UNIX for Dummies Questions & Answers

is there a way to "lock" an entire directory to where it currently resides for securtiy purposes? only certain users can access these data, however i want to prevent the possibility of transferring/duplicating the data to where other unauthorized users can access it. Any one who knows a good solution for this? Thanks a lot!

I doubt if you could do that. Any user that can read a file can also copy it to some other location. For that matter, the user can even run 'cat' on a file, copy and paste the information in a txt file on his/her desktop, send the file out via mail.

It basically works out to only allowing trusted users to access sensitive data, and then trusting those users to not leak that data to anyone else.

blowtorch, the data are not textual in nature.
thanks for the comment. i thought this is going to be tough.
anyone has other comments please?

This is general guidence, brain-storming.


1-Information are not text (images?).
2-Block the directory for only certain users.
3-Prevent users who have access to this data, from moving this data somewhere else.

step 1& 2 are possible, step 3 is impossible just like blowtorch said. You have to do hardware restrictions, network security control, namely VLAN and access-lists, plus-like blowtorch discribed- social engineering

but for step 1 & 2 (P.S. this is basic UNIX knowledge, deep apologies if you know it already)

1st;make a new user group, say it's name is 'secureGrp'

[root@localhost /root]#groupadd secureGrp
[root@localhost /root]#vim /etc/groups

your group should appear in the bottom, something like

secureGrp::x:500:

2nd; add users to this group after the last colon, seperated by commas (in Linux & BSD)

secureGrp::x:500:OwnerOfSecureDir,secureUser1,secureUser2,secureUser3

save file and exit

3rd; change the directory permissions (say that it is in /home/secureDir/) to : owner=OwnerOfSecureDir, group=secureGrp, owner can read&write, group can read, others none.

[root@localhost /root]#chmod -R 640 /home/secureDir
[root@localhost /root]#chown -R OwnerOfSecureDir /home/SecureDir

the -R is for recursive of everything in the directory

(risking blame for posting a tutorial )

hi sadistic_anger, thank you for the detailed post. I didnt have any problem setting the user and group permission for the data, and what I did was exactly what you described.

> You have to do hardware restrictions, network security control, namely VLAN and access-lists, plus-like blowtorch discribed- social engineering

ok another department takes care of this--

thanks a lot!!!