LinuxQuestions.org
Welcome to the most active Linux Forum on the web.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 07-23-2006, 06:26 AM   #1
unihiekka
Member
 
Registered: Aug 2005
Distribution: SuSE Linux / Scientific Linux / [K|X]ubuntu
Posts: 273

Rep: Reputation: 32
Completely protect folders in /home


Hi there!

I have read several threads about protecting folders in /home/ by password, chmod, adding new users who have only access to the folder and loop mounting, but the thing is this: I have a folder in /home, say: /home/secret/ that I want to protect with a password without encrypting it, but not even root should be able to open it. Just by clicking on it, I want some password "screen" and then I can access and do whatever I want with the files in the folder (access over the console is okay too). Is it possible to do?

- No access to folder for root (and any users)
- Access only to the one who knows the password
- No encryption
- No crypto partition

Or are there better alternatives?

Thanks.
 
Old 07-23-2006, 08:13 AM   #2
Daws
Member
 
Registered: May 2006
Location: UK
Distribution: Debian
Posts: 447

Rep: Reputation: 39
Stopping regular users is easy, a simple chmod 600 will set the files permissions to rw-,---,---
so noone but you and root can read and write the file. root on the other hand...

AFAIK root can do as he/she damn well pleases, at least on any distro I've come across. root can change the permissions of a file regardless of who owns it...so unless there is a distribution that allows you to keep things from root...hmm, I could be wrong but this sounds a bit stupid.

From what I can see I think the easiest option is encryption, that way even though root can play with the encrypted archive, he couldn't know the contents without a password.

Is there any reason why you can't use encryption? Just out of interest what are you hiding from root? If I were him I would become a bit suspicious If I saw measures in place specifically to stop him from reading your files (details about his surprise birthday party might be forgiven...)

Anyway I'm not an expert when it comes to this sort of subterfuge, so maybe someone else here will know a way around your problem.
 
Old 07-23-2006, 11:22 AM   #3
bigrigdriver
LQ Addict
 
Registered: Jul 2002
Location: East Centra Illinois, USA
Distribution: Debian stable
Posts: 5,908

Rep: Reputation: 356Reputation: 356Reputation: 356Reputation: 356
The only way I can think of to keep root out of your files is to put them on removable media. Insert media when you want to get at those files; remove media when done.

Of course, while media is inserted, root can have access.
 
Old 07-23-2006, 11:36 AM   #4
Matir
LQ Guru
 
Registered: Nov 2004
Location: San Jose, CA
Distribution: Debian, Arch
Posts: 8,507

Rep: Reputation: 128Reputation: 128
If you don't trust root, don't use the system. Even with cryptoloop or dm-crypt, root can see your data while its mounted. Without it, root can see your data anytime he/she pleases.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Password protect apache home directories paul_mat Linux - Networking 3 04-28-2006 12:36 AM
How do I password protect folders/files? shodekiagari Linux - Software 6 12-04-2004 12:16 PM
Looking for a way to password protect a file within my Home folder BadKarma Linux - Security 2 12-26-2003 08:13 PM
how to protect folders Punker51 Linux - General 3 12-04-2003 09:20 PM
passwd protect folders? dark_templar Linux - Security 3 12-03-2003 10:27 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 09:50 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration