I have an Encrypted /home, and I’d like to know if there’s a way of protecting folders with password, like when trying to open other partitions it asks for root password. To understand it a little better:
I login and let my daughter use the PC, but there’s a folder I don’t want her to see. If she tries to open it, a prompt “Enter your password” appears and the only with the root (or user account, doesn’t make a difference) she can access it.
Is there a way of doing it?
I have a public_html which has some image files and i am hiding the file contents by running chown and chmod on all the folder contents recursively.
I change the ownership of all the files and folder using chown
and then remove read /write permission for other users using chmod
Checking permission
$ls -la public_html
total 320
drwxr-xr-x 2 dartmouth users 32768 Apr 29 09:24 .
drwxr-xr-x 49 dartmouth users 4096 May 1 08:45 ..
-rw-r--r-- 1 dartmouth users 57101 Apr 22 09:27 ConfigureBrowser.png
-rw-r--r-- 1 dartmouth users 85467 Apr 22 09:23 installTimidity.png
-rw-r--r-- 1 dartmouth users 50720 Apr 29 09:24 Screenshot from 2013-04-29 09:24:19.png
-rw-r--r-- 1 dartmouth users 90173 Apr 22 09:25 SetTimidity.png
changing ownership of files to root or any other user using option -R
$sudo chown -R root public_html
root's password:
$ls -la public_html
total 320
drwxr-xr-x 2 root users 32768 Apr 29 09:24 .
drwxr-xr-x 49 dartmouth users 4096 May 1 08:45 ..
-rw-r--r-- 1 root users 57101 Apr 22 09:27 ConfigureBrowser.png
-rw-r--r-- 1 root users 85467 Apr 22 09:23 installTimidity.png
-rw-r--r-- 1 root users 50720 Apr 29 09:24 Screenshot from 2013-04-29 09:24:19.png
-rw-r--r-- 1 root users 90173 Apr 22 09:25 SetTimidity.png
Removing access to all other ussers except root recursively
$sudo chmod 600 -R public_html
checking permission again
$ls -la public_html
ls: cannot open directory public_html: Permission denied
Nautilus sort of complains. Don’t know how Dolphin will behave. I don’t know whether this approach will work if you /home is encrypted
On 2013-05-01 05:26, amarildojr wrote:
> Is there a way of doing it?
You need separate encrypted partitions.
–
Cheers / Saludos,
Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)
I guess it’s the only solution since only one account is used in this machine.
Thanks.
Consider enable a USER login account for your daughter ?
Found set up USER accounts for various children and adults was my easiest security solution.
Set access permissions to yours however you like.
Accounts and content take up little room, if did could limit their size, so various childen and other adults each have their own /home.
Can set permissions with either NO ACCESS, or LIST ONLY, READ ONLY, or complete read and write access.
Though I don’t know how an encrypted partition would act on this I submit Truecrypt for your consideration. Also there is Realcrypt that’s in the Packman repos. I have found that Realcrypt & Truecrypt work well one can( as I have) open a file I’ve done in one with the other & vice versa.
I’d like to encrypt a folder (or more). Once the access to the folder is permitted then you can see all it’s contents. There was a program on Windows that encrypted folders/processes, every time you’d try to open that folder/process it said “You do NOT have access”, so in order to do that you needed to exit the blocking software.
What I want to do is just like when opening partitions and, for what I could see, it seems the best way to do so, encrypt a partition.
On 2013-05-01 08:16, amarildojr wrote:
> I’d like to encrypt a folder (or more). Once the access to the folder
> is permitted then you can see all it’s contents. There was a program on
> Windows that encrypted folders/processes, every time you’d try to open
> that folder/process it said “You do NOT have access”, so in order to do
> that you needed to exit the blocking software.
With YaST you can create user accounts each with their own encrypted
homes, which I think are loop mounted, LUKS encrypted, filesystems on a
single partition.
If you are using a single user for two persons, then you need to do it
manually; either a separate encrypted partition, or a loop mounted file.
YaST can do both. But activating them is not automatic on trying to open
the “directories”.
Truecrypt is another method, but proprietary.
Of course, the typical way is just having an account per person.
