LinuxQuestions.org - somebody is looking my files

- Linux - Security (https://www.linuxquestions.org/questions/linux-security-4/)

- - somebody is looking my files (https://www.linuxquestions.org/questions/linux-security-4/somebody-is-looking-my-files-16107/)

bob10a

03-12-2002 01:34 PM

somebody is looking my files

Hello,

I would like to know how I can detect who access my account. I am a simple user and I change the permissions of my directories so that only me and root and/or super users can see my files. However, I would like to know what root/superusers do when they get into my account or if somebody try to see my files.

Thanks in advance.

kill-hup

03-12-2002 02:27 PM

You can tell the last time a file was accessed via the file's inode "access" time. This won't tell you who accessed the file, but if you keep good records (or if you haven't accessed the file in a long time yourself), you could use it to tell when it was last touched, assuming the "touch"ers didn't cover their tracks.

You could try either:

Code:

perl -e 'print "Last Access: ".(localtime((stat("file_in_question"))[8]))."\n";'



- or -



ls -l --time=atime file_in_question

Note that it might be a system backup process that "accessed" the file, or a rogue "grep" command, or something otherwise innocent.

I guess a better answer would be that if you can't trust your server admins, you have bigger problems ;)

nikhiljosh

03-24-2002 11:17 PM

Denying file access to root (possible?)

Suppose I've a file named passwd which contains a list of my passwords
Is it possible to deny access to this file to root?

If not atleast can I encrypt the file so that even root cannot decipher it?

kill-hup

03-25-2002 07:38 AM

It's not possible to deny the root user (or any "administrative" user via "su" or "sudo") access to any file you own. No matter what the permissions, root always has access (with possible exception of /proc filesystem).

You can encrypt the data with something like the GNU Privacy Guard (GPG) or another encryption program. It's possible to encrypt the file with a good password so that, even though root can "access" the file, they cannot "unlock" it.

One possible problem with this is that the admin users could employ a keystroke or terminal logging utility to capture your password should you unlock the file. Again, this all goes back to my previous comment - if you can't trust the server admins, who can you trust? Maybe your file is best kept elsewhere.

Sixpax

03-31-2002 06:00 PM

For some reason Linux doesn't come with the generic UNIX crypt program, at least my copy of Mandrake didnt. I believe there are copies of it you can download though.

Also, check the man page for vi... it has a -x option for handling encrypted files.

All times are GMT -5. The time now is 05:02 PM.