0

I'd like to create a new user account and allow them to do maintenance on the server, i.e. install and configure new software, restart the server, manage other users etc...

However, I'd like to disallow access to a specific folder in a home directory.

I understand that for the server maintenance, they'd require sudo access which is fine. But is there a way to disable access to a folder even though they have sudo?

The folder contains sensitive source code of a project, which needs to be protected.

siamii
  • 151
  • 1
  • 2
  • 6
  • You could add AppArmor or SELinux restrictions, and then add restrictions to stop them disabling those restrictions. Or maybe you have a file system with extended attributes that allows this kind of fine-grained control? – Ken Sharp Jan 26 '16 at 05:27
  • If this works for your project you could encrypt the folder (which you should be doing anyway) and make sure it never gets mounted on the server itself, only on individual clients. – Keith Jan 26 '16 at 06:44
  • Regarding the encryption route, do note that ecryptFS/EncryptedHome is not your friend in this case, as it does just that: "gets mounted in the serer itself". – Anders Olsson Jan 26 '16 at 06:52

2 Answers2

0

You can encrypt the files/folders using seahorse. It integrates well with Natuilus, and you can simply. Encrypt by clicking right and select encrypt

Reference: https://askubuntu.com/a/27780/488702

Community
  • 1
Info-Screen
  • 495
0

I think that the best way is to use EncryptedHome. For sensitive user accounts, create them using the option encrypt-home. Check the caveats on the page if it fits your requirements.

P. Marteau
  • 81