2

My question would be a little bit silly, but who knows because linux is a very rich and sophisticated OS.

Is there a way that a normal user in ubuntu can hide some files from root ?

I know that the root has all privileges ans rights. But, if a simple user can keep files from root that would be awesome and very useful for me.

sarah
  • 23
  • 1
  • 4
  • Please be more precise about what you mean by "hide some files". – fkraiem Feb 08 '16 at 09:24
  • @fkraiem I mean by "hide some files" the fact that the root can't access my secured files or much better can't see them at all. – sarah Feb 08 '16 at 09:45
  • It is not really possible to answer the question without more context, in particular without knowing which capabilities the person behind root has. Encryption can easily be defeated for example by planting a keylogger or sniffing the RAM, two things root can easily do. – fkraiem Feb 08 '16 at 09:55
  • The person behind root is not a system engineer in my case. I think that he can't plant a keylogger or sniff the RAM. He uses the root session to access and modify some files. – sarah Feb 08 '16 at 10:00
  • -anything- on a disk that a user has "sudo" priviliges over is his and can be removed by this user. If you want something protected: encrypt an USB disk, use passwords on the mount and on the directories and leave that disk OUT of the system when you are not using it. – Rinzwind Feb 08 '16 at 10:10
  • Thank you for your advices @Rinzwind. I'm more sure now that the root has all privileges on files on disk. – sarah Feb 08 '16 at 10:13

1 Answers1

5

You already found out that your administrator (aka root) has all powers to control the system. This includes read and write access to all files on your computer. So from file permissions alone there is no way to prevent root from accessing files in a user's HOME.

In order to prevent privacy abuse from root there are a few option only:

  • Do not grant root access to people you don't trust that they respect your privacy. As everybody can get root access we also need to make sure only trusted people have physical access to our machine.
  • Never store private data on the machine's internal drive or on a local network drive. Use an external medium such as a pen drive or storage in the cloud for that. Lock this drive away from nosy people. Do not store the password to the cloud storage on your computer.
  • Use encryption (e.g. ecryptfs) for private data. This will however only work in case your administrator allowed encryption on your account. Also, it will not stop root from deleting your encrypted files but at least they can't read them.
  • Do not underestimate the benefits from parental control on your computer. If root is your caring parents then there is all reason to always trust them.
Community
  • 1
Takkat
  • 142,284
  • 1
    -1 for the opinion-based and off-topic last point. – fkraiem Feb 08 '16 at 09:50
  • 1
    @fkraiem might be but he is correct ;-) – Rinzwind Feb 08 '16 at 10:07
  • 1
    "password" protection is an option if encryption is out. – Rinzwind Feb 08 '16 at 10:10
  • @Takkat thank you for your advices. Hiding files from root is not that simple :) – sarah Feb 08 '16 at 10:15
  • @Rinzwind you mean that I can secure my file with a password. In that case the root can't access my file but he can delete it. If that what you mean, how can I proceed please ? – sarah Feb 08 '16 at 10:17
  • @sarah hiding is never a good method ( https://nl.wikipedia.org/wiki/Security_through_obscurity ) When you hide something how are you ever going to know if someone saw it? You then also need to police the files... No, don't put them on that system. Heck you are even better off putting them on google drive (password protected of course ;) ) – Rinzwind Feb 08 '16 at 10:18
  • 1
    @sarah archive manager ( see http://askubuntu.com/a/4835/15811 ) But that is not hiding a file. You put it in plain sight. Mind that this will not withstand a formattting of the disk/partition ;-) You should always put them elsewhere (somewhere not accessible by that sudo user) – Rinzwind Feb 08 '16 at 10:20
  • @Rinzwind thank you for your precious advices :) – sarah Feb 08 '16 at 10:24