How to adjust hard-drive permissions in OS X

While the only Mac systems that have user-accessible drive bays are Apple's Mac Pro line, some systems such as the Mac Mini and iMac have options to include multiple hard drives. Additionally, you can attach numerous USB or FireWire hard-drive systems to any Mac if needed, to give it additional storage capacity. While this is convenient for single-user machines, there may be instances where on a system with multiple users you may wish to limit access to a drive.

Ultimately, hard-drive storage is just a mount point on the system, which means that the directory tree of the drive is rooted in a specified folder on the boot drive (the "root" filesystem), so it has a file path through which you can access its contents from the boot drive. In essence, you can envision this boot-drive setup as being like a tree that branches out from the system "root" to include all aspects of the filesystem. This comprises not only the files and folders on the drive itself, but also other hard drives and network resources that are attached to the system. With all of them organized on the same tree, it is easy for the system and user to navigate up and down the tree and manage files. It is also easy to apply the same permissions scheme to allow or deny access to a specific user or group on the system.

In the case of hard drives, the mount point for a secondary drive will be created in the hidden "/Volumes" folder that is located at the root of the boot volume. These folders are then shown as the specific hard drive in the Finder sidebar, or on the desktop, but technically you could go to the hard drive's mount point (which appears as a folder), get info on it, and adjust access permissions there. To see this structure, choose "Go to folder" from the Finder's Go menu and enter "/Volumes" in the field (minus the quotes). When entered, the system will open a Finder window that shows you the hidden Volumes directory and the hard-drive mount points within it.

Note that within this directory the boot drive is shown as an alias, but secondary drives attached to the system are shown as folders with a relevant hard-drive icon (such as generic internal or external, or Time Machine). Accessing these drives and getting information on them can also be done from the This Computer section of the Finder (the "top level" of the Finder's organization) or from the desktop.

Ultimately it is not the drive itself that you are allowing or denying access to, but rather it is this mount point in the filesystem tree that you will be allowing or denying specific users access to whenever you set permissions on a specific drive. Do not change the permissions of the /Volumes folder itself, but you can change the permissions of drive folders within it. Just get information on the specific drive, and then adjust the permissions in the Sharing & Permissions section of the info window to limit access. While you can change the owner of the drive (the top user in the permissions list), if this is set to "system" then you do not need to alter it since that will not affect any users on the computer. To limit drive access to specific people, set the "Everyone" permissions on it to "No access" and do the same for the group (right above "Everyone"; it should be either "admin" or "wheel"). Optionally, you can remove the group entry on the drive.

The next step is to click the plus button, add a user account, and then give that account either access or no access to the drive. To simplify things, you can also create groups of users in the Accounts system preferences and then add them to the drive's permissions list to either allow or deny them access. To do this, go to the Accounts system preferences and click the plus button to create a new group. Name the group (such as "Parents," "Kids," or "Faculty") and then add the users you want to it. Then go back to the hard drive's info window, add the group to the permissions list, and give it the access you desire.

When done, the specified users and groups should now no longer be able to access the drive if you do not want them to. It is important when doing this to set the Everyone group to "No access," since giving everyone access may override specific user permissions that you set up.

Warning: While using permissions to govern access to hard drives can be useful, be sure you do not adjust the permissions for any boot drive on your system. Doing so may prevent the system from starting up, or break the default file sharing behaviors of the system. If you have altered your boot drive's permissions and are experiencing problems, you should be able to correct the issue by booting off your OS X installation DVD and running a permissions fix on the boot drive with Disk Utility.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.