Sharing a Folder or Disk by Setting Permissions in macOS Sierra

By Bob LeVitus

One way to share information from your Mac is by setting permissions in your folders. As you might expect, permissions control who can use a given folder or any disk (or partition) other than the startup disk.

Why can’t you share the startup disk? Because macOS won’t let you. Why not? Because the startup disk contains the operating system and other stuff that nobody else should have access to.

You can set permissions for

  • The folder’s owner
  • A subset of all the people who have accounts on the Mac (a group)
  • Everyone who has the Mac’s address, whether they have an account or not (guests)

To help you get a better handle on these relationships, a closer look at permissions, owners, and groups is coming right up.

Contemplating permissions

When you consider who can use which folders, three distinct kinds of users exist on the network. Here’s a quick introduction to the different user types:

  • Owner: The owner of a folder or disk can change the permissions to that folder or disk at any time. The name you enter when you log in to your Mac — or the name of your Home folder — is the default owner of Shared folders and drives on that machine. Ownership can be given away. Even if you own the Mac, you can’t change permissions for a folder on it that belongs to another user (unless you get Unix-y and do so as root). The owner must be logged in to change permissions on his folders.

macOS is the owner of many folders outside the Users folder. If macOS owns it, you can see that “system” is its owner if you select the folder and choose File → Get Info (or press ⌘+I).

Folders that aren’t in the User directories generally belong to system; it’s almost always a bad idea to change the permissions on any folder owned by system.

If you must change permissions on a file or folder, select its icon and choose File → Get Info (⌘+I) and then change the settings in the Sharing & Permissions section at the bottom of the resulting Get Info window. Don’t change permission settings if you’re not absolutely sure of what you’re doing and why. And by all means think twice before deciding to apply changes to all the items in a folder or disk; change permissions on the contents of the wrong folder and you could end up with a mess.

  • Group: In Unix systems, all users belong to one or more groups. The group that includes everyone who has an account with administrator permissions on your Mac is called Admin. Everyone in the Admin group has access to Shared and Public folders over the network, as well as to any folder that the Admin group has been granted access to by the folder’s owner.

For the purpose of assigning permissions, you can create your own groups the same way you create a user account: Open the Users & Groups System Preferences pane, click the little plus sign, choose Group from the New Account pop-up menu, type the name of the group, and then click the Create Group button.

The group appears in the list of users on the left, and eligible accounts appear with check boxes on the right.

  • Everyone: This category is an easy way to set permissions for everyone with an account on your Mac at the same time. Unlike the Admin group, which includes only users with administrative permissions, this one includes, well, everyone (everyone with an account on this Mac, that is).

If you want people without an account on this Mac to have access to a file or folder, that file or folder needs to go in your Public folder, where the people you want to see it can log in as guests.

macos-sierra-shared-folder
This group, The Outsiders, contains the Bobcat and Miss Kitty accounts.

Sharing a folder

Suppose you have a folder you want to share, but it has slightly different rules than those set up for the Public folder, for the Drop Box folder within the Public folder, or for your personal folders. These rules are permissions, and they tell you how much access someone has to your stuff.

Actually, the rules governing Shared and Public folders are permissions, too, but they’re set up for you when macOS is installed.

It is suggested that you share only those folders located in your Home folder (or a folder within it). Because of the way Unix works, the Unix permissions of the enclosing folder can prevent access to a folder for which you do have permissions. If you share only the folders in your Home folder, you’ll never go wrong. If you don’t take this advice, you could wind up having folders that other users can’t access, even though you gave them the appropriate permissions.

By the way, you can set permissions for folders within your Public folder (like the Drop Box folder) that are different from those for the rest of the parent folder.

Don’t forget that anything said about sharing a folder also applies to sharing any disk (or partition) other than your startup disk. Although you can’t explicitly share your startup disk, anyone with administrator access can mount it for sharing from across the network (or Internet).

To share a folder with another user, follow these steps:

  1. Open System Preferences.The System Preferences window appears.
  2. In the System Preferences window, click the Sharing icon.The Sharing System Preferences pane appears.
  3. Click File Sharing in the list of services on the left.The lists of shared folders and their users appear on the right.
  4. Click the + (plus) button under the Shared Folders list or drag the folder from the Finder onto the Shared Folders list to add the folder you want to share.

    If you select the Shared Folder check box in a folder’s Get Info window, that folder already appears in the list of Shared Folders, so you won’t have to bother with Step 4.Alas, although selecting the Shared Folder check box in a folder’s Get Info window causes it to appear in the Sharing System Preferences pane’s Shared Folders list, you still have to complete the steps that follow to assign that folder’s users and privileges.\

  5. Click the + (plus) button under the Users column to add a user or group if the user or group you want isn’t already showing in the Users column.
  6. Click the double-headed arrow to the right of a user or group name and change its privileges.You can choose among three types of access (in addition to no access) for each user or group. If you’re the folder’s owner (or have administrator access), you can click the padlock icon and change the owner and/or group for the file or folder.
Privileges
Permission What It Allows
Read & Write A user with Read & Write access can see, add, delete, move, and edit files just as though they were stored on her own computer.
Read Only A Read Only user can see and use files that are stored in a Shared folder but can’t add, delete, move, or edit them.
Write Only (Drop Box) Users can add files to this folder but can’t see what’s in it. The user must have read access to the folder containing a Write Only folder.
No Access With no permissions, a user can neither see nor use your Shared folders or drives.