I have a folder with about eight sub folders which contain about seventy folders containing about 10,000 files. I want to give students read access to the files, but want to prevent them from accidentally or maliciously deleting the files. Although my admin account is listed as the "owner" of the top level folder and all of its sub-folders and contents, a student with an admin account of their own can drag one of these files to the trash and delete it by using their admin privileges. Is there any way to prevent this? Can permissions be set at a root level that would prevent deletion without running a terminal command?
MacOS – El Capitan folder permissions to make admin accounts read-only
command linemacospermission
Related Question
- MacOS – Mavericks: User no longer owner of Home folder and content
- MacOS – Home folder has ‘everyone’ Read-Only permissions
- MacOS – Merge several folders, but keep only the newest file when conflicts are encountered
- MacOS – How to set No Access (restrict) permission to a user on a folder
- MacOS – Allow user to SSH to the Mac, but sandbox the account
- MacOS – Can’t access entirely shared HDD on Windows Server
- Lost admin privileges on user account during rename, trying to access data from that user account
Best Answer
No. Admin accounts can modify any ACL or permission you make to keep them out.
I would consider placing the files on a file server and control access over file sharing (where your account is the only admin) or remove admin permissions from the accounts that cannot be trusted to not be malicious or careless.