Is there a way to password protect a directory in UNIX? Something like:

~$ cd dir
~$ Password:
Stephane Rolland
  • 449
  • 2
  • 7
  • 14
  • 163
  • 1
  • 3
  • 5
    Thought experiment: Who is printing that `Password:` prompt in your example? – EFraim Feb 23 '11 at 16:59
  • You can change permissions using chmod (coming from a Linux background assuming this is true in other *nix systems) you can change permissions on a file/folder and control which user/users have access to the folder then the user needs to use "su" to switch to the appropriate user before making modifications to the directory (or reading if that's restricted as well). Google chmod generally it should be like sudo chmod a-rxw dir, chmod o+rwx dir, that is remove all permissions for read execute and write from dir then add permissions for good expl. here http://catcode.com/teachmod/ –  Feb 23 '11 at 17:02
  • ^ if that comment answers the question post it as an answer and mark it otherwise please restate your question that you're looking for a command line program for adding password authentication mechanism to the shell or something along those lines, + on my comment would be nice if it helps. –  Feb 23 '11 at 17:04

5 Answers5


The Unix way of doing it is through the existing permissions, make that directory, and its contents owned by a specific owner and/or group and require everyone to su to that owner or be part of that group to access the contents by removing read and write privileges from everyone but that user and/or group, su will prompt for the password.


In theory you could do something along the lines of storing the directory content in an encrypted file and letting fuse provider decrypt it into a filesystem - but first presenting the user with a dialog. (and presumably blocking the system calls to that filesystem until the user enters passphrase)

Dirty, but it could work.

  • 121
  • 2
  • I think FUSE could manage to track users separately (so one user unlocking it wouldn't let everyone else in), but it's the prompt that's the killer, thanks to console, ssh, X, cron and whatever other ways to run a program that might access that dir. If you did this you'd have to also write an "unlockdir" program for the user to run which would talk to fuse and give the password. Of course all of this assumes that only local access is done, it wouldn't work at all for remote users (or worst case the kernel NFS server might bypass FUSE restrictions and let anyone remotely read the directory). – DerfK Feb 23 '11 at 23:20

Yes, it is possible. The solutions are those:

  • change the shell (update bash to do that)
  • use LD_PRELOAD and create a library that replaces cwd() and ask for a password (pam...) if the working directory is the forbidden one and the process has STDIN, STDOUT connected to a tty. After you are happy with the results add the library into /etc/ld.so.preload
Mircea Vutcovici
  • 16,706
  • 4
  • 52
  • 80

You could do some crazy thing like write your own 'cd' program which would authenticate the user and then use access control lists to change the directory perms to give them permission to the directory in question (and I guess recursively everything under it) and then call normal 'cd' to go into it. It would also have to somehow timeout and revert the perms or somehow determine that they had logged out. Definitely an ordeal.

  • 159
  • 2

First of all, there's no UNIX anymore effectively. Only UNIX-like. The likeness between them is too broad to be able to give you exact answer to the question in question.

Things that can be mentioned as related to what you're asking are:

  • 9,171
  • 2
  • 24
  • 50