How to Disable Public Folder Sharing in Mac OS X
If you’ve ever joined a public wi-fi network and noticed the Finder sidebar is suddenly filled with other unfamiliar computers and network shares, and then curiously clicked on one of them, you’ve probably discovered that most of these computers have a user ‘Public Folder’ accessible to you and everyone else. This folder is included with every user account in OS X, and it has very limited access which is designed to facilitate simple file sharing (it does quite well), but such a feature may become undesirable on public networks with many foreign computers. Turning off your own Mac sharing Public Folder is quite simple, and it will prevent other Mac users from having access to the ~/Public directory if they’re on the same network.
Whether or not a user public folder is visible depends on having either a guest account setup and/or OS X File Sharing turned on for the Mac. If you do not have File Sharing enabled, the users Public folder won’t be accessible in the first place.
Disable User Public Folder Sharing from a Mac
This process is basically the same in all versions of OS X:
- Go to the Apple menu and head to the ‘Sharing’ preference panel
- Choose “File Sharing” from the sidebar
- Look under the “Shared Folders” section and select the user(s) Public Folders, then choose the [-] minus button to remove it as a shared item
- Confirm that you want to sep sharing the folder “Username Public Folder” when asked by choosing “OK”
- Repeat for other “Public Folder” entries as desired, then quit out of System Preferences
The change will be immediate, and the public folder will no longer be accessible to anyone on the network who doesn’t have a specific file sharing login to your Mac.
You’ll often see this as a widely recommended security (and privacy) precaution for Mac owners who use their computers on public networks with potentially untrusted peers. It’s not that someone could gain access to your general user files (they can’t, unless you kept everything in the Public folder), but theoretically someone could copy data to that limited access folder if they wanted to by placing a file in your ~/Public directory. To offer an example of this, here is a random Mac users “[name] Public Folder” that is accessible (and empty) that was found on an open coffee shop network:
Technically, any user with sharing enabled (from a Mac or PC) could drop a file into that folder and copy it this users Mac via this folder, it’s unlikely the user would even notice. These folders are extremely common, and on almost any busy public network you will find Macs and Windows PC’s with open shared folders. Here’s an example of three such machines on a local public network seen through OS X Finder’s Networking browser:
Again, it’s important to remember the the Public directory has very restricted access by default, and even kept enabled it has strict limitations imposed. Only files that are in the ~/Public folder are accessible to users on the same network, and only that folder has read and write access from other shared users – no other data on the Mac is accessible. Additionally, many Mac users don’t even realize they have a Public folder, and thus it’s usually empty and void of content anyway. You can always check to see if you have anything stored in yours by visiting your user ~/ Home directory and opening the “Public” folder to see if anything is in there – it’s probably empty.
Not sure whether to leave it on or off? Well, Apple leaves it enabled by default when File Sharing is turned on because the folder has such limited access, and Apple is notoriously cautious with their security settings and preferences. You could always consult your networks system administrator, or, if you’re a frequent public network user, lean on the side of caution and disable it anyway. On the other hand, if the Mac is only on private networks at home, work, school, or other trusted environments, it’s probably fine to leave it enabled.
Finally, users could also selectively disable the standard AFP and SMB File Sharing option by unchecking the box in the Sharing panel when connected to public networks, but that turns off all sharing completely, not just the Public Folder.
I deleted my “User’s Public Folder” by mistake. How can I restore it?
You can also remove them from the command line with dscl:
List shared folders:
dscl . -list /SharePoints
Remove shared folders:
sudo dscl . -delete “/SharePoints/Path/To/User/Folder/”
sudo dscl . -delete “/SharePoints/Your\ Name’s\ Public\ Folder”
I think a much better idea is to disable file sharing and enable it when needed… The public folder with a dropbox is a perfect sharing combination.
I’m surprised that Apple leaves this enabled by default as it does pose an indirect security risk. If someone really wanted to, they could copy all sorts of junk into that folder.
Or if someone wanted to be a real jerk, they could pipe the output of the ‘yes’ command into a file over on someones public folder and fill up their hard drive, basically crashing the computer since OS X relies on swap heavily.
yes > /network/share/User\ Public\ Folder/diskeater.txt
while true; do echo yes; done >> /network/share/User\ Public\ Folder/diskeater.txt
I haven’t tested this but I don’t see why it wouldn’t work, so I say everyone turn it off if you don’t trust your network!