Need to protect a file

kriz4321 · #1 July 11th, 2008, 03:17 PM

Hi all,

In my server we login with a common userid/passwd. There is a file created with this Id and everyone has acess to modify the contents. We need to restrict this in such a way that when a person tries change certain this in the file he should be restricted in doing it.

Basically It should ask for a passwd before saving the file so only few within the same group will have control to do so...

Note: We cannot use root passwd. We cannot change the perm of file as every user logins with the same user/passwd they can also change the perm...

kriz4321 · #2 July 11th, 2008, 03:24 PM

Forgot to mention the OS it is linux file. The filename extension also should not be changed.....

Thanks in Advance..

Nepomuk · #3 July 11th, 2008, 03:41 PM

Well, the idea behind the Linux (and Unix) user system is, that everybody should have their own account. With that, you should be able to protect any files of your own from anyone else via

Expand|Select|Wrap|Line Numbers

chmod 700 my_file

for no access by others, if others should be able to execute it:

Expand|Select|Wrap|Line Numbers

chmod 711 my_file

and if they should be able to execute and read, but not write to it:

Expand|Select|Wrap|Line Numbers

chmod 755 my_file

If that is not an option, we'll have to think of something else. You could of course hide the file by just renaming it

Expand|Select|Wrap|Line Numbers

mv my_file .my_file

but anyone who knows it's there or has a look at hidden files will see it.

Next thought that comes to mind is file encryption. I've never used single file encryption before, but there should be plenty of tutorials on the web. It would allow only that person, who knows the code, to change it (while knowing, what he/she's doing). I guess it could still be deleted, but at least no one could just change it without you noticing.

Can't think of any better method right now.

Greetings,
Nepomuk

Laharl · #4 July 11th, 2008, 04:12 PM

I would recommend creating a group, myfile_editors or some such, and change the owner of the file (via chown) to that group. Then add everyone that needs edit access to the group and set the permissions with chmod, possibly to 744 (owner does anything, anybody else can read it and not execute, 755 gives execution rights as well).

This does require you to create actual user accounts. There is probably a way to password-protect the file, but I don't know how, I'm afraid, other than some sort of shell script...

AIProgrammer · #5 July 12th, 2008, 03:56 PM

Hi,
I would like to provide a further suggestion. It MAY work for your case. You may change the 'sticky-bit' of the file, the same way you change your file permission.(chmod or through some file-manager). In this way, it gets locked in the SWAP SPACE, and files residing there cannot be changed. This should THEORITICALLY provide some speddup in access-latency as well, but on modern computers, it hardly matters. You may chage the sticky-bit every time you want to allow some users, and lock it back when you want it protected.

Try it, it may solve the preoblem!

Bye.

What is Bytes?

Popular Articles