Fedora Linux Support Community & Resources Center
  #1  
Old 17th February 2006, 10:38 PM
anom7 Offline
Registered User
 
Join Date: Feb 2006
Posts: 5
Is there any program to deny a folder acces with a password?

I want to block only one folder (and sub-folders an files) acces with a password in the same account. For example, I enter my account and I want to open the "Credit Card" folder, but the program open a windows and say to put a password. And only let me in if I put the correct password. Its like compressing more files and need a password to decompress it, but I dont want to compress/decompress every time to acces to the folder. With this, if anyone can access physically to my pc, only would open the "Credit Card" folder if knows the correct password.

Is there any program like this? Its a very simple program, but i dont find it, only i find complicated encryptors...

Thanks

Last edited by anom7; 17th February 2006 at 10:41 PM.
Reply With Quote
  #2  
Old 17th February 2006, 10:44 PM
RedFedora Offline
Registered User
 
Join Date: May 2004
Posts: 503
You could just put a good password on your account and lock your screen
when you're away from the computer.

I don't know of any programs which would allow you to password protect
a single folder without encryption.
__________________
Registered Linux User # 373325
Reply With Quote
  #3  
Old 17th February 2006, 10:52 PM
anom7 Offline
Registered User
 
Join Date: Feb 2006
Posts: 5
Quote:
Originally Posted by RedFedora
You could just put a good password on your account and lock your screen
when you're away from the computer.
There is a problem with the net, and one user (A) can acces to another user (B) only by doing this:
-user A login with his root pc account
-in root, do su B
And now, here is with my account withour password needed.
There are 30 or more pcs, and in everyone you can acces to every acount by doing this. This is the problem and for this I want this program.

Quote:
Originally Posted by RedFedora
I don't know of any programs which would allow you to password protect
a single folder without encryption.
Well, if can do what i want and encrypt.. no problem. I only want that need a password but dont need to compress/decompress all the times.

Thanks for the answer : )

Last edited by anom7; 17th February 2006 at 10:56 PM.
Reply With Quote
  #4  
Old 18th February 2006, 11:29 AM
markkuk Offline
Registered User
 
Join Date: Apr 2005
Location: Finland
Posts: 5,075
Quote:
Originally Posted by anom7
There is a problem with the net, and one user (A) can acces to another user (B) only by doing this:
-user A login with his root pc account
-in root, do su B
The solution is that user "A" shouldn't be given root access. Root can bypass any pasword protection or other security measure.
Quote:
Originally Posted by anom7
There are 30 or more pcs, and in everyone you can acces to every acount by doing this.
You mean everybody has root access?
Your system has absolutely no security at all, don't even think of storing any sensitive information on anything connected to those machines.
Reply With Quote
  #5  
Old 18th February 2006, 02:19 PM
gavinw6662 Offline
Registered User
 
Join Date: Feb 2005
Age: 35
Posts: 1,281
your best bet would be to encrypt the folder. I think that can be done with GPG.....maybe, maybe not. I am not to familiar with encryption. But that is your best bet. If it is encrypted, then you should be the only one with the password.
__________________
I read your e-mail
Reply With Quote
  #6  
Old 18th February 2006, 03:07 PM
Zigzagcom Offline
Registered User
 
Join Date: Feb 2005
Location: CALIFORNIA, yeah
Age: 87
Posts: 1,657
What about access control lists.
__________________
Ziggy
Reply With Quote
  #7  
Old 18th February 2006, 03:13 PM
anom7 Offline
Registered User
 
Join Date: Feb 2006
Posts: 5
Quote:
Originally Posted by gavinw6662
your best bet would be to encrypt the folder. I think that can be done with GPG.....maybe, maybe not. I am not to familiar with encryption. But that is your best bet. If it is encrypted, then you should be the only one with the password.
That you trying to tell me doesn't works because doing that i won't access in other computer (i don't have pendrive or anything else).

