Multiple Mac OS user accounts, multiple PW vaults, one Mac, one user

Options
cgn
cgn
Community Member
edited July 2016 in Mac

Hi,

I’m currently using 1PW in the following configuration, which is sub-optimal and I’m trying to improve it. Maybe someone here has an idea:

On my Mac (running El Capitan 10.11.6) I’m using two seperate user accounts (one personal and one business). So far I’m using 1PW (Vers. 6.3.1) on both of these accounts, storing my personal passwords on my personal user account and the business passwords on my business user account.

I was thinking it might be a good idea to have both password collections on both user accounts. Maybe as two seperate vaults. However, then the location where the password file is stored would have to be above the user level, accessible by both user accounts. So far I haven’t found any way to do this.

Oh.. and I do not want to use a cloud. I want to store the password information locally only.

Is this possible?

Thanks in advance for any hints an tips! :)
Peter

1Password Version: 6.3.1
Extension Version: Not Provided
OS Version: OS X 10.11.6
Sync Type: local
Referrer: forum-search:multiple accounts

Comments

  • danco
    danco
    Volunteer Moderator
    Options

    I am wondering if you could use Folder Sync, either to the Shared user or to one user's Public folder.

  • khad
    khad
    1Password Alumni
    Options

    Hi @cgn,

    Thanks for asking about this.

    It would seem like a pretty simple request, yes? Unfortunately, the way file ownership and permissions work in OS X — in all UNIX-based operating systems — things can get pretty hairy. :(

    The easiest way to do this would be to do what Danco suggested and use Folder Sync. That creates a copy of your data in a location that you choose. The trick is to put it on an external drive where ownership and permissions are handled differently than they are for internal volumes. You could use an external hard drive or a USB flash drive.

    To do it on an internal volume (i.e. your startup disk)… that way lies madness. I don't think you like all the effort that it takes and then all the problems that arise. But if you want to give it a shot, make lots of backups, and try using /Users/Shared for the location of your vault with Folder Sync. You may need to make a number of changes to ownership and permissions, but every time I've seen it attempted it ended up not working out so well.

    We'll try our best to make it work, but it may be an uphill battle.

  • cgn
    cgn
    Community Member
    Options

    Hi danco, hi khad,

    thanks for you quick reply and your help.

    That sounds like a road I don’t want to go down. I’ve tried something similar with a locally shared calendar some time ago. It was horrible.

    I thought things might have changed and/or I might have overlooked something. But ok.

    Using an external drive really isn’t an alternative either as I’m constantly using 1PW and I can’t always have a USB stick attached to my computer.

    So.. what would you suggest in this context?

    I could keep the 1PW-personal vault updated in the personal user account and the 1PW-business vault in the business user account. And then regularly export the 1PW-personal vault and import it into the 1PW-business db and vice versa.

    Seems a bit cumbersome.. but might still be the most elegant way to keep everything up to date if I want to be able to use both vaults on both accounts, right?

  • littlebobbytables
    littlebobbytables
    1Password Alumni
    Options

    Greetings @cgn,

    I don't share the same level of concern a khad over using /Users/Shared/. Yes in it's default state it's bordering on useless but with just the right modifications it can actually be used as real shared folder between users. The problem with its current state is no matter what you do to the default ownership settings via Finder, new files use a set of system default permissions that dump you right back at square one until those permissions are tweaked for that one folder.

    It's up to you of course. I've offered the following to others who are dead against cloud services and I've even had one or two colleagues, who have a distrust of /Users/Shared/, promise to pass any queries on to me if problems arose. So far I've not had any callbacks. That isn't to say it may not happen but once configured correctly it seems to be robust.

    The trick is to open a Terminal window and use the following command.

    sudo chmod -R +a "everyone allow list,add_file,search,add_subdirectory,delete_child,readattr,writeattr,readextattr,writeextattr,readsecurity,file_inherit,directory_inherit" /Users/Shared

    What that does is set it so that anybody can read and write to any file in the /Users/Shared/ folder. Now that's kind of what it should have done all along in my opinion but that's just my opinion. The key part though is you use this command and then set 1Password to sync to something like /Users/Shared/1Password/. You'll probably need to create two subfolders because both copies of 1Password will be determined to create a bundle title 1Password.opvault so you'll want two folders, say personal & business and save each one in the respective folders. You then add the business vault as a secondary vault to the 1Password in your personal user account and vice versa. I'm not really a cloud person either and because I run the stable version of 1Password (Mac App Store) and the beta version of 1Password (AgileBits Store) I need to use something like this to keep the two in sync.

    It's up to you, but exporting and importing will involve a large number of steps and if you're not careful overwrite something you didn't intend to (as well as the export format being in cleartext unlike the sync containers). I'd even go as far as recommending Dropbox or our own 1Password service over that despite your cloud objections just because of the faffing involved.

  • cgn
    cgn
    Community Member
    Options

    Hi littlebobbytables,

    sorry for the super late reply. I was away for quite a bit and then this issue went down a couple of positions on the priority list.

    I just tried what you suggested and it seems to have worked perfectly. I didn’t get any confirmation in Terminal but I guess that’s normal.

    Let’s see if this will bring any problems in the future. But so far it does what I was looking for. So.. Thanks for that, for now!

    One thing that I was still wondering: Where are the original password vaults saved? As I understand it, the way I did it now, each 1PW created a copy of its original vault which it now syncs to regularly. Then the other 1PW created a new vault which is now syncing with the vault of the respective other 1PW (not the best description.. But I guess you know what I mean.. ;).

    But the original vaults were not moved or changed here, right?

  • Drew_AG
    Drew_AG
    1Password Alumni
    Options

    Hi @cgn,

    On behalf of littlebobbytables, you're quite welcome! I'm glad to hear his steps worked as expected.

    Where are the original password vaults saved?

    Regardless of whether or not you're using one of the sync options in 1Password 4/5/6 for Mac, your data is stored locally in one of the following locations:

    If you're using the AgileBits Store version:

    ~/Library/Application Support/1Password 4/Data/

    If you're using the Mac App Store version:

    ~/Library/Containers/2BUA8C4S2C.com.agilebits.onepassword-osx-helper/Data/Library/Data/

    When you enable Folder sync, 1Password will create a copy of your vault in a sync file in the location you choose. Changes you make will be synced between the main database in ~/Library/ and the sync file.

    I hope that helps, but please let us know if you have more questions! :)

  • cgn
    cgn
    Community Member
    Options

    Hi @Drew_AG,

    thanks for the info. Found it. All clear now! :)

  • Drew_AG
    Drew_AG
    1Password Alumni
    Options

    You're very welcome! I'm glad that helped. We're here for you if you need anything else. :)

This discussion has been closed.