(More) Specifics:
- Undoing the protection should include filling in a password.
- The password should be different from the one used with
sudoor any other passwords that are used for acquiring elevated privileges.
All (possible) solutions and suggestions are welcome! Thanks in advance!
Edit: Perhaps additional specifications:
- With 'displace‘, I mean anything involving that resembles the result of
mv,cp(move, cut, copy) or whatsoever. The files should remain in their previously assigned locations/places and should not be able to ‘pop up’ anywhere. - I require for the files to be unreadable.
- I don’t care if it’s modifiable or not.
- I don’t require this for my whole system! Only for a specific set of files.
If you have these types of issues, just move to an immutable distro.
Who says I’m not already :P . Got any ideas on how this might be able to specifically solve the problem at hand?
What you describe in your post is a user who is not confident enough to manage their own machine with the CLI, and is afraid of misplacing files.
What you seem to not understand is that if you made the mv and cp commands require some sort of user interaction, nothing would ever work on the system, at least not in userspace if that’s the intent. No installer scripts, package managers, apps which use such commands…etc. Imagine implementing a rule like you describe, and then trying to copy/paste something in a GUI file manager, or organize music or photos.
So if you’re so afraid of moving something that needs not be moved, put some simple rules in place for yourself:
- Don’t fuck around with anything outside of your homedir
- Learn to reinstall system packages
Pretty simple. You also probably want to be on ZFS or BTRFS so you can undo your mistakes if you make them.
Isn’t literally ANY option here simpler than what you’re describing?
Thank you for your input! It has made me recognize that I should specify that I don’t want this to be system-wide; which was not clear from the post.
What you’re describe in your post is a user who is not confident enough to manage their own machine with the CLI, and is afraid of misplacing files.
I understand why I might have given off that impression. But no worries; I’m a (relatively) seasoned Linux user. I also have no qualms with CLI or whatsoever. It’s a specific set of files that I wish to ‘protect’.
It sounds like you’re actually more concerned about the data in the files not being able to ‘pop up’ elsewhere, rather than the files themselves. In thus case I’d suggest simply encrypting them, probably using gpg. That’ll let you set a password that is distinct from the one used for sudo or similar.
You should also be using full disk encryption to reduce the risk of a temporary file being exposed, or even overwritten sectors/pages being available to an attacker.
I’ve failed tremendously in making my demands come across :P .
Uhmm…, what you propose with gpg definitely solves one part of the puzzle.
But, if I understood correctly, it doesn’t help to prevent a disk clone from getting hold of the files.
Yes, the files are encrypted, but that’s not sufficient for my needs by itself. If the files would somehow destroy or corrupt themselves on a disk clone (or something to that effect), I would have acquired what I’m seeking.
Nothing can prevent a disk clone cloning the data, and there’s no way to make something happen when a disk is cloned as you’re not in control of the process.
If you wish to mask the existence of the files, use either full disk encryption, in which case cloning the disk doesn’t reveal the existence of the files without the decrypt password, or use a file based encrypted partition such as veracrypt in which case the cloner would just see a single encrypted blob rather than your file names.
Ultimately encrypting the files with gpg means they have already effectively ‘destroyed or corrupted’ themselves when cloned. If you don’t want to reveal the filenames, just call them something else.
If you could be a bit more specific about your threat model people may have better ideas to help.
If you could be a bit more specific about your threat model people may have better ideas to help.
Threat model is me protecting myself from myself.
Incoming XY problem.
I want to prevent myself from reinstalling my system. The trick I came up with involved the use of files that couldn’t be disk cloned. However, if it’s far far easier to accomplish it through other means, then please feel free to enlighten me on this.
What do you mean with “displace”?
I guess you can use ACLs depending on your filesystem, or SELinux user contexts.
You can read about SELinux here or ACLs here. SELinux can be pretty complex if you’ve never used it, so make sure you understand it well. I believe it should be able to do what you want to achieve.
I’m not sure I’m fully understanding. Are you wanting files which can be read but never copied?
Scratch that, i missed a line. So simply files stored but not user readable.
