How to create a sharing-only user in macOS to limit access
[ad_1]
It’s easy to share files across a local network with macOS, including making a Time Machine volume available to other users. However, you don’t have to let everyone have full access to your Mac or completely lock them out. The Mac allows for sharing-only users that let you shape what they can see and do separately from your main account and other accounts on a Mac, as well as what guest connections may access.
In macOS there are three kinds of accounts via the Users & Groups preference pane:
- Standard, for users who don’t need higher-level permission on the Mac, like installing an update to macOS or installing apps for all users
- Administrator, who have all necessary permissions across the system for all tasks
- Sharing Only, who can only access a Mac via file sharing across a network
To make a Sharing Only user:
- Open the Users & Groups preference pane.
- Click the lock icon in the lower-left corner and authenticate yourself with Touch ID on equipped Macs or by entering an administrator password.
- Click the plus (+) sign at the bottom of the user list.
- From the New Account list, select Sharing Only.
- Create a name by which the user will be displayed, an account name, password and hint.
- Click Create User.
Now you can put this account to use in the Sharing preference pane:
- Open the Sharing preference pane.
- Select File Sharing in the Service list.
- Select an existing shared item, like a folder or a volume, in the Shared Folders list. You can also drag an item in from the Finder or click the plus sign to select a folder or volume.
- With a shared item selected, you can apply the shared user in the Users view. Click the plus sign, select the user, and click Select.
- The user now appears, and you can set permissions, which include Read & Write, Read Only, and Write Only (Drop Box). (The last item lets someone drop items into a folder but not see the folder’s contents.)
Changes take place as you select them. In the example shown in the figure, I created a user named “GIF user”, and set that user up for allowing access to Time Machine volumes on my desktop Mac. Other users on my network log in using that user’s credentials and have access to no other of my files, but can perform automated Time Machine backups.
Other people on the network can connect via this account by selecting your Mac in the Locations list in the sidebar or choosing Go > Network in the Finder to find and double the entry for your Mac. They can then click Connect As, in the upper-right corner of the Finder window. In more recent versions of macOS, they then need to click Connect to continue. They then enter the credentials you provided to see available shared volumes and folders. They can then double click on any of those items to mount them and make them available on their Mac.
Ask Mac 911
We’ve compiled a list of the questions we get asked most frequently along with answers and links to columns: read our super FAQ to see if your question is covered. If not, we’re always looking for new problems to solve! Email yours to mac911@macworld.com including screen captures as appropriate, and whether you want your full name used. Not every question will be answered, we don’t reply to email, and we cannot provide direct troubleshooting advice.
[ad_2]
Source link