Re: password-protection of directory

On Saturday 15 April 2006 18:09, Marten Kemp stood up and spoke the
following words to the masses in /comp.os.linux.misc...:/

Bill Marcum wrote:

On 14 Apr 2006 10:54:26 -0700, sanky
<sankarghosh@xxxxxxxxx> wrote:

[...] Say, I'm working on my home directory and I wish to password
protect a folder under it, so that whenever I'll $cd or $ls to
that folder, it will prompt for some password that I'd given
earlier. How can I achieve this..by some script..by some tweaking or
whatsoever.

You could encrypt it, or have it owned by a different user, and you
could write aliases for the cd and ls commands.

I'm a newbie in the Linux arena.
What happens when one user acceses a file or folder owned
by another user without the appropriate permissions?

"Directory", not "folder"... ;-)

Normally, no user can access files in another user's home directory.

At first I thought that this would be a good place to put a
call to an ESM (External Security Manager, essentially a
daemon that controls access to secured resources), then I
realized that creating a group of users allowed access to
the resource and assigning users to that group would should
work. Users *can* be assigned to multiple groups, right?

They can be, yes, and there are various mechanisms to further fine-grain
the permissions someone has on a file or directory - which you should
see entirely in the context of files and directories which are shared
among users, and which therefore by definition should not be located in
any particular user's home directory.

An example of such finegraining is the uppercase "X" permission, which
gives users "x" permission - i.e. execute permission for files,
traverse permission for directories - if the user belongs to a group of
which at least one other member has "x" permission on that particular
file or directory.

See...

man chmod

.... for details. ;-)

Another method of fine-graining security is by using ACL's (Access
Control Lists). Most of the GNU/Linux filesystems - i.e. /ext3,/
/reiserfs,/ /reiser4/ and /xfs,/ possibly /jfs/ as well - support them,
but they have to be mounted with ACL's as a mount option.

It all depends on what you want to accomplish in terms of security.
Perhaps you should also look into the SELinux project, which is a way
to harden a GNU/Linux system even further, among other things by using
ACL's.

--
With kind regards,

*Aragorn*
(Registered GNU/Linux user #223157)
.

Relevant Pages

  • Re: Cannot take ownership of a folder
    ... > Open Folder, Delete Folder ... > If I Right click, select Sharing & Security, Security tab I get the ... > You do not have permission to view or edit the current permission ... > I am logged in as the Administrator. ...
    (microsoft.public.security)
  • Re: Network shares cannot connect
    ... Changed value to 0 just waiting to re-boot the server and test logins. ... Workstation Name: - ... let's focus on the Users Shared Folder first. ... To check this permission, please click the Advanced button, select ...
    (microsoft.public.windows.server.sbs)
  • Re: Network shares cannot connect
    ... Changed value to 0 just waiting to re-boot the server and test logins. ... Workstation Name: - ... let's focus on the Users Shared Folder first. ... To check this permission, please click the Advanced button, select ...
    (microsoft.public.windows.server.sbs)
  • MCSA/MCSE Self-training book from MS PRESS for exam 70-215 incorrect on file permission questions?
    ... includes the AccountingDept folder, which contains documents specific to the ... accounting department. ... The Accounting group includes all members of the ... AccountingDept folder by granting Read permission to the Accounting group ...
    (microsoft.public.win2000.file_system)
  • Re: Practice Test with Wrong Answers?
    ... "The Modify permission does not include the Delete Subfolders and Files ... so permanent employees cannot delete files form the Progress ... When I try this out the modify permissions for the parent folder get ...
    (microsoft.public.cert.exam.mcsa)