Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
How can i close access to /home/user/folder1 for all exept* . (here i set folder's owner as root)
*access allow for (rw) :
1. /home/user/some_prog(root root rwx--x--x)
2.root-у
3./home/user/folder1 must be mounted automaticly after suse start.
and the most interesting: what i must do for deny access to my HDD if someone will connect it to his computer and login as root?
I'm not really sure if I understand you, but I'll try.
Quote:
How can i close access to /home/user/folder1 for all exept* . (here i set folder's owner as root)
*access allow for (rw) :
That's probably
Code:
# chmod 0600 /home/user/folder1
And make sure that the folder belongs to the user you want to have access to it.
1.-2. Sorry, I don't really understand.
3. Mounting on startup is done by /etc/fstab
try
Code:
$ man fstab
although I don't understand why you should mount a folder.
The remote login thing is probably done by some ssh config file but I'm not really sure about that. And what do you mean by denying access to the hard drive? Is that some other hard drive on that computer or do you want to deny any logins at all?
I'm sorry, I'm probably not really helpful but it would help if you would try to give more details about what exactly are you trying to do.
hi FarmukanX... in order to provide you with a complete answer to your question, it is vital that we fully understand it first... this isn't happening yet, please clarify your permissions question... are you asking how to make a root-owned program/folder inside a user's home folder??
Quote:
Originally Posted by FarmukanX
and the most interesting: what i must do for deny access to my HDD if someone will connect it to his computer and login as root?
well, they don't really need to be root in order to get access to the data on your drive, they just need to be able to mount it... you can't deny access to the data on the drive, what you can do is encrypt the data, so that it is useless to the person who steals/copies your drive...
i need that some "user" run /home/user/some_prog which have rw permissions to /home/user/folder1, but i want to hide entry of /home/user/folder1 from "user" and another condition: "user" can connect my HD to its own PC to view it, i can not control it.
my solution:
1.set root permission to /home/user/folder1 {root root rwx------} (user can't read it).
2.set permissions for /home/user/some_prog as {root root rwx--x--x} (so user can run it)
3.But if user connect my HD to its own PC he can view it. so i think i must encrypt my folder or filesystem. after that user can't view it.
Can i do somethig to automatically decrypt on boot my folder or filesystem with condition: "nobody except me know password"?
Maybe i shall allow this to /home/user/some_prog and it will decrypt /home/user/folder1 before using?
If your security concerns include the possibility of someone physically taking your hard drive and hooking it up to his own computer, then you absolutely need encryption. An encrypted file system is your best option.
I don't know how to configure this stuff manually, but the Debian 4.0 installer has an option to put the entire OS on an encrypted file system. This is the perfect option for people with sensitive data on a laptop (laptops are at the highest risk of physical theft).
what do you think about this aproach: I can run commands from a C program just as if they were from the UNIX command.
I can make virtual partition, encrypt it and save my folder on it. I can compile C program which will decrypt it and hide executable file somewhere in /usr/bin/ or somewhere alse. And start it in some script on boot. He can find it not so quickly.
I think you should just use an encrypted file system. Why use such a complex system which still leaves an uncrypted copy out there somewhere?
What exactly is the thing you're attempting to secure? You want to secure the data in "folder1", but still provide the user some limited indirect access to the data via a particular program, right?
You'll need to encrypt both "folder1" AND the program. Otherwise, the user can modify the program (by installing the hard drive in his own computer), and leave himself a backdoor the next time you enter the encryption password.
In fact, you'll need to encrypt the ENTIRE operating system. Otherwise, the user can install a keyboard sniffer (by installing the hard drive in his own computer) to get the password the next time you enter the encryption password.
Really, the only comprehensive solution is to encrypt the entire operating system.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.