If you add your boot drive to the network filesharing list of shares, the option to set the privileges for class "everyone" to "no access" is disabled.
Can anyone explain why? Or how to enable it?
According to this thread, authenticated users always have privileges to their home dirs, and authenticated admins always have privileges to the whole disk. So in some sense, adding the whole disk and disabling nonauthenticated users is redundant; you could just delete the share if that's the behavior you want. But what if you want more fine grained access for some groups, but still no read access for unauth'ed users? It seems impossible to accomplish this.
Also it seems rather arbitrary that the OS restricts that authorization option for network sharing, given the fact that the system will happily remove filesystem permissions from the boot disk, making the system unbootable. You'll let me wreck my boot disk making the entire disk unreadable to world, but you won't do the analogous but innocuous for network shares? Can anyone account for that?
Best Answer
It's not innocuous. The permissions you're seeing (and controlling) in the Sharing preference pane are the regular filesystem permissions, not some separate sharing-only permissions. Setting the permissions here to Everyone: No Access would deny all users (other than root) access to the entire volume, thus rendering your Mac unbootable. This seems like a good enough reason to prevent you from doing it.
You could ask why the Finder does allow you to do this, but I don't think there's any particularly deep answer. It's impossible to block all possible destructive actions, so inevitably Apple will have chosen some to block and not bothered with others.