1

Let's suppose a Mac OS computer with two users: user1 and user2. These users are not administrators. FileVault is enabled. The computer is connected to an empty external hard drive for Time Machine.

What happens when user1 is launching Time Machine backup: Do you think user2's files will be included in the Time Machine backup? Or does user2 need to connect and launch Time Machine too?

Time Machine has an option to encrypt backups. If I do not enable this option, do you think backups will be encrypted with the FileVault key?

kelalaka
  • 5,409
  • 4
  • 24
  • 47
Bob5421
  • 127
  • 3

1 Answers1

0

FileVault encrypts the full disk. The data is protected from those that don't have access to the computer, or if the device is removed it will be protected.

When someone with a valid login enters their correct password they basically "unlock" the disc. They have access to unencrypted files with the caveat that they have the correct permissions to access those files. Any program running on the Mac would also have unencrypted access to any files they have permissions to access.

When User1 launches Time Machine it backs up the entire disk with the exception of anything explicitly excluded from the backup. It is NOT encrypted by default just because you're using FileVault. In fact, the backup itself is not protected by FileVault. You must turn on the Time Machine encryption for the backup to be encrypted.

File permissions are still intact on the backup. Meaning you would not have any access you don't already have. Therefore User1 cannot access any files they don't already have access to (e.g. User2's files) and vice versa.

When you are logged in as User1 you will not have access to files that belong to User2 but you can restore files and folders from either account.

References

Time Machine Backup with Multiple User Accounts

Backup FileVault Encrypted Disks - Time Machine

With FileVault ON are Time Machine Backups Encrypted

kenlukas
  • 835
  • 6
  • 18
  • Thanks pour your answer but there is something i do not understand: When User1 launches time machine, it will backup user2's files. But how user1 can decrypt user2 files ? Thanks – Bob5421 Nov 11 '21 at 19:48
  • @Bob5421 I added some more information and another link. In general, User1 is not decrypting User2's data, they are launching an application that has the ability to read the decrypted files/folders. – kenlukas Nov 11 '21 at 22:19
  • So if user1 launch timemachine, he can read user2 files by browsing backup external hard drive ? – Bob5421 Nov 12 '21 at 17:48