How to encrypt my password file?

dth4h · #1 2nd December 2011, 01:57 AM

I put this command in a script to connect to a Windows share:

Code:

sudo mount -t cifs //$router.$number/users /mnt/dtelite/ -o credentials=/home/Daniel/.dhid/sambacreds

The bold part tells it where the file is that has my password and other details in it. But the file is just plain text, so anyone who opens the text file can see my password.
So I looked up how to encrypt a file and I found this command:

Code:

gpg -c FILE

But that original command I posted cannot read the encrypted file so it asks me for the password.
Is there some other way to encrypt my password so the command can still read it or is it something that can't be done?

***Gareth Jones*** · #2 2nd December 2011, 03:23 PM

Your file permissions should be enough to protect you from other users on the computer, unless they're root of course.

If you just want the password encrypted on disk, but don't mind it being unencrypted in the virtual filesystem, you could look at ecryptfs. Ecryptfs mounts on top of a real directory, and encrypts any files written to that directory, transparently decrypting them when they're read. Of course, you have to ensure that the ecryptfs was mounted before the CIFS share.

You could unmount the ecryptfs again after mounting the CIFS if you want, but by this stage you'd probably have to script the process, and if you do that you might as well stick to GPG.

Gareth

dth4h · #3 3rd December 2011, 04:42 AM

Quote:

Originally Posted by Gareth Jones

Your file permissions should be enough to protect you from other users on the computer, unless they're root of course.

If you just want the password encrypted on disk, but don't mind it being unencrypted in the virtual filesystem, you could look at ecryptfs. Ecryptfs mounts on top of a real directory, and encrypts any files written to that directory, transparently decrypting them when they're read. Of course, you have to ensure that the ecryptfs was mounted before the CIFS share.

You could unmount the ecryptfs again after mounting the CIFS if you want, but by this stage you'd probably have to script the process, and if you do that you might as well stick to GPG.

Gareth

Thanks Gereth,
I have changed my file permissions. It's nice to know about ecryptfs in case I need it in the future.

Just curious, if someone used sudo, can they still see the file?

***Gareth Jones*** · #4 3rd December 2011, 05:37 PM

Quote:

Originally Posted by dth4h

Just curious, if someone used sudo, can they still see the file?

Yes, su or sudo would give them the root privileges that would let them read any file on the system.

Gareth

PabloTwo · #5 3rd December 2011, 05:44 PM

Quote:

Originally Posted by Gareth Jones

Yes, su or sudo would give them the root privileges that would let them read any file on the system.

Well, not if that user was not setup in the sudoers file to have root privileges and was never given the password for root or the password for user dth4h they wouldn't.

dth4h · #6 4th December 2011, 04:12 AM

Quote:

Originally Posted by Gareth Jones

Yes, su or sudo would give them the root privileges that would let them read any file on the system.

Gareth

Ok well I guess I will just have to figure out how to set up the sudoers file so that they can only do certain things with it, instead of having full root access. Thanks again Gareth.