Yes, I know, but the security sucks and y cannot do nothing to it. I only want a "locker-password-folder", nothing more. Like WinRar compression password but without the compression/de-compression.

Thanks
Reply With Quote
  #8  
Old 19th February 2006, 11:18 AM
anom7 Offline
Registered User
 
Join Date: Feb 2006
Posts: 5
Quote:
Originally Posted by Zigzagcom
What about access control lists.
What is this? But if the other people that acces to my folder can be my user, this is an option to do? I think the only option is password protected, because dont care about root, superroot or else.
Reply With Quote
  #9  
Old 19th February 2006, 08:50 PM
u-noneinc-s Offline
Registered User
 
Join Date: Jul 2005
Location: Wine Country, California
Posts: 2,850
Access control list...acl...http://acl.bestbits.at/
Reply With Quote
  #10  
Old 19th February 2006, 09:12 PM
Zigzagcom Offline
Registered User
 
Join Date: Feb 2005
Location: CALIFORNIA, yeah
Age: 87
Posts: 1,657
As markkuk said, if the root account passwords are known by all users, there is no seperation of priviledges. So by having a seperate password on a folder, root would still have access to some database file that stores that password.... there is no security in that regard, even with Access control lists.
So anom7, you really shouldn't be storing you personal info like credit card info on any of those machines. Even if each machine had their own seperate root user and password, the issue of others having physical access to the machines compromises that scheme, as root passwords could be easily reset.
__________________
Ziggy
Reply With Quote
  #11  
Old 20th February 2006, 08:20 PM
anom7 Offline
Registered User
 
Join Date: Feb 2006
Posts: 5
Quote:
Originally Posted by Zigzagcom
So by having a seperate password on a folder, root would still have access to some database file that stores that password....
Yes, its possible, but there is problem about it. The people that can acces to my user account dont know anything about how to see the password. There are basic users, the only problem is that there are a great problem with the net. If you know how to have a separate pasword on a folder, say it, please.

Quote:
Originally Posted by Zigzagcom
So anom7, you really shouldn't be storing you personal info like credit card info on any of those machines. Even if each machine had their own seperate root user and password, the issue of others having physical access to the machines compromises that scheme, as root passwords could be easily reset.
Ok, thanks, i'll take care about this.
Reply With Quote
  #12  
Old 9th March 2006, 03:42 AM
Zigzagcom Offline
Registered User
 
Join Date: Feb 2005
Location: CALIFORNIA, yeah
Age: 87
Posts: 1,657
password protecting a file the easy way....

Well, it's time to visit an old thread again. This has been bugging me for some time, that there was no easy way to password protect a file, apart from logging on as a user, but then root still can read all files. I am not sure if this works, regardless of root having access to the entire filesystem, but here is a suggestion...and you could always learn how to use stronger encryption, but this is simple.

First of all you want to check if you have GnuPG installed, which should be the case...
Code:
[zigzag@server ~]$ rpm -qa gnupg
gnupg-1.4.2.1-3
Next, enter the gpg command while in your home directory...this will create the hidden .gnupg directory and some files under your home directory, and will ask you to type some text. For the time being, ignore that, and just "Ctrl C" out of the interactive mode:
Code:
[zigzag@server ~]$ gpg
gpg: directory `/home/zigzag/.gnupg' created
gpg: new configuration file `/home/zigzag/.gnupg/gpg.conf' created
gpg: WARNING: options in `/home/zigzag/.gnupg/gpg.conf' are not yet active during this run
gpg: keyring `/home/zigzag/.gnupg/secring.gpg' created
gpg: keyring `/home/zigzag/.gnupg/pubring.gpg' created
gpg: Go ahead and type your message ...Ctrl C out of here

gpg: Interrupt caught ... exiting

[zigzag@server ~]$
Lets assume we have a file with some private information. We'll put that file in ~/private....(you'll have to create the "private" directory), and place private.txt in it, so we have the path ~/private/private.txt. Cd to private, and listing the file contents
with ls -l, we see private.txt.
Now it is a simple matter of running "gpg -c private.txt", which will ask for a password/passphrase twice. You now have two files in ~/private, first the original and secondly the passphrase protected file. If you then remove or delete the original, voila, you are in business. To simply decrypt the private.txt.gpg file, run "gpg private.txt.gpg", and the decrypted file will appear in your directory after you supplied the password/passphrase you used to encrypt it. Just remember to delete it again, after you have gotten the info you need. And don't forget your password!

