LinuxQuestions.org
View the Most Wanted LQ Wiki articles.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 07-17-2005, 12:52 AM   #1
sall
Member
 
Registered: Apr 2005
Posts: 50

Rep: Reputation: 15
Password Protect Folder??


I am trying to password protect individual files/folders under ubuntu 5.04 without having to not give give access to the whole drive to others besdies root. Are there any programs or preinstalled apps to do this?

Any information appreciated
 
Old 07-17-2005, 01:28 AM   #2
Kahless
Member
 
Registered: Jul 2003
Location: Pennsylvainia
Distribution: Slackware / Debian / *Ubuntu / Opensuse / Solaris uname: Brian Cooney
Posts: 503

Rep: Reputation: 30
by default, only a given user, and root, can read the files in that given users home directory.


you can test this on your distro by simply going into another users directory and trying to read his/her files.



if this isnt good enough, you could look into encrypting teh files in question.
 
Old 07-17-2005, 03:37 AM   #3
stefan_nicolau
Member
 
Registered: Jun 2005
Location: Canada
Distribution: Debian Etch/Sid, Ubuntu
Posts: 529

Rep: Reputation: 32
I would suggest, in this order of preference:
A) Use the standard permission mechanism instead of passwords.
B) Encrypt the files
C) Write a program that prompts for a password, then fetches the files requested. Run this program suid root.
 
1 members found this post helpful.
Old 07-18-2005, 01:14 AM   #4
sall
Member
 
Registered: Apr 2005
Posts: 50

Original Poster
Rep: Reputation: 15
how do i go about encrypting files and where can i get a script or how do i write the script that promts for a password?
 
Old 07-18-2005, 06:11 AM   #5
stefan_nicolau
Member
 
Registered: Jun 2005
Location: Canada
Distribution: Debian Etch/Sid, Ubuntu
Posts: 529

Rep: Reputation: 32
Quote:
how do i go about encrypting files
http://www.bigbold.com/snippets/posts/show/341
You may want to choose another cipher than the one in the example. See man openssl.

Quote:
where can i get a script or how do i write the script that promts for a password?
A) I don't know where to get the script.
B) Are you sure you want a suid script?
C) Have a look at perl-suid.
D) The script itself should be straightforward:
1. the script is invoked /usr/local/bin/getfile.pl /path/to/original/file /where/to/put/it
2. the script prompts for a password
3. the script hashes the password and compares it to the one stored in a file that contains filename-hash pairs
4. if the passwords match, the script copies /path/to/original/file to /where/to/put/it and chowns it to the appropriate user
5. The user can now have access to the copied file, while only root could access the original.
E) The most important part will be securing the script. (i.e. what happens if /path/to/original/file is not in the database? , what happens if the user does not have access to /where/to/put/it?, etc.)
Sample attack based on bad checking of the output file in this script:
Code:
# /usr/local/bin/getfile.pl /path/to/a/file/i/have/the/password/for /etc/shadow
Password:<input password>
password accepted.
Copying /path/to/a/file/i/have/the/password/for to /etc/shadow...
chowning /etc/shadow...
done!
# ls -l /etc/shadow
-rw-rw-r--  1 me mygroup 1928 2005-07-16 20:49 /etc/shadow
# nano /etc/shadow
You're screwed!
 
1 members found this post helpful.
Old 07-18-2005, 06:58 AM   #6
taylor_venable
Member
 
Registered: Jun 2005
Location: Indiana, USA
Distribution: OpenBSD, Ubuntu
Posts: 892

Rep: Reputation: 40
Access Control

By "access" do you mean the ability to (1) examine what files exist, (2) take non-destructive action on files, or (3) delete files? If it's one of these specifically, you can accomplish this very easily through the builtin UNIX access restrictions for directories: (1) read, (2) execute, and (3) write, for each of the corresponding numbers above, on the parent directory in question. Also, keep in mind that the "user" owner of a file doesn't have to be in the "group" owner. One last note: you can modify (but not delete) a file by having execute-only permission on the parent directory, but you have to know the exact name of the file (can't use `ls` to figure it out).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Password protect folder? sall Linux - Security 4 07-18-2005 05:57 PM
Password protect directorys? xconspirisist Linux - Security 3 12-31-2004 08:26 PM
how to password protect certain directories? sirpelidor Linux - Security 3 10-06-2004 12:16 PM
Looking for a way to password protect a file within my Home folder BadKarma Linux - Security 2 12-26-2003 08:13 PM
Password protect souvik Programming 0 05-22-2001 05:28 AM


All times are GMT -5. The time now is 01:56 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration