I just realized that my home folder (/HD/Users/Bob) has Everyone 'ReadOnly' permissions set at its root level.
If I browse this folder from another account, I can view the folders, but I'm not allowed to open the standard OS X folders (Desktop, Documents, Music, Movies, etc…). However, I have created a few folders on the root level of my home folder, and those ARE accessible to this other user. They can open folders, and open some of the documents with ReadOnly access.
Is anyone else seeing this? Is this a standard configuration, or is my Mac screwed up? This seems like a security hole to allow users to access files of other users on the system.
I'm running a fairly clean build of Yosemite 10.10.1 – this was installed about a month ago. I restored my old files from a hard drive. They were not restored via Time Machine
Best Answer
This is the standard permissions configuration and has been around since the beta days of Mac OS X when Unix underpinnings were established for Apple’s new computer OS.
The root of your home folder is global read, but standard macOS folders within such as Desktop and Documents should be global no access. Feel free to set the permissions of other folders which you create in the root of your home folder to match the permissions on the standard folders.
If you wish new folders to, by default, be global no access, change the permissions on the root of your home folder, propagate the permissions recursively and set up ACLs to inherit permissions for new folders, however I am unsure as to any effects this may have.