This is something we had discussed back in school.
Goes roughly like this,
- Create a directory (named
data
, for reference here)
- change permissions as "
chmod 711 data
"
- group and others have only
x
-- access to enter the directory
- they cannot list the directory
- Now, create a directory
difficult-name-here
(this could be a hashed-string)
- change permissions as "
chmod a+rx difficult-name-here
"
- contents of this directory are secure while the outer directory cannot be listed
- people who know the "difficult name" can jump into this second directory
- "
cd path/to/data/difficult-name-here
"
- others cannot see the name and cannot access directory contents
- However, the
root
can always access everything (which is not a problem here)
- share the
difficult-name-here
with the people you want to give this data
- Keep shared files in this second directory
Quite crude, but if this can be broken without the unix access control breakage, I'd like to know.
Update on comment from dmckee
,
This is exactly the conclusion we reached!
"security by obscurity" has limited safety.
Having said that, when designing protection for data,
it is important to identify its value.
You should target for,
- A Cost of breaking-the-security that is higher than,
- The Cost of secured content,
- By a factor proportional to your paranoia
In this case, if the root
decides to enumerate the directory tree somewhere
in public access,
your secret is out! But, are you protecting from the root or their potential irresponsibility?
If that is the case, you have a lot more to worry about then shared files.
Update about not-working note in the question.
I've used this in early days of linux to know that it works.
If you get 'cannot access non-existant file
' instead of 'permissions denied
' you have very likely made a mistake in the sequence. What you want should look like this,
755 711 755 whatever --=== Access permissions
BasePath/CoverDir/Obscure/protectedFile.txt
| | ^^^^^^^^^^^^^^^^^ Can't be seen without
| ^^^^^^^ Directory Name read access to
^^^^^ Public shared with friend. Obscure directory.
accessible
directory.
- If you set '
CoverDir
' access as 'rwx--x--x
',
group and others can only enter the directory but cannot read its contents.
- Now, if you use an obscure directory name,
'Obscure
', inside it and give full read access with 'rwxr-xr-x
',
anyone knowning this name can list its contents.
- This access will have to be done from outside with a '
ls BasePath/CoverDir/Obscure
'
Because people in your group and others will not be able to 'ls BasePath/CoverDir
'.
1It would be useful if you gave a one-liner on how these answers pose a problem for you -- would give a better problem definition for forming other options. – nik – 2010-11-19T01:57:56.517
nik: Added error profiles. – None – 2010-11-24T02:32:18.523