Code:
[zigzag@server ~]$ cd private
[zigzag@server private]$ ls -l
total 8
-rw-rw-r--  1 zigzag zigzag 16 Mar  8 19:17 private.txt
[zigzag@server private]$ gpg -c private.txt
Repeat passphrase:

[zigzag@server private]$ ls -l
total 16
-rw-rw-r--  1 zigzag zigzag 16 Mar  8 19:17 private.txt
-rw-rw-r--  1 zigzag zigzag 61 Mar  8 19:19 private.txt.gpg
[zigzag@server private]$ rm private.txt
[zigzag@server private]$ ls -l
total 8
-rw-rw-r--  1 zigzag zigzag 61 Mar  8 19:19 private.txt.gpg
[zigzag@server private]$ gpg private.txt.gpg
gpg: CAST5 encrypted data
Enter passphrase:
gpg: encrypted with 1 passphrase
gpg: WARNING: message was not integrity protected
[zigzag@server private]$ ls -l
total 16
-rw-rw-r--  1 zigzag zigzag 16 Mar  8 19:21 private.txt
-rw-rw-r--  1 zigzag zigzag 61 Mar  8 19:19 private.txt.gpg
I've tried it on a directory, but gpg complained. If you "tar" the directory first, it should work for it as well.
Below is a link to a bit of info on the subject...,.


http://lists.gnupg.org/pipermail/gnu...er/023255.html
__________________
Ziggy

Last edited by Zigzagcom; 9th March 2006 at 03:45 AM.
Reply With Quote
  #13  
Old 9th March 2006, 03:47 AM
bytesniper Offline
Registered User
 
Join Date: May 2005
Location: Abq, NM
Age: 37
Posts: 1,158
why dont you try a loopback encrypted filesystem? it may not be *exactly* what your looking for but it works extremely well and its very secure... and with just a few lines of bash it is setup and removed very easliy.

http://www.faqs.org/docs/Linux-HOWTO...tem-HOWTO.html

hth,
joseph
__________________
I am root. If you see me laughing you better have a backup.
Reply With Quote
  #14  
Old 9th March 2006, 03:56 AM
Zigzagcom Offline
Registered User
 
Join Date: Feb 2005
Location: CALIFORNIA, yeah
Age: 87
Posts: 1,657
That is not "simple", LOL. Source, compile...what's that. Anyway, I thought some folks might like this method.
__________________
Ziggy
Reply With Quote
  #15  
Old 9th March 2006, 06:50 AM
bytesniper Offline
Registered User
 
Join Date: May 2005
Location: Abq, NM
Age: 37
Posts: 1,158
oh.. just read through those directions. everything you need is already compiled into the kernel in fedora. all you need to do is, as root, type modprobe cryptoloop and then start at step 13 (which leaves 5 steps, 2 of which you'll have to remember, and none of them if you throw together a quick script to do it for you). i threw together the following which should work for just about anyone once the filesystem has been setup using steps 13-17 above:
Code:
#!/bin/bash
#
#mount and unmount encrypted loopback filesystem
#i have specified ecryption using serpent
#usage: emount [up|down] [path to encypted fs] [path to mountpoint] [loopback device to use (1-7)]
#

cmdcheck() {
		if [ $? == 1 ]; then 
			echo "     ERROR!"
			else echo "     OK!"

