Sharing Root ColorSync dir between all users

orionrush · 08-10-2012, 11:57 AM

Here is the situation, Multi user environment, where each user needs to share a common pool of monitor profiles, printing profiles etc. I've exchanged the ~/Library/ColorSync path for each user with a symbolic link to /Library/ColorSync. Users however, (not unexpectedly) cannot read and write to that folder and need to.

Is it inherently a bad idea to change the permissions for /Library/ColorSync directory so that user accounts have read - write - execute permissions?

While color profiles are not an ideal vector for malicious activity, could having read write and execute permissions set for non admin users, on a root directory risky?

Im unsure what the unix permission and group settings would be for this - any help there would be much appreciated.

Would enabling 'sharing' on the /Library/ColorSync with "Unknown User" set to "read and write" be another way to solve my problem?

Thanks so much in advance for reading and sharing your experience.

(Sadly OS X 10.4.11 Mixed PPC and Intel boxes)

mclbruce · 08-11-2012, 12:43 PM

When you say share, do you mean the users must be able to add and remove the profiles? I'm guessing the answer is yes.

I don't think that opening up the ColorSync directory to other users on the same computer would be dangerous. To change permissions, do a "get info" on the ColorSync folder in the Finder. At the bottom of the panel under Sharing and Permissions, change "everyone" to Read and Write.

I'm not on 10.5, but enabling "sharing" in System Preferences is usually for people on other computers, not those on the same one.

orionrush · 08-16-2012, 04:21 AM

@mclbruce yes you guessed correctly - add and remove profiles is the goal.

Setting sharing to 'all' read and write is probably best as all the users should be able to edit these profiles.

I was experimenting with creating a new group, adding the directory to that group with read and write permissions and then adding users to that group as they are created.

It works just fine, though I think its an other administrative step, one more thing for me to remember when creating new users, so probably not ideal

Thanks for the help

mclbruce · 08-18-2012, 01:00 AM

Quote:

Originally Posted by orionrush


	Setting sharing to 'all' read and write is probably best as all the users should be able to edit these profiles.

I think that's simplest and not much of a security risk. Throw an alias on the desktop of each user or put the folder in the sidebar, and you're done with it.

08-10-2012, 11:57 AM	#1
orionrush Prospect Join Date: May 2009 Posts: 3	Sharing Root ColorSync dir between all users Here is the situation, Multi user environment, where each user needs to share a common pool of monitor profiles, printing profiles etc. I've exchanged the ~/Library/ColorSync path for each user with a symbolic link to /Library/ColorSync. Users however, (not unexpectedly) cannot read and write to that folder and need to. Is it inherently a bad idea to change the permissions for /Library/ColorSync directory so that user accounts have read - write - execute permissions? While color profiles are not an ideal vector for malicious activity, could having read write and execute permissions set for non admin users, on a root directory risky? Im unsure what the unix permission and group settings would be for this - any help there would be much appreciated. Would enabling 'sharing' on the /Library/ColorSync with "Unknown User" set to "read and write" be another way to solve my problem? Thanks so much in advance for reading and sharing your experience. (Sadly OS X 10.4.11 Mixed PPC and Intel boxes)

Thread Tools
Show Printable Version Email this Page
Display Modes	Rate This Thread
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode	Rate This Thread:

08-11-2012, 12:43 PM	#2
mclbruce Hall of Famer Join Date: Mar 2002 Posts: 3,870	When you say share, do you mean the users must be able to add and remove the profiles? I'm guessing the answer is yes. I don't think that opening up the ColorSync directory to other users on the same computer would be dangerous. To change permissions, do a "get info" on the ColorSync folder in the Finder. At the bottom of the panel under Sharing and Permissions, change "everyone" to Read and Write. I'm not on 10.5, but enabling "sharing" in System Preferences is usually for people on other computers, not those on the same one.

08-16-2012, 04:21 AM	#3
orionrush Prospect Join Date: May 2009 Posts: 3	@mclbruce yes you guessed correctly - add and remove profiles is the goal. Setting sharing to 'all' read and write is probably best as all the users should be able to edit these profiles. I was experimenting with creating a new group, adding the directory to that group with read and write permissions and then adding users to that group as they are created. It works just fine, though I think its an other administrative step, one more thing for me to remember when creating new users, so probably not ideal Thanks for the help