Ubuntu

Securing Folders with Passwords

Asked by Kevin P. Munn

I want to secure a folder, so that other users cannot see what's in it.
I HAVE to share a Workstation, I do not want to HAVE to share some files.
My personal sales leads, contacts, etc.
Can I do this?
How can I do this?
I have tried a few things that I know from MS, which do not (want to) work.
Any help will be appreciated.

Question information

Language:
English Edit question
Status:
Solved
For:
Ubuntu Edit question
Assignee:
No assignee Edit question
Solved by:
Mathias Uebelacker
Solved:
Last query:
Last reply:
Revision history for this message
Best Mathias Uebelacker (muebelacker) said : 		#1

Hello Kevin,

if you are the one which create these files then there is an easy way right click on the file ->properties ->permissions but these permission could be changed by an admin.

br
Mathias

Revision history for this message
Kevin P. Munn (able-kevin) said : 		#2

Thank you.
This is what I thought it would be.
I could always try to "Hide" the files, as well as Password them...

Kevin P. Munn

Revision history for this message
Eric Marceau (marceau504) said : 		#3

There are multiple ways to address this

[1] Built-in Default Linux Functionality

If you try to compare Windows with Linux(all flavours and Solaris/HPUX/AIX), privileges are assigned according to three levels, not individual users.

Privileges are based on
- owner
- group
- universe

The closest you can come to achieving limited group access is to create a group [limacc01] specifically for managing access to a given set of files. This group would NOT be the default group for any user. You then assign the users as members of this special group [(/etc/group) limacc_01:x:9876:user1,user2,user3] and identify all relevant files as owned by that special group. Then to access, the user's group associations determine which groupings he can or not access. If files need to be created and modified in a way that only that group can access them, the user first needs to do a "newgrp" command to switch the effective group that will be applied to all operations on that file grouping, then use the same command to return to his default group when the user is done.

[2] Encrypted File Systems

You can create a "monster file" as an encrypted file system that can be mounted or dismounted (limiting when it is mounted controls exposure). Encryption of the file system prevents improper access

[3] Using Firewall ACL For Protected Files

Nothing prevents an organization to set up a Firewall protected server within their intranet and force interaction as if all staff were "foreigners" with specifically granted controls. Each firewall application has its own implementation so I leave it to them to explain how it is done.

[4] Centralized Add-On Facilities

This is achieved by an overlay. One route follows the traditional implementations of customized OS for high-security access granting. While common, I truly hate that route, as exemplified by SE Linux.

The preferrable route is via a simple add-on that works with existing groups, but helps control specific activity privileges on a per user basis. This is what Trustifier does (www.googgun.com).

I leave it to you and others to decide which solution is more compact, easy to deploy and secure.

Have fun choosing!

Eric, 51
Mechanical Engineer