		fi
}

setup() {
        echo -e "associating encrypted filesystem $encfs to loop device $loopdev"
        /sbin/losetup -e serpent $loopdev $encfs; cmdcheck
        echo -e "mounting the $loopdev to mountpoint $mountpt"
        /bin/mount $loopdev $mountpt; cmdcheck

}
remove() {
        echo "umounting $loopdev from $mountpt..."
        /bin/umount $mountpt; cmdcheck
        echo "disassocating the loopback device $loopdev from the encrypted filesystem"
        /sbin/losetup -d $loopdev; cmdcheck
}
usage() { 
	echo -e "emount: a small simple utility to setup and remove existing ecrypted filesystems\n\n\
	USAGE: emount [up|down] [enc fs] [mount point] [loopback dev]\n\n\
	up|down: bring the interface 'up' or 'down'.\n\n\
	encfs: the excypted filesystem you would like to mount.\n\
	mount point: where you would like the filesystem mounted\n\
	loopback dev: the loopback device you want to use, just the number, 0 through 7\n\
	NOTE: only option that is required to be specified at run time is the action. all other options\n\
	can be statically set the sctipt so they do not have to be specified everytime.\n"
	exit 0
}

#checking to make sure there is at least one command line option, otherwise display usage
if [ $# == 0 -o $1 == "help" ]; then usage
fi

#check to make sure user is root
if [ $USER != root ]; then echo "you have to run this as root. buh-bye" && exit 0; fi

#make sure that any command line or static set options pass the 'make sense' test
if [ $2 ]; then encfs=$2
	else encfs=/encrypted_fs; fi   #change this value to hard set and avoid having to enter everytime

if [ $3 ]; then mountpt=$3
	else mountpt=/mountpoint; fi   #change this value to hard set

if [ $4 ]; then 
	if [ $4 -gt 7 -o $4 -lt 0 ]; then
		echo "Invalid loop device numberic specification (use 0 though 7)" && exit 0
	fi
	loopdev=/dev/loop$4
	else loopdev=/dev/loop0	   #change this value to hard set 
fi

#info check to make sure were not trying to mount to or from something that doesnt exist
if [ -f $encfs ]; then echo "found encrypted file..."
	else echo "specified encrypted file not found. exiting" && exit 0; fi

if [ -d $mountpt ]; then echo "found mount directory..."
	else echo "mount directory not found. exiting" && exit 0; fi

#uh oh.. hammer time....
case "$1" in 
	up)	
		setup
		;;
	down)
		remove
		;;
	*)
		usage
		;;
esac

#eof
joseph
__________________
I am root. If you see me laughing you better have a backup.

Last edited by bytesniper; 9th March 2006 at 06:53 AM.
Reply With Quote
Reply

Tags
acces, deny, folder, password, program

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
file/folder Properties: date created missing & access means expose in open folder Nick Levinson Using Fedora 4 17th February 2009 12:07 AM
RedHat & FTP: How to deny access to specific folder for multiusers revolvr Servers & Networking 1 30th November 2007 01:34 AM
program asking root password disdro Using Fedora 1 10th March 2007 11:41 AM
password on folder iamroot Linux Chat 2 27th November 2006 04:32 AM
VSFTPD - directly loggon to the folder without prompting for a password xyleo Servers & Networking 5 7th April 2006 03:01 AM


Current GMT-time: 22:50 (Monday, 20-10-2014)

TopSubscribe to XML RSS for all Threads in all ForumsFedoraForumDotOrg Archive
logo

All trademarks, and forum posts in this site are property of their respective owner(s).
FedoraForum.org is privately owned and is not directly sponsored by the Fedora Project or Red Hat, Inc.

Privacy Policy | Term of Use | Posting Guidelines | Archive | Contact Us | Founding Members

Powered by vBulletin® Copyright ©2000 - 2012, vBulletin Solutions, Inc.

FedoraForum is Powered by RedHat
Baturite Photos - Ahaus Instagram Photos - Moinesti Instagram Photos