Default file-sharing behaviors in OS X

If you enable file sharing in OS X, you may see a number of available share points when you connect to your Mac, which might have some people concerned about the Mac being too accessible by default.

Topher Kessler MacFixIt Editor
Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.
Topher Kessler
2 min read

When establishing a file-sharing connection to your Mac from a different computer, the system may display a number of available items to you, which include all hard drives and your home folder in addition to various shared folders you may have enabled. This can leave new OS X users confused about why the system appears to be so open and accessible, and may cause concern about the security of files in OS X.

OS X has three default share-point locations:

Sharing and access permissions can be set for any folder in its information window.
  1. Filesystem roots: The root (base folder) of any locally mounted filesystem is available through file sharing; however, it is only available to the system's administrator accounts.

  2. Current user's home directory: The home directory associated with the credentials supplied for the log-in session will be shown. This gives a user full access to the default locations for that user's files. This is available to any user who has a local account on the system.

  3. Public folders: Each account will by default have a public folder associated with it. This folder will be viewable by everyone, which includes all local user accounts and the guest user account, or a specialized "Sharing Only" account, which can be created in the "File Sharing" system preferences, or in the "Accounts" system preferences.

With this setup, by default accounts that are administrative accounts will be able to access all files on the system, as they can access the roots of each mounted hard drive. While this may make the number of shared items appear large, keep in mind that this is because you are accessing the system with elevated privileges. Any user account that is not an administrator will see only that account's home folder and the public folders from other accounts on the system.

If you want to add custom shared folders, you can do so by enabling this feature either in the File Sharing section of the "Sharing" system preferences, or by getting info on a folder and enabling sharing. By default new shared folders you create will be given access permissions that are the same as their permissions in the Finder, which usually are that you get to read and write, but everyone else only gets to read (permissions may be inherited from parent folders). Be sure to check the permissions for a new shared folder to ensure that the proper and desired access is set up.

Keep in mind when interpreting the "Everyone" group that it applies to all users on the system and not everyone in the world. If you do not have the guest account enabled then "Everyone" is fairly restricted and will require proper authentication for access; however, if you do enable the guest account then shared files and folders that allow "Everyone" access will be open to anyone on the system.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.