Password-protecting files. New ubuntu feature?

Sat Nov 12 17:53:07 UTC 2005

On Saturday 12 November 2005 16:43, Wade Smart wrote:
> I know this sounds odd, but, Im working on getting the local school to
> see the benefit of using linux over windows. I have been asked to set up
> something to present to the administration. That's all great but they
> have some things they want me to be able to do - one of those is to
> password protect a certain folder or file.
>
> I just recently asked about permissions and ownership and that was very
> helpful - and I received lots of links to great information. However, if
> you just want to password protect one single folder inside say your home
> directory - how can you do that?

gnupg2 will do this for you.  It uses very strong encryption -- much better 
than the likes of MS Windows doc passwords, or zip file passwords.

If you want to protect an entire folder, you should look into encrypted 
filesystems.  You can mount that filesystem in a folder, and it will ask you 
for a password as you try to mount it.  This is actually how the Windows XP 
encrypted folders work too, I think, only it's more secure under Linux (if 
you do it properly, of course).

How you make this and how you mount it will depend on who should have access 
to it.  If you want users to have their own folders which they access 
themselves, then you should probably create a file containing an encrypted 
filesystem in their home folder (possibly hidden with a . as the start of its 
name, so they don't have to look at this underlying storage file).

Another option -- simpler, but not as secure -- is to use an archive which is 
simple encrypted with gnupg2.  To use it, they could run a script or click an 
icon that extracts the files to a folder after prompting for a password, and 
then have that folder recompressed and encrypted by another icon attached to 
a script, or when they log off, by running the same script automatically.

> Would you just create a new owner and then use a script similar to the
> one on the UbuntuGuide for Open As Root - you would just create Open as
> Bob?

You could do that, yes.  You would need to ensure that home folders are not 
world-readable -- debian, at least, prompts you on installation, asking if 
you want this security option or not.  Ubuntu very possibly has the same 
option.  Hopefully someone will know which debconf package you'll need to 
configure for that.  If you're doing it this way, I'd suggest having the 
script that becomes a different user running your normal desktop file manager 
for that folder.  You could also log in as that user properly, and set the 
color scheme of your desktop to use reddish buttons and backgrounds.  That 
way, when users run the file manager from their own account, they would see 
the other user's red buttons in just that folder, and they'd see visibly that 
the folder is special.  It would also help to make it obvious why some things 
are not working, if in fact, something do not work.  I suspect there wouldn't 
be any major problems with this, though.  Two things to bear in mind with 
this approach, however:

1) it's NOT encryption, just password protection.  But actually, if you want 
to get really cool, you could also look up how to encrypt a user's home 
directory, and combine these two methods.  That way, you'd get an encrypted 
space to store stuff, that also showed in a notably different (ie, red) 
window.

2) it's NOT per-user encryption, unless you make as many such accounts as you 
need, and give each user access to a unique secondary account.  So you might 
have a user's home directory, "joe", and another home directory, "joe_crypto" 
or something like that.

Actually, this would be a great feature if an admin tool for linux or 
specifically Ubuntu could install such accounts and set them up for chosen 
users easily.  If you could choose to share an encrypted account for many 
users, or based on their group membership, it'd be even better :)

-- 
Lee Braiden
http://www.DigitalUnleashed.com