User profile for user: SneakyJoeRu
SneakyJoeRu Author
User level: Level 1
12 points

How do I assign different permissions to three users for Samba shared directories on macOS?

File Sharing (Samba) requires "allow full disk access for all users" in order to show internal content of shared directories, overriding read only/no access, and not allowing any permission management in essence

I've been dealing with this issue for a long time. I have multiple shared directories and need to assign different permissions to three users:

User 1: Should only see and write to one specific directory.

User 2: Should have read-only access to three directories.

User 3: Should have write access to all directories except for the one assigned to User 1 - User 3 must not even see this directory as shared.


When I set everything up in file sharing, the only way to access the files by any user is by enabling "allow full disk access for all users." If I disable this option, the directories appear empty when I try to connect using SMB with any of 3 users. However, if I enable it full disk access, all users get full access to all shared directories, which makes the permission/user settings seem pointless.


I also went into the options and enabled Windows file sharing for all three users with their passwords. but to no luck.


I did post about it on several places, but Apple seems to not care about their Samba implementation. I'd really want them to fix it at last...



[Re-Titled by Moderator]

Mac mini

Posted on Apr 29, 2025 3:55 AM

Reply
4 replies
User profile for user: Barney-15E
Barney-15E
User level: Level 10
122,144 points

Apr 29, 2025 4:11 AM in response to SneakyJoeRu

Yes, that is true. It’s been that way since Sequoia was released.

Contact Apple to let them know it needs to be fixed.

There is also the problem of the logged in user still maintaining access even when disconnecting and connect as… some other user. You have to test access from a device that isn’t logged on with an account with same credentials as account on host in order to see the true access.

For instance, if you are logged into User-A on the client Mac, and you have User-A account on the host, you will always be connected (automatically) as User-A even if you disconnect and reconnect as User-3.


• User 3: Should have write access to all directories except for the one assigned to User 1 - User 3 must not even see this directory as shared.

You would need to put that share inside a sub-folder that is not readable by User-3 nor any groups User-3 is a member. In other words “disconnect” doesn’t actually disconnect the logged in client account.

Reply
User profile for user: Barney-15E
Barney-15E
User level: Level 10
122,144 points

Apr 29, 2025 4:24 AM in response to SneakyJoeRu

SneakyJoeRu wrote:

If not through their forums here, how else am I supposed to let them know?.

https://getsupport.apple.com/

None of us work for Apple. We are just volunteers.

They also have issue when I go into "get info" for shared directory and chose "shared" as an option, it tries to pull some non-existent groups for forever...

Yeah, I wouldn’t use that. It creates ad-hoc Access Control Lists to set up the sharing. None of the sharing UI is designed for someone who wants to set up some sort of file server and control access to multiple users and shares.

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

How do I assign different permissions to three users for Samba shared directories on macOS?

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up