Password-protecting files. New ubuntu feature?

Wade Smart wade at wadesmart.com
Sat Nov 12 18:44:45 UTC 2005 

11122005 1241 GMT-5

Thanks for that Lee.

Im not sure to what length they require. I just know the school is about 
to spend a LOT of money on new licenses and that that is not the only 
answer. This is just my guess but Im thinking they want some type of 
file security on each computer incase they (office staff) walk off and a 
student sits at the desk. They might surf online and look at something 
but things such as pre-made forms and what-not will not be accessible to 
them. Im just guessing. I dont have control of their IT setup but - I 
know it stinks. I am pushing strong for a change though.

Again, thanks.

wade

Lee Braiden wrote:

>On Saturday 12 November 2005 16:43, Wade Smart wrote:
>  
>
>>I know this sounds odd, but, Im working on getting the local school to
>>see the benefit of using linux over windows. I have been asked to set up
>>something to present to the administration. That's all great but they
>>have some things they want me to be able to do - one of those is to
>>password protect a certain folder or file.
>>
>>I just recently asked about permissions and ownership and that was very
>>helpful - and I received lots of links to great information. However, if
>>you just want to password protect one single folder inside say your home
>>directory - how can you do that?
>>    
>>
>
>gnupg2 will do this for you.  It uses very strong encryption -- much better 
>than the likes of MS Windows doc passwords, or zip file passwords.
>
>If you want to protect an entire folder, you should look into encrypted 
>filesystems.  You can mount that filesystem in a folder, and it will ask you 
>for a password as you try to mount it.  This is actually how the Windows XP 
>encrypted folders work too, I think, only it's more secure under Linux (if 
>you do it properly, of course).
>
>How you make this and how you mount it will depend on who should have access 
>to it.  If you want users to have their own folders which they access 
>themselves, then you should probably create a file containing an encrypted 
>filesystem in their home folder (possibly hidden with a . as the start of its 
>name, so they don't have to look at this underlying storage file).
>
>Another option -- simpler, but not as secure -- is to use an archive which is 
>simple encrypted with gnupg2.  To use it, they could run a script or click an 
>icon that extracts the files to a folder after prompting for a password, and 
>then have that folder recompressed and encrypted by another icon attached to 
>a script, or when they log off, by running the same script automatically.
>
>  
>
>>Would you just create a new owner and then use a script similar to the
>>one on the UbuntuGuide for Open As Root - you would just create Open as
>>Bob?
>>    
>>
>
>You could do that, yes.  You would need to ensure that home folders are not 
>world-readable -- debian, at least, prompts you on installation, asking if 
>you want this security option or not.  Ubuntu very possibly has the same 
>option.  Hopefully someone will know which debconf package you'll need to 
>configure for that.  If you're doing it this way, I'd suggest having the 
>script that becomes a different user running your normal desktop file manager 
>for that folder.  You could also log in as that user properly, and set the 
>color scheme of your desktop to use reddish buttons and backgrounds.  That 
>way, when users run the file manager from their own account, they would see 
>the other user's red buttons in just that folder, and they'd see visibly that 
>the folder is special.  It would also help to make it obvious why some things 
>are not working, if in fact, something do not work.  I suspect there wouldn't 
>be any major problems with this, though.  Two things to bear in mind with 
>this approach, however:
>
>1) it's NOT encryption, just password protection.  But actually, if you want 
>to get really cool, you could also look up how to encrypt a user's home 
>directory, and combine these two methods.  That way, you'd get an encrypted 
>space to store stuff, that also showed in a notably different (ie, red) 
>window.
>
>2) it's NOT per-user encryption, unless you make as many such accounts as you 
>need, and give each user access to a unique secondary account.  So you might 
>have a user's home directory, "joe", and another home directory, "joe_crypto" 
>or something like that.
>
>Actually, this would be a great feature if an admin tool for linux or 
>specifically Ubuntu could install such accounts and set them up for chosen 
>users easily.  If you could choose to share an encrypted account for many 
>users, or based on their group membership, it'd be even better :)
>
>  
>

More information about the ubuntu-users mailing list