I will shortly be getting a MacBook with a hard disk large enough to store most of my music and photos. So, I am tempted to revert to my previous preference of having a partition for the OS and User files, but a separate partition for Music, Photos, and other data that would be shared between several users of the MB. (Using Sharing has not worked reliably in the past and have no reason to believe Apple has improved things.)
What would be the best way to go about this, and any suggestions for the best size to use for the boot partition?
Why not just use the standard Shared folder in /Users?
1 Like
If you are going to do this, APFS has really changed things. Just make a new APFS volume - it can be sized to the same size as the other volumes in the APFS container (APFS manages this for you). So, if you have a standard Mac install these days on a 1 TB SSD, just make the new volume the same size, or as much as it will let you.
See Should you add a new APFS Container or Volume? – The Eclectic Light Company for some more info.
And Add, delete, or erase APFS volumes in Disk Utility on Mac - Apple Support
2 Likes
I used to keep ll that stuff in /Junk at the root of the drive…but the folder got unceremoniously moved to /Users/Shared…so I left it there nd just set the perms on the folder to everybody read/write.
With APFS, all volumes that share a container share the same pool of free space. So you don’t need to set sizes at all. You only need to set the size of the container, if it won’t be filling the physical device.
If you are concerned about one volume causing problems by consuming all of another volume’s free space, you can configure it for a reserve size and/or a quota size.
- A Reserve Size is a minimum amount of free space that must be kept available on a volume
- A Quota Size is the maximum amount of storage that the volume is allowed to use
Typically, you don’t need to bother with either of these, but if you have several volumes sharing a container and you want to impose limits on one or more, that’s how to do it.
See also Add, delete, or erase APFS volumes in Disk Utility on Mac - Apple Support
2 Likes
I have tried that in the past and it didn’t really work with iTunes libraries. Ideally want a single folder of music files, but separate users with their own playlists and ratings.
This looks promising, as long as you can tell MacOS to ignore permissions for an APFS volume. This will also be my first M1 Mac, but will still want a boot partition on an external disk as well as. Is that still possible?
It is. I’m curious, what do you expect to achieve with an external boot partition.
1 Like
It is possible, but with a caveat I eventually found too risky for my uses: the external disk can’t be encrypted. If it is encrypted, Apple Silicon refuses to boot from that disk.
An external boot partition is useful as backup if things go haywire. To be fair, I have not had to resort to an external boot disk for some time, but useful to have as an option.
A possibly unpopular opinion: On Apple Silicon, an external boot partition is of marginal benefit IMO over a Time Machine backup for the “just in case something goes wrong with the boot disks” use case. It’s unlikely today that macOS gets corrupted due to the read only nature of the SSV it boots into. And If the internal SSD fails, an Apple Silicon Mac is unbootable, even from external media.
External boot media is useful for other use cases.
1 Like
Maybe. But quite a lot of system applications and system configuration files are stored on the Data volume. If they get corrupted, it can still make “something go wrong” and might even impair your ability to boot to a normal desktop, even if the lowest-level software (like the OS kernel) is undamaged.
A secondary bootable system (whether on internal or external storage) will still protect against this. Even if you can’t do anything else, it will let you log in and access your documents from the primary OS installation. It can also give you a chance to make one last backup before you boot into recovery mode for a clean reinstall (after which, you’ll still need to migrate all your content from that backup, of course).
There are different kinds of failures. If the hardware ends up completely dead, yes, you’re out of luck. Go contact Apple to replace the flash modules (if you have hardware that allows it) or replace the motherboard (if you don’t).
But there can be other kinds of failures (e.g. corrupt data in a critical region of storage), from which recovery mode (possibly Internet recovery) can still be used to wipe and reset what has failed.
1 Like
How about File Vault? Haven’t tried but can you FV an external Big Sur AS boot disk?
I don’t see why not.
External drives are not automatically encrypted by Apple Silicon or a T2, the way internal storage is, but it should still work (and AS/T2 will still give you hardware acceleration).
The only significant user-facing difference I can think of is that when you first enable File Vault, it may take a while for the encryption process to complete, since it will have to actually encrypt/rewrite every block on the device (vs internal storage, where it simply associates a password with the hardware encryption key that’s already being used.)
I had a look at those settings recently (on macOS 12.4). But… I think the values can’t be changed once set, which IMHO makes them considerably less useful.
For example - I’d like to create a volume for my son to use for video editing. I’d set an initial quota size, then, when he inevitably runs out of space, discuss with him and consider increasing it.
But I suspect the only way to actually increase the quota size would be to create a second volume with the new larger quota, then copy all the files across, then delete the first volume. That seems a pretty poor process - for one thing, I suspect we’d need enough disk space to store all the files twice whilst implementing the increase (unless the APFS duplicate-file-without-consuming-much-space feature works across volumes?).
