I want to create a standard (non-administrator) user on my Mac, and ensure that they cannot access my files.
Does the following make sense, and will there be any adverse consequences?
sudo launchctl config user umask 077
(when creating new files and folders, ensure group and others can't see them)
chmod -R go-rwx ~
(for existing files and folders in my home folder: remove read, write and execute permissions for group and others)
In particular, I'm worried about:
- Messing up any extended permissions
- Whether it's OK to alter permissions on my
~/Library
and~/Applications
and~/Applications (Parallels)
and~/tmp
folders - Is there anything outside of my home folder I need to think about protecting?
Is there anything I'm missing, before I try this and potentially brick my system?
I'm actually shocked that what I've described above is not the default configuration for MacOS, as it would prevent different users from seeing each others' files.
Best Answer
macOS by default sets the permission on the standard directories (Documents, Pictures, Music, Library etc) to
0700
. If this somehow got changed you can easily runto fix it. And of course you can use the same command to change the access rights for other directories as needed.
To also protect any dot files etc you can also run
In any case you don't need to specially treat subfolders if the parent folder is already protected.