LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)
-   -   hidden files or partitions with user but O S can see (https://www.linuxquestions.org/questions/linux-security-4/hidden-files-or-partitions-with-user-but-o-s-can-see-451955/)

funnybossvn 06-05-2006 09:48 PM
hidden files or partitions with user but O S can see
 
Please help me!!

I am running CentOS with kernel 2.6. I want encrypt some files or partitions to transparent for user but the operating system must still see them to access data.

I found many way in internet but no one satisfy my requirement. i.e: BestCyrpt, dm-crypt, ppdd, cryptoloop, cryptographic...

Please guide me some solutions and how to use them.

thank you so much

pdeman2 06-06-2006 03:08 PM
Instead of encrypting those files, you probably want to chmod them so that only one user can read and execute those files.

First what you need to do is find out what the user is that whatever service you are running needs those files. e.g. if it is for apache, the user might be httpd, or wwwrun.

Once you determine the user, you will need to do 'chown <user>:<usergroup> <file>' on all those files. If it a lot of files and directories and stuff, you might want to do 'chown -R <user>:<usergroup> *'.

After you have done that, you will also have to run 'chmod 700 <file>' on all the files.

Once all this is done, only the service that you specified will be able to use those files. Others will not be able to view them.

funnybossvn 06-06-2006 09:01 PM
thanks your guide!!
But ,this only secure in my server. If some one take my hard disk and boot it by other hard disk , CD Rom, or Floppy disk, I will can't protect my files. :(

I think we must encrypt whole disk and apply your way. so these files are protected. But I can not find any encrypt whole disk soft in Cent OS.

help me

win32sux 06-06-2006 09:31 PM
here's a nice article about encryption your entire root filesystem:

http://www.linuxjournal.com/article/7743

but i would suggest that, considering this is a server, you should only encrypt the partitions on which your vital data is stored (and the swap partition of course)... i mean, let's say you have the whole disk encrypted and then the server is rebooted (for whatever reason) while you are away - wouldn't you have to drive (or fly) back to the datacenter to boot the server with your key?? AFAIK you would even have to be physically present in order to reboot the server voluntarily... that kinda sucks IMHO...


All times are GMT -5. The time now is 10:41 PM.