How can I prevent a user from seeing a file in a directory listing?

[nuspieds]

Hi,

I have, for example, a folder called "MyFolder" and it contains 3 files: MyFile1, MyFile2, MyFile3. The only file that I do NOT want a particular user/group to even see that it exists is, for exmple, MyFile2.

So, when they do a directory listing on MyFolder, they should only see MyFile1 and MyFile3. How can this be done in Linux? The important thing is that it is not just preventing them from "executing" MyFile2, but to prevent them from even knowing that it exists by not including it in a directory listing.

This is a simpified example using one file, but in reality, I have lots of files and some of those that I want to block are also subfolders.

It is very important for me to hide the existence of certain files/folders when the user does a directory listing. It's also important that the files stay in their current folder (that is, I can't use a workaround which requires moving all the files into a separate folder and then securing that folder).

Please let me know if this is possible and if so, how.

Thanks!

[Irithori]

Well, you could divide the files by groups and set the "world" rights to ---.
This way, only one group has read/write/execute rights.
But the files would still show in the directory listing.

Your request goes into the direction "security by obscurity", which doesnt work. Ever

On mere technical grounds, you could implement something like UnionFsFuse - Radek Podgorny
But beware, that this comes
- with a performance penalty
- possibly high maintenance (This is most probably the part, that will eventually break it in the long run )

[nuspieds]

I'm very much a Linux newbie, by the way, and the Linux I'm accessing in on my QNAP NAS.

I've already tried that different groups approach and, as you stated, the file still shows up in the directory listing.

My objective is for the file(s) NOT to show up in the directory listing at all.

[Irithori]

Under these circumstances: Not possible

[natehall]

Make a new file with mkdir that is going to hold the file you want secret. Then use chown so that you are the owner. If you want it REALLY secret use chmod -r 000 . Be careful with a file access of 000 however: only a superuser can touch it!

[nuspieds]

Make a new file with mkdir that is going to hold the file you want secret. Then use chown so that you are the owner. If you want it REALLY secret use chmod -r 000 . Be careful with a file access of 000 however: only a superuser can touch it!

So I make a new sub-directory within "MyFolder", call it "MySubFolder" for example, then chown the subfolder to me, move MyFile2 into that subfolder, then chmod -r 000 on the subfolder. And doing that chmod will specically cause the MySubFolder not be displayed in the directory listing of MyFolder?

My objective is for the restricted user to be able to get a directory listing of MyFolder but not see MyFile2 or the subfolder in which it is contained. Are you saying the above will achieve that?

Thanks!

[natehall]

Try it. I know that once I make a directory with that restricted address the terminal has always told me I don't have permission when I try to list the contents. I hope you have superuser access on the machine you are trying this on though. I'd hate to see you forever hide a file away!

[natehall]

Remember the stuff you want hidden has to be at least one folder deep. It will show the restricted folders stuff but no further.

[nuspieds]

Unfortunately, the fact that the "restricted" folder will still get listed when MyFolder gets listed does not achieve my objective.

Yes, the files in it will not get displayed, but I also don't want the folder to get displayed. The reason: I don't want someone to see the folder, try to access, and then say, "What's that folder?"

Even if they don't try to access, I don't want them to see that subfolder even exists.

As I stated in my original post, the end result I want to see in my example is MyFile1 and MyFile3. Seeing a "dummy" folder which will either appear to be "empty" or they can't access is not what I'm looking for in a solution.

Someone else on another forum told me try using "hidden" files (i.e., using the dot as the first character). That could work, but I do not have access to my hardware right now to test.

Thanks!

[Irithori]

No, it won´t.

The dotfiles are typically used for configuration files or files, that one doesn´t actively need on a daily basis.

To hide them is just a way to shorten a directory listing, so that you are more focused on "important" files.

The dotfiles do not offer the secrecy you are looking for.
A simple ls -la will reveal them.


Usually I would recommend to
- create multiple directories and associate users/groups to each
- or (already worse) divide by groups as outlined above
- or use a overlay filesystem (which can easily be a maintenance nightmare and also you do not have this kind of control over your NAS box)

--> hence, given your requirements, it is not possible.