Adjusting the permissions stops normal people from looking, but having
access to the computer and the root password means they can access the
files if they want.
–
Cheers / Saludos,
Carlos E. R.
(from 12.1 x86_64 “Asparagus” at Telcontar)
What is mine stays in my homedir, the kids have their own. And, since linux is multi-user, they all have a session open on my server workstation, which is in the living room. Which allows encryption on a human user level. The way it’s designed to be.
On Wed, 01 May 2013 03:26:02 +0000, amarildojr wrote:
> I login and let my daughter use the PC
Create a separate account for your daughter to use. That’s how this
should be handled.
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C
Actually I thought of a much simpler method: Make a hidden folder. She’s 9yo and I doubt that she will be ever able to find a simple hidden folder. She only uses this machine to play web-games on Linux and Steam games on Windows, so I guess I’m safe from her (or is she safe from me?). In the future I plan to create a separate partition since openSUSE is so good a keeping partitions away from non-root personnel.
Hidden folders may not be hidden very well depending on your file manager’s settings.
+1 for TrueCrypt. It is the simplest way to achieve what you want. Someone on this thread said it is proprietary, but that’s not quite true. It is free (as in beer) and you can obtain the source code, but some distributions and advocates of free software have expressed concern over its license in the past.
Well I’m trying to hide some folder just for the occasional users that are my wife and my daughter, they barely know how to open Chromium, much less how to unhide folders hehe.
Is RARE, VERY RARE, to find people who actually use Linux here in Brazil, I can assure that 99.999% of home computers run some kind of pirated Windows, mostly due to computer stores where they do this practice and because most people actually think that “If they’re doing than I’m OK since I know jack about computers, I mean, he’s not using pirated software, right?”.
Don’t underestimate the brain of a 9 year old rotfl!
Meet Marko, the 9-year-old systems engineer | Beyond Binary - CNET News
Dude! I have an 11 y/o niece who also is into games. Her father did what you proposed & she got into that folder anyway. She got banned from the PC for a month! What I’m really saying here are 2 things
It is possible that if she has an account she considers her own she’ll have no incentive check up on others. Also this being Linux as long as she’s not root she really can’t harm the PC.
Try truecrypt or realcrypt. It is easy to setup, and encrypts the contents. If she is bright enough to get into this, without brute forcing your password, let me know…I’ ll have a job offer 
I don’t let her use the PC so often, in this year she used it for about an hour or so (don’t ask me why, but things here in Brazil these days forced me to ban her to use cell phones and computers). Not to mention I install the system in English and the only one who speaks it is me. So for what I could think of, she’s not gonna be able to access some folders that I don’t want her to use 
Well I guess by your logic I shouldn’t underestimate a 400 pound “runner” because he could run 100 yards in 10sec? Hehehe just kidding.
I’ll try it out later on a virtual machine. I’ll also look out for some tutorial on how (if posssible) to encrypt drives that are not encrypted, this way if I ever need to encrypt a drive I could resize a partition and do that.
In the past I had the same problem, accessing with his own account is annoying for children, so my son access with my account, and I solved making a user account called “secret”, and assigning the folder to this account, assign to the folder permission as only the owner can read and write, and, to easily access for me, making a KDE service to open folders as secret, it wasn’t so difficult to make this service, I modified something found in the KDElook used to access to folder as root…, I cannot find in this moment, if I’ll find I’ll post it…
thnx, ciao, pier
On Wed, 01 May 2013 17:36:02 +0000, amarildojr wrote:
> Actually I thought of a much simpler method: Make a hidden folder. She’s
> 9yo and I doubt that she will be ever able to find a simple hidden
> folder.
Never underestimate the ingenuity of children.
Security by obscurity is no security at all.
A separate partition for your daughter’s home directory isn’t necessary
(indeed, nobody sets up a separate partition for each user - traditional
partition tables can’t handle enough entries for some systems).
A separate login would suffice - that uses the file permissions system
and helps ensure separation of content, restricted to each user. That’s
what it’s there for - there’s no need to go looking for an overly
complicated and convoluted solution.
Jim
–
Jim Henderson
openSUSE Forums Administrator
Forum Use Terms & Conditions at http://tinyurl.com/openSUSE-T-C