How can I lock files and programs with custom-set passwords?
That is, without changing the permissions of the file so that the sudo password has to be used...
Asked
Active
Viewed 3,791 times
0
-
What do you mean by "lock"? What should non-root users not be able to do? – kos Nov 04 '15 at 12:14
-
get access to it... no user apart from the one who set the password would be able to access the file, since that user set the password to required to access it – TellMeWhy Nov 04 '15 at 12:18
-
Yes but there are multiple ways a file can be "accessed" (read, written, executed (which is basically the same as read however)). You mean all of them? – kos Nov 04 '15 at 12:22
-
2Impossible. "root" will always be able to do whatever he wants. – Rinzwind Nov 04 '15 at 12:22
-
And what Rinzwind said. That obviously would exclude root. – kos Nov 04 '15 at 12:23
-
oh and you do not even need a password. "chattr" is what you are looking for That command makes a file immutable. Except root that can revert it it basically makes a file not just unchangeable but even invisible. – Rinzwind Nov 04 '15 at 12:27
-
@Rinzwind so how am I supposed to view it? – TellMeWhy Nov 04 '15 at 12:28
-
You change the setting back (sudo/root required). Basically it does what you want but w/o a password on the file itself). See http://www.aboutlinux.info/2005/11/make-your-files-immutable-which-even.html for a bit more detail – Rinzwind Nov 04 '15 at 12:29
-
@DevRobot see if the answers is what you wanted or if it gets you into a direction you want to go :-) – Rinzwind Nov 04 '15 at 12:35
3 Answers
4
Possible method that is not exactly what you are asking
sudo su
cd ~
mkdir tmp
cd tmp
touch file.txt
chattr -i file.txt
exit
Back on the normal prompt nobody can do anything with the file.
You need to revert the "chattr" command with
chattr +i file.txt
to have normal access. "chattr" can also be used for other permissions. The +a option will make it possible to append to a file but nothing else.
From the make page the options:
Select the new attributes for the files: append only (a), compressed (c), no dump (d), extent format (e), immutable (i), data journalling (j), secure deletion (s), no tail-merging (t), undeletable (u), no atime updates (A), synchronous directory updates (D), synchronous updates (S), and top of directory hierarchy (T).
Rinzwind
- 299,756
3
For a custom-set password encryption, I would recommend the gpg symmetric cypher. Encoding:
user@computer$ gpg --output doc.gpg --symmetric doc
This will ask for a passphrase and create an encrypted version of doc.
Decoding:
user@computer$ gpg --output doc --decrypt doc.gpg
This will ask for a passphrase and decrypt doc.gpg as doc.
The question is not quite clear with the sudo password. When you run commands with sudo, you are asked your user password on ubuntu. The password of root user is another password, which you can set with the following command:
user@computer$ sudo passwd root
Linux file systems provide protection by permissions. However, in case somebody boots e.g. a live Ubuntu on your computer, or take your HDD, they can read all your files. Partition encryption is a good tool to prevent this type of data theft.
2
There are several tools you can use to obtain a finer grain of control over files.
First, and most important, each user must have her or her own account.
From there, your first line of defense is standard linux permissions. Make your home directory or a sub directory private.
chmod 700 /home/your_user
If you need finer grain of control, use acl . acl allow you to set permissions per user.
See https://help.ubuntu.com/community/FilePermissionsACLs
One of those two options is going to be sufficient for most user cases.
The limitation of permissions are that anyone with root or physical access will be able to access the files.
If you need more then that, or if you need to restrict root access, your next option is to use encryption.
You can encrypt your home directory either at the time or installation or later. See https://help.ubuntu.com/community/EncryptedHome
You can make a separate encrypted directory (see above link) and Is there a tool to encrypt a file or directory?
Take care with encryption, as long as the file is decrypted, and your user can read the file, so can root.
