Where to save files that can be read/write accessed by multiple user accounts (non-sandboxed)

Frankly at this point I'm open to using the NSUserDefaults system, but looking into that further it seems there too I can't store anything that's shared between multiple user accounts. Is this for real? Apple, what is your freaking problem?!

The gist of it is that I'm trying to store a registration code for my app so that if there are multiple user accounts on a machine, they don't each have to re-enter the registration code (say, for example, in a computer lab). I feel like one of the reasons Apple has recently made this next to impossible is that they're trying to force app makers to only distribute apps through the Mac App Store.

If you're trying to store the file in Application Support, try doing it the correct way: use FileManager's "URLsForDirectory:inDomains:", specifying NSApplicationSupportDirectory and NSLocalDomainMask to get the shared location.

The only problem I can foresee is that you might not have permission to create a subdirectory there because of SIP. If it still fails, you should report back with the actual error (domain, code and text of the NSError). Without knowing what the error is, no one can really advise on a course of action.

Appreciate the repsonse, but as noted above I'm not actually hard-coding these paths, I'm using the API you mentioned to get the proper folder (/Library/Application Support) - sorry for the confusion, I just put the hard-coded paths in my example code to try to make it easier to read. The error is a permissions error - Apple no longer gives write access to /Library/Application Support, only to ~/Library/Application Support (i.e. the user-specific version that is inaccessible to other users). I'm just looking for a place to write to that can be accessed from any user on a machine. Thanks.

Hello Jamchild,

This is not an Apple-specific problem. Any decent OS in the past couple of generations will have compartmentalization of accounts and different levels of privilege. /Library is only writeable by root. You have to overcome that somehow. Even if you assume it is overcome, then how are you going to deal with multiple users potentially accessing the same files or folders at the same time? Apple generally assumes that Macs have on only a single account per machine. If they have more, then it assumes people are using the Mac App Store which handles software registration by user. Is Apple's assumption invalid? Do you really expect to have multiple users per machine? Realistically, how many of your users would ever be inconvenienced by having to enter a registration code multiple times for multiple users?

If you still want to go through with it and support a lab environment, how user friendly do you need it to be? I assume a lab would have an IT staff to handle these things. Can't you just ask them to run a manual script to install your license file? Your software can read a license file in either /Library or ~/Library, but you don't really need to deal with writing to /Library.

And if you really want to support a lab environment, maybe you need a full-fledged license manager.

If worse to comes to worse, and you want to support a lab environment run by PC IT staff would don't even know how to turn on a Mac, you can always hack it up with a shell script and AppleScript using "with administrator privileges". I can tell you exactly how to do that and give you an example.

But my official recommendation is to support reading either /Library or ~/Library but only support writing to the user folder. Anyone who wants more than that can ask. If they need extra help, you can write a stand-alone Applescript installer.

Whether you like it or not, a file accessible to all users is a security hole (because malicious code can change the file to try to find vulnerabilities in your app). You might not be too worried, but it's not your Mac that's going to be compromised, so it's not precisely your decision.

Be that as it may, I'd suggest you look into XPC as a mechanism for securely centralizing access to the shared file(s). It may be a fairly simple way to get something up and running, without a deep dive into the security escalation APIs.

Be that as it may, if you'd really prefer to just find somewhere that you can write a shared file, then your best choice might be to use a TSI to get a direct answer from an Apple engineer. If you pursue this here in this forum, you'll likely just keep getting "Why do you really need to do that?" responses like the ones I've given you.

Well your solution is exactly what I've come to, thanks for taking the time to respond. I guess it really isn't easily doable, which is absurd to me. It really doesn't *have* to be that way, it seems arbitrarily difficult and a grab by Apple to try to force everything through its own app store. In theory it would be super simple for any OS maker to have a folder where any app could create/be assigned a sub-folder and be able to read or write from that subfolder via any user account (maybe no other apps could access it other than the app that created it). Seems like plenty of situations where you'd want preferences shared across user accounts. Or even have a folder that all users/apps can access, and just live with the consequences that maybe some other app will write to your file in some random hypothetical instance, and deal with that in your code (as Apple had in the past), potentially requiring the developers to programatically ask for elevated permissions from the user to write there (but not making it absurdly difficult for programmers to do that). I *believe* Windows still has support for some of these things. I'm really pulling for Windows these days, we all benefit from when Apple and MS are competing with each other to make things easier for developers and user. Anyway, I really appreciate your time in responding with that suggestion.

Why don't you just shove stuff in /Users/Shared ?

everyone can access it without needing root, you can't blow up the OS so it's not a security hole.

ii shove audio/video plugins, documents etc, you can create /Users/Shared/Library /Users/Shared/bin, yada yada yada

I thought about that, but I'd heard that it only exists if there are alreay more than one user on the system, and it seems to be essentially deprecated. Also, there doesn't seem to be a way to get the path to that folder reliably, esp in non-English systems - are you aware of an API for doing so?

Of note, this does seem to be easily doable on Windows...

/Public ~ /Public/Drop Box in each user's home is defined as...

"Another Mac user on your local network can share files with you by putting them in his or her Public folder. You can also share your files with another local Mac user by putting them in the person’s Drop Box (a folder inside the Public folder)."

Share files with others who use your Mac

And while those locations are (global) read/write, I don't know if that includes files in them.

Have you checked if your non-sandboxed MacOS app across multiple user accounts can reach them? If so, it might be a matter of setting the correct permissions.

You're talking OSX not iOS?

So you're trying to install on a system with zero users only root? I think that's pretty rare or impossible to do unless you hack the kernel, which is possible. Otherwise you'll probably blow up or crash the system if you change any of the libraries or screw something up.

Install any Adobe App and it will spray all kinds of cra p in /Users/Shared , /Users/Shared/Documents and /Users/Shared/Library/Application Supprt

I don't think you need an API, /Users/Shared permissions are system, wheel, everyone read&write. Simply hardwire the paths.

otherwise use google drive, dropbox, mega, aws