Perhaps I’ve missed something and it is actually possible to change the quota size, I say hopefully?!
1 Like
Right—you wouldn’t want to store the Music/iTunes Library packages there, just the raw music files, which you’d then have to add to each person’s library separately.
2 Likes
My personal experience has shown that like Finder encryption, FileVault encryption also prevents an external disk from booting my Apple Silicon Mac. It’s the Apple Silicon that prevents all boots from an encrypted external disk, not the method of encryption or the OS installed.
My external backup disks are encrypted with FileVault currently, and mount and behave with no issues. Except I can’t boot my M1 Mac Studio using them.
However, going through Glenn Fleishman’s “Take Control of Securing Your Mac” again just now, I read he thinks it’s possible to enable FV on an external disk and still boot an M-Series Mac if you are using Monterey. (He warns Big Sur still won’t allow it.) He outlines the steps necessary to do this successfully in the book. I’m not sure I used his steps when I tried it before, so I’ll experiment today and see if I’m successful.
That is the aim. Already got all the music and video files on the separate partition, and assuming I just create a Music library for each user as normal then specify “Music Media folder location”. (Past experience is that you have to then import all the files into the library and let Music/iTunes do its thing with reorganizing them in the same order again.)
Sadly, this appears to be the case. Neither the GUI nor the command-line tools will let you change these values.
I think there may be a few issues at play here.
You say these are backup disks. Bootable backups? As far as I know, there is no way to make a bootable backup of an Apple Silicon Mac.
If you made a normal backup, then those can never be bootable, because you will only be backing up the Data volume, not the System volume.
If, on the other hand, you created a clean macOS installation on external media, and then backed up your system’s Data volume to the external system’s Data volume, then the result might be bootable. But I would be concerned about apps and settings on the Data volume getting out of sync with the code on the System volume. In order to keep it in sync, you’d have to boot the external drive and use Software Update to update its System volume, and then make a backup from the internal Data volume (assuming the internal macOS was updated to the same version, of course).
If you are using this last option, there are two ways to FileVault-protect it. One is to just turn on encryption while you’re booted from the internal volume. I wouldn’t expect this to work, since the external volume’s Recovery partitions (where the pre-boot code resides) won’t be updated with the necessary FileVault content.
The other option is to boot the external volume and enable FileVault from there. If you do this, I would expect the Data volume to get encrypted, but not the System volume. (There’s no real reason to encrypt the System volume, since it will only have content from Apple). I would expect that to remain bootable.
But I haven’t actually tried it, so I might be expecting too much.
3 Likes
First, David C., let me say after reading many of your posts since I’ve been actively posting (which is after MacInTouch ended their forum and recommended TidBITS Talk, although I’ve been a paid member of TidBITS for many years now) I value your insights a lot. A lot. That compliment said…
I believed the same as you, that bootable (encrypted) backups are not possible. Then I read Glenn’s latest updates to his Take Control book, and thought, “well, maybe it IS possible”.
Yes, I also agree with you, that I could never just do a CCC backup and have it be bootable. I do know I have to install Monterey using Apple’s installer in order to have it be bootable at all. And I did have those backup SSDs, with Apple installed Monterey systems, work perfectly. But they weren’t encrypted. That worried me, because my backup medium is so small and light that a thief would have no problem just unplugging it and sticking it into a coat pocket. (It’s an OWC ThunderBlade 4TB External SSD.) Not that it would probably happen, but still…
Yes, I agree with you again, every time Apple puts out a system update, I was historically going through my four backup disks and updating each one in turn using Software Update. (Which is a real pain and takes a lot of time, but that’s the price we pay for security now.) After that, CCC updated my Data partition perfectly, with no issues. So a small price to pay for bootable backups.
According to Glenn’s “Taking Control of Securing Your Mac”, if you’re using Monterey as your macOS, you can use FileVault 2 for an encryption disk that will successfully boot. But only if you use Apple’s installer to install Monterey onto that disk (of course) then boot from that disk, then enable FileVault via that booted cloned disk’s System Preference’s Security & Privacy pane. Encrypting it via the Finder would still result in an unbootable clone.
I’ve just gotten to the point where I have the time to prove Glenn’s assertion, and after performing the steps he outlined, I can say it did work for me in Monterey. I was able to use FileVault to encrypt my external disk, and it’s bootable. I wasn’t keeping up with the latest information on this topic it seems, so my bad.
So thanks for your helpful reply. I respect that. And thanks to Neil for suggesting File Vault in the first place. It prompted me to experiment, which solved my personal dilemma. Now I have external encrypted bootable drives available. So a win all around.
4 Likes