

The GUI way to create and manage groups is to use "Users & Groups" setting under "System Preferences".

Create the group using the + at bottom left (after unlocking with your administrator password). Give the group a name and add members.

Two points:

  1. Ignore what is in /etc/group, except to avoid duplicating any name with your new group.
  2. Do not use standard Linux commands to manage groups and users.

The new group can then be used with folder and file permission using Finder's Get Info (Command-I).

Gilby
  • 10,852
  • You don't even need to create a group for this; you can grant access to additional users directly in the Get Info window (this is implemented via ACLs). Also, another reason to avoid using the Documents folder for this is that it's now considered "private", and is subject to special privacy protection rules in addition to regular file permissions. – Gordon Davisson Jun 18 '22 at 01:57
  • 1
    @bmike So as to not confuse the external permissions on images with those on the volume inside, I have reworked/expanded your edit and my early paragraphs. – Gilby Jun 18 '22 at 04:22
  • @GordonDavisson I put in a sentence with the spirit of your comment about privacy protection rules (but without the detail) when reworking the first few paragraphs. I have stuck to groups (as in the question), but I agree that a group is a bit overkill for just 2 users. – Gilby Jun 18 '22 at 04:26