A shared user can have special access to your disks. […]
It’s easy to share files over a local network with macOS, including sharing a Time Machine volume with other users. However, you don’t have to allow everyone full access to your Mac or lock it out completely. The Mac allows sharing of users where you can set what they can see and do and what guest connections can access separately from their main account and other accounts on the Mac.
In macOS, there are three types of accounts through the Users & Groups settings window:
- Default, for users who do not need parent rights on the Mac, such as installing an update for macOS or installing apps for all users
- Administrator who has all necessary permissions for all tasks throughout the system
- Share only, which can only access a Mac through file sharing on the network
To create a share-only user:
- Open the “Users & Groups”settings window.
- Click the lock icon in the lower-left corner and authenticate with Touch ID-equipped Macs or by entering an administrator password.
- Click the plus sign (+) at the bottom of the user list.
- In the New Account list, select Share Only.
- Create a name to display the user under, an account name, a password, and a hint.
- Click create user.
A share-only user can be set up to have limited access to specific volumes and permissions.
Now you can use this account in the Sharing settings window:
- Open the Sharing settings window.
- In the Service list, select File Sharing.
- Select an existing shared item, such as a folder or volume, from the Shared Folders list. You can also drag an item in from the Finder or click the plus sign to select a folder or volume.
- When a shared item is selected, you can apply the shared user in the user view. Click the plus sign, select the user, and click Select.
- The user will now appear, and you can set permissions, including Read & Write, Read Only, and Write Only (Dropbox). (The last option allows someone to put objects in a folder but not see the contents of the folder.)
The changes are made when you select them. In the example shown in the figure, I created a user named “GIF User” and set that user up to allow access to Time Machine volumes on my desktop Mac. Other users on my network log in with that user’s credentials and don’t have access to other of my files, but can perform automatic Time Machine backups.
Other people on the network can connect through this account by selecting your Mac from the Locations list in the sidebar, or by clicking Go > Network in the Finder to find and double-click the entry for your Mac. You can then click Connect As in the upper right corner of the Finder window. In newer versions of macOS, you must then click Connect to continue. He then enters the credentials you provide to see the available shared volumes and folders. You can then double-click on any of these items to mount them and make them available on your Mac.
*Glenn Fleishman writes, among other things, for MacWorld.com.