hello

i want to learn how to protect some files so that others,even root,
cannot open or modify the files like source codes etc. is that possible
on unix ?

thank you in advance.

ph wrote:

> i want to learn how to protect some files so that others,even root,
> cannot open or modify the files like source codes etc. is that possible
> on unix ?

Not as such. But many systems implement access control lists, which
might .

ph wrote:
> hello
>
> i want to learn how to protect some files so that others,even root,
> cannot open or modify the files like source codes etc. is that possible
> on unix ?
>
> thank you in advance.
>

Some systems support "extended attributes", i.e. beyond just rwx.
For these, "immutable" may be an attribute that can be applied
to the files and directory they are in. If set, root can't
modify the file. Of course, root can probably reset the attribute.

Can they be stored on a NFS server where a remote root has no
special privilege?

In article <qfGdneaD8449KHDZnZ2dnUVZ_tmdnZ2d@comcast.com>,
Jon LaBadie <jxlabadie@axcxmx.org> wrote:

> ph wrote:
> > hello
> >
> > i want to learn how to protect some files so that others,even root,
> > cannot open or modify the files like source codes etc. is that possible
> > on unix ?
> >
> > thank you in advance.
> >
>
> Some systems support "extended attributes", i.e. beyond just rwx.
> For these, "immutable" may be an attribute that can be applied
> to the files and directory they are in. If set, root can't
> modify the file. Of course, root can probably reset the attribute.
>
> Can they be stored on a NFS server where a remote root has no
> special privilege?

Unix runs with the assumption that root has total access to everything
in the filesystem. Once someone has root on a system, they have that
access. The only way to protect against this is to either

1) store the file on the system encrypted with one of the various
encryption programs (research for that is left to the reader)

2) don't store it on the system except when you're using it (e.g. buy a
thumb drive)

--
DeeDee, don't press that button! DeeDee! NO! Dee...

"ph" <pilhun@gmail.com> writes:

> i want to learn how to protect some files so that others,even root,
> cannot open or modify the files like source codes etc. is that possible
> on unix ?


not really - unless you use rm(1) and even that isn't safe.
What use is a file that can't be read by anyone including root?
Don't have them on the computer if you don't want root to read it.




--
Sending unsolicited commercial e-mail to this account incurs a fee of
$500 per message, and acknowledges the legality of this contract.

I believe, the only way to protect the files from reading,
is to encrypt them, and to protect from tampering,
is to checksum (digitally sign) them.

Checksums must be kept on a physically secure media, like on
a USB stick that you carry with you. USB stick may as well be
encrypted and protected with a passphrase.

Some unices offer encrypted filesystems that can be mounted
only after submitting the passphrase-protected private key.
Theft or illegal copy of such media or even the whole machine
gives the thieves no access to the data.
However, once and as long as mounted, the data can be
read/modified by anyone who has relevant local or remote access
to the machine.

You may want to crosspost to security newsgroups
to get some more detailed answers.

Regards,
Andrei