File permissions to restrict access (like Windows XP encryption)

[artella]

Hi,

Is it possible to set the permissions (or use some utility) which :

1)Only allows files to only be accessed by a given user
2)which cannot be "overrided" by root
3)which does not require a password in order to access the files

Something like Windows XP encryption.

Thanks

[hazel]

Hi,

Is it possible to set the permissions (or use some utility) which :

1)Only allows files to only be accessed by a given user
2)which cannot be "overrided" by root
3)which does not require a password in order to access the files

Something like Windows XP encryption.

Thanks

You could try the acl facility. man acl will give you a synopsis.

[artella]

Hi, thanks. So if you then moved the file to another computer would it still be viewable? I was looking for something like Windows XP certificates, which would not allow the file to be viewed on another computer without the relevant certificate.

[atreyu]

Then encrypt the file with gpg. It is likely already installed on your system ("which gpg").

With GPG, you can encrypt your file symmetrically (using a password to protect it), or asymmetrically (using public/private key pairs).

The former way, just do:

Code:

 gpg -o myfile.gpg -c myfile.txt

You will be prompted to enter a passphrase to protect the file. The new file "myfile.gpg" is created.

To decrypt it:

Code:

gpg -o myfile.txt -d myfile.gpg

You will be prompted to enter the passphrase to decrypt the file.

To use asymmetrical encryption, you'll need to generate keys first, then share your public key with some trusted peer (who will import this into their keyring). Then you can encrypt and sign your file and only someone with your public key can decrypt it.

[Siddly]

You could try the acl facility. man acl will give you a synopsis.

Also have a look at "man setfacl" and "man getfacl".

[Mudgen]

Also have a look at "man setfacl" and "man getfacl".

Which will tell you that root as well as owner can change ACLs. Atreyu's encryption suggestion is probably the only way to hide from root. You can also do an encrypted filesystem mountable in user space, with the user being the only one with the key.

[anotherzeb]

I hear that eCryptfs can encrypt files as they are written and decrypt them as they are read, using your logon password to store your encryption password. I haven't used it, but it sounds useful

[Djhg2000]

I don't think there are any permissions which can actually replace encryption.

Have a look at encrypted home folders, I think most major distros have a way of doing it (the solution posted by anotherzeb sounds interesting as well).