Why is my Hard Drive and User folder shared when I turn on osx file sharing?
I decided to try file sharing on a mac mini, and noticed something odd. When I go to settings > Sharing, and enable File Sharing, then add ~/Shared
. Now ~/Shared
is the only item listed.
When I go to another mac, find the shared device in Finder, and "Connect As" and login with my username & password for the mac mini, then I see the Hard drive is shared, my user folder ~/
is shared, and the ~/Shared
.
If I right click on ~/Shared
and goto "Get Info" I see that the "Shared folder" checkbox is checked, but for the hard drive and my user folder it is not checked. These two folders are also not listed in the Settings > Sharing area...
Is this just default behaviour? If so, why is that and how is it useful? And, is this stated by apple anywhere?
Solution 1:
Prior to Mac OS X Lion, Mac OS X Client came with SAMBA Server and Client and what you defined to share was all that was shared. Since Mac OS X Lion, and continuing with OS X Mountain Lion and other releases of OS X, SAMBA has been replaced with SAMBX due to SAMBA moving to GPLv3. As a result SAMBA is basically broken in the OS since 10.7. The Mac OS X 10.7 Server and OS X Server going forwards does have some finer sharing controls not present in the Client version of the OS.
As a result of these changes the Macintosh HD and User's Home folders are automatically shared for them as an Administrative User and only the Home folder as a Standard User, in conjunction to what one chooses to share in System Preferences > Sharing > File Sharing.
To see the additional shares including what's defined in System Preferences > Sharing > File Sharing and what's not defined there. In a Terminal, the output below shows what's shared for me as an Administrative User and only sharing a folder named Temp in File Sharing. With File Sharing enabled in System Preferences > Sharing, just copy and paste the following command into Terminal and press Enter: smbutil view //$USER@$HOSTNAME
$ smbutil view //$USER@$HOSTNAME
Password for $HOSTNAME:
Share Type Comments
-------------------------------
Temp Disk
IPC$ Pipe
Macintosh HD Disk
$LOGNAME Disk
4 shares listed
$
If you do not want those shares exposed then do not turn on File Sharing via normal System Preferences and instead install SAMBA and manually configure file sharing yourself.
Solution 2:
Yes, this is the default behavior. Apple describes this in Settings > Sharing:
File Sharing allows other users to access shared folders on this computer and allows administrators to access all volumes.
I cannot say why they decided to choose such insecure defaults, but you can change it in Terminal.app with:
$ sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server VirtualAdminShares -bool NO
$ sudo defaults write /Library/Preferences/SystemConfiguration/com.apple.smb.server VirtualHomeShares -bool NO
After that, restart the SMB server:
$ sudo launchctl unload -w /System/Library/LaunchDaemons/com.apple.smbd.plist
$ sudo launchctl load -w /System/Library/LaunchDaemons/com.apple.smbd.plist