I want to restrict file access for various application programs. Application programs are of the office/home usage variety like viewers, editors, messengers, web browsers, CAD, integrated development environments, etc. Files mostly sit in users' home directories. Files can contain secret data like passwords and cryptographic keys. There are solutions specifically for passwords and cryptographic keys, but restricting access to less sensitive files wouldn't hurt too, so I would like to use a more general solution.

I see a lot of projects for restricting file access statically. This means that a system administrator writes a list of file permission for a program, and any process that executes this program has these permissions. A very important feature is missing in these projects. A user often grants access to a file temporarily, for example, when opening a media file in a media player or a text document in a text editor. In such cases, I say that they grant file access dynamically.

I take as an example the AppArmor project, although there are many others like it. AppArmor's documentation states that changing process permissions is not implemented and would be hard to implement. Also a user needs to select a file in the UI of a file permission manager (which is AppArmor) and select the same file in the UI of an application program that will use the file. This is not convenient. For several years, I try to use Unix users to this end, so I work under more than one user account. Moving information between user accounts is a drudgery. I often need to change file ownership and permissions, and I need to do this under the root account. I would like to use a project that not only allows to grant file access dynamically, but the procedure for this is convenient.

The only project that implements what I need is Plash. It looks like a powerful and convenient system in its documentation. However, I doubt that it will work with recent Linux kernels or application programs. The source code SVN repository is not accessible, the latest source code is from 2006, and many links on its web site are broken. Plash redefine the `glibc` library. I suppose it is possible to create a similar system with FUSE (Filesystem in Userspace).

I think this approach is just wrong. Common tasks should be executed using a common user id.
From the other hand linux itself is file based, so you can set access permissions on files, but you cannot configure which apps can access that file (so if one app can read it most probably others will be able to read it too).

From the other hand nowadays you can use dockerized environments, namespaces, or different services (using different accounts).

1 members found this post helpful.

What approach are you referring to? I didn't say that for a user working under several user accounts is the right approach. I just had no choice. Many Linux tools simply did not exist 10 years ago.

It's not just probable, it's definitely true. ☺

I considered them; they grant permissions statically. I hope that somebody here knows a tool I missed.

what do you think how should this tool be "authenticated"?

Short answer: Unix/Linux does not work this way. It was never intended to work this way.
Want you want to do is handled via the application allowing/disallowing access to the file(s)/Director{y,ies}.

Consider an accounting application. The entire application has access to all of the files, directories, databases, etc.
Internally, the accounting application has a user database with roles assigned. Everyone in the receivables department is a member of the group A/R. These users cannot access the General Ledger, but the APPLICATION MUST have access to the G/L.

Now, that being said, all of the accounting directories can have a group ownership of accounting, which prevents engineering from accessing that information.

The application itself would then grant/revoke access to the user based upon whatever criteria you want, whenever you want.