(More) Specifics:
- Undoing the protection should include filling in a password.
- The password should be different from the one used with
sudo
or any other passwords that are used for acquiring elevated privileges.
All (possible) solutions and suggestions are welcome! Thanks in advance!
Edit: Perhaps additional specifications:
- With 'displace‘, I mean anything involving that resembles the result of
mv
,cp
(move, cut, copy) or whatsoever. The files should remain in their previously assigned locations/places and should not be able to ‘pop up’ anywhere. - I require for the files to be unreadable.
- I don’t care if it’s modifiable or not.
- I don’t require this for my whole system! Only for a specific set of files.
Looks like a USB stick.
I’m not sure I’m fully understanding. Are you wanting files which can be read but never copied?
Scratch that, i missed a line. So simply files stored but not user readable.
I guess you can use ACLs depending on your filesystem, or SELinux user contexts.
Seems interesting. Got any sources to read up on? Thanks in advance!
You can read about SELinux here or ACLs here. SELinux can be pretty complex if you’ve never used it, so make sure you understand it well. I believe it should be able to do what you want to achieve.
If you have these types of issues, just move to an immutable distro.
Who says I’m not already :P . Got any ideas on how this might be able to specifically solve the problem at hand?
What you’re describe in your post is a user who is not confident enough to manage their own machine with the CLI, and is afraid of misplacing files.
What you seem to not understand is that if you made the mv and cp commands require some sort of user interaction, nothing would ever work on the system, at least not in userspace if that’s the intent. No installer scripts, package managers, apps which use such commands…etc. Imagine implementing a rule like you describe, and then trying to copy/paste something in a GUI file manager, or organize music or photos.
So if you’re so afraid of moving something that needs not be moved, put some simple rules in place for yourself:
- Don’t fuck around with anything outside of your homedir
- Learn to reinstall system packages
Pretty simple. You also probably want to be on ZFS or BTRFS so you can undo your mistakes if you make them.
Isn’t literally ANY option here simpler than what you’re describing?
Thank you for your input! It has made me recognize that I should specify that I don’t want this to be system-wide; which was not clear from the post.
What you’re describe in your post is a user who is not confident enough to manage their own machine with the CLI, and is afraid of misplacing files.
I understand why I might have given off that impression. But no worries; I’m a (relatively) seasoned Linux user. I also have no qualms with CLI or whatsoever. It’s a specific set of files that I wish to ‘protect’.
You’re aware of file permissions, right?
So if you’re concerned about a specific set of files that you don’t want moved, AND they’re in a normal userspace location…
The thing with file permissions is that I or root are able to change that. I am looking for a method (if it exists) that somehow bypasses that.
Yeah, but you’d need to sudo in order to affect the files. So that’s a simpler way of doing what you’re suggesting.
I’ll straight up pose the question I asked someone else:
It seems I wasn’t clear as most people misunderstood me.
But, to give a very precise example; say
- I had a folder called
~/some/folder
. - It was on an encrypted drive.
- And I had done additional work to encrypt the folder again.
- And say, I used
chattr
,chmod
orchown
or similar utilities that remove access as long as one doesn’t have elevated privileges. - And say, I had done whatever (additional thing) mentioned in your comment.
Then, what prevents whosoever, to copy that file through cloning the complete disk?
Even if they’re not able to get past the password, it will be found on the cloned disk. SO, basically, I ask for some method that prevents the file to even be copied through a disk clone. I don’t care that it has three passwords protecting it. What I want is for the disk clone (or whatever sophisticated copy/mv/cut or whatsoever utility exists) to somehow fail while trying to attempt the action on the protected files.
- I had a folder called