5

I just installed an application that has the bad habit of automatically scanning all my folders for files to edit.

The app has no available options to disable this behavior. I cannot just remove read/list permissions for those files because the app runs with my user permissions, and I still want other applications to be able to access them.

Is there a security mechanism to prevent the application from being able to read some folders? I tried using apparmor, but since it is "default deny" there doesn't seem to be a way to say "allow the app to do everything it wants EXCEPT access these files".

Thanks.

Raja G
  • 102,391
  • 106
  • 255
  • 328
Ivo Anjo
  • 229
  • What you're searching for is AppArmor. Alas, I lack the expertise to give you a full answer but you can start your research with these two tutorials. – Glutanimate Feb 19 '13 at 23:42
  • 1
    Also see: http://askubuntu.com/q/236381/44179 – Seth Feb 21 '13 at 01:03
  • The thing is, AppArmor is very complex, and I have to loose a lot of time creating a profile and setting the permissions.

    I tried using it, but kept running into issues with wrong permissions. I wish there was a way to say "allow everything BUT accessing this folder". AppArmor seems to work the other way round "deny everything EXCEPT what is in the profile".

     – Ivo Anjo Feb 22 '13 at 11:59

1 Answers1

0

There is one solution that can help you.as you have given full permission to that application from your side ,I'm afraid that you can't restrict the access of the application.

The one possible way is turn those file/folder permissions to accessible to only root.so that when you want to work with them you can do it by turning into a root user and your program can't access the root files/folders unless you have given enough permissions to it.

Hope that helps.

Raja G
  • 102,391
  • 106
  • 255
  • 328
  • Thanks, but I wanted to try and avoid that, since I use other apps to work on those files, and running eclipse and other java tools as root or another user as a workaround for a single badly written app is not very nice. – Ivo Anjo Feb 19 '13 at 16:25
  • 1
    Then you have only one solution, install that app as other user of the system. – Raja G Feb 19 '13 at 16:31