In Linux (like most other Unix), file permissions under DAC (Discretionary Access Control, ie rwx combination on user,group and world/others) are usually enough to protect files at a high level. And since Folders are nothing but special files, it applies to them aswell.
That said, sometimes (especially when using the GUI on a desktop), it is desirable to have a mechanism where users simply cant open a folder because they had read permissions on it (even if you yourself are the owner of the files in that folder). This can be handy when dealing with sensitive data.
The catch though is that you cant actually password protect a folder unless you zip it. If you dont zip it, it can still be protected with the DAC permissions).
Now, back to the password protection -- there are two ways to do this -- via GUI or via CLI (command line interface).
By GUI, its simple: right click on the folder you want protected, choose 'encrypt', choose password ' 'protect' and provide a secret password. This will create a zip file of the folder with its underlying directories and files in the current directory. You would then go on to delete the folder you zipped (because now you have a copy of it in the zip file).
By CLI, a little more extra hoops but the same result as shown below:
~# mkdir -p /home/mrinal/secdir <----- you want to password protect this folder called secdir
~# cd /home/mrinal/secdir
secdir# touch a b c d e <----- create afew files in secdir
secdir# echo hello world > a <----- populate the files with some words here 'hello world'
secdir# echo hello world > b
secdir# echo hello world > c
secdir# echo hello world > d
secdir# echo hello world > e
secdir]# cd .. <----- go one folder up
mrinal# zip -e -r secret /home/mrinal/secdir/ <----- zip encrypt recursively the secdir dir/folder
Enter password:
Verify password:
adding: home/mrinal/secdir/ (stored 0%)
adding: home/mrinal/secdir/d (stored 0%)
adding: home/mrinal/secdir/c (stored 0%)
adding: home/mrinal/secdir/b (stored 0%)
adding: home/mrinal/secdir/e (stored 0%)
adding: home/mrinal/secdir/a (stored 0%)
mrinal# ls -l
total 8
drwxr-xr-x. 2 root root 4096 Apr 3 13:51 secdir
-rw-r--r--. 1 root root 1228 Apr 3 13:58 secret.zip
mrinal# rm -rf secdir <----- remove the dir as you have a protected copy in the zip [Relax, its safe!]
Now you can access the file via GUI or the CLI, either way you would be prompted for a password.
When you provide the right password, it unzips the folder and puts it back for you to view.
For instance on CLI:
mrinal# unzip secret.zip
Archive: secret.zip
creating: home/mrinal/secdir/
[secret.zip] home/mrinal/secdir/d password:
extracting: home/mrinal/secdir/d
extracting: home/mrinal/secdir/c
extracting: home/mrinal/secdir/b
extracting: home/mrinal/secdir/e
extracting: home/mrinal/secdir/a
mrinal#
Hope this helps.
That said, sometimes (especially when using the GUI on a desktop), it is desirable to have a mechanism where users simply cant open a folder because they had read permissions on it (even if you yourself are the owner of the files in that folder). This can be handy when dealing with sensitive data.
The catch though is that you cant actually password protect a folder unless you zip it. If you dont zip it, it can still be protected with the DAC permissions).
Now, back to the password protection -- there are two ways to do this -- via GUI or via CLI (command line interface).
By GUI, its simple: right click on the folder you want protected, choose 'encrypt', choose password ' 'protect' and provide a secret password. This will create a zip file of the folder with its underlying directories and files in the current directory. You would then go on to delete the folder you zipped (because now you have a copy of it in the zip file).
By CLI, a little more extra hoops but the same result as shown below:
~# mkdir -p /home/mrinal/secdir <----- you want to password protect this folder called secdir
~# cd /home/mrinal/secdir
secdir# touch a b c d e <----- create afew files in secdir
secdir# echo hello world > a <----- populate the files with some words here 'hello world'
secdir# echo hello world > b
secdir# echo hello world > c
secdir# echo hello world > d
secdir# echo hello world > e
secdir]# cd .. <----- go one folder up
mrinal# zip -e -r secret /home/mrinal/secdir/ <----- zip encrypt recursively the secdir dir/folder
Enter password:
Verify password:
adding: home/mrinal/secdir/ (stored 0%)
adding: home/mrinal/secdir/d (stored 0%)
adding: home/mrinal/secdir/c (stored 0%)
adding: home/mrinal/secdir/b (stored 0%)
adding: home/mrinal/secdir/e (stored 0%)
adding: home/mrinal/secdir/a (stored 0%)
mrinal# ls -l
total 8
drwxr-xr-x. 2 root root 4096 Apr 3 13:51 secdir
-rw-r--r--. 1 root root 1228 Apr 3 13:58 secret.zip
mrinal# rm -rf secdir <----- remove the dir as you have a protected copy in the zip [Relax, its safe!]
Now you can access the file via GUI or the CLI, either way you would be prompted for a password.
When you provide the right password, it unzips the folder and puts it back for you to view.
For instance on CLI:
mrinal# unzip secret.zip
Archive: secret.zip
creating: home/mrinal/secdir/
[secret.zip] home/mrinal/secdir/d password:
extracting: home/mrinal/secdir/d
extracting: home/mrinal/secdir/c
extracting: home/mrinal/secdir/b
extracting: home/mrinal/secdir/e
extracting: home/mrinal/secdir/a
mrinal#
Hope this helps.
No comments:
Post a Comment