Scratch that, i missed a line. So simply files stored but not user readable.
But also not being able to be copied; even through a disk clone.
poki
joined 6 months ago
Someone without the password but with permission to modify the file will be capable of corrupting it (which would prevent you from accessing every protected file), but unless they somehow got access to the password they wouldn’t be able to view or modify the protected files.
Is it possible to force a corruption if a disk clone is attempted?
I've failed tremendously in making my demands come across :P .
Uhmm..., what you propose with gpg definitely solves one part of the puzzle.
But, if I understood correctly, it doesn't help to prevent a disk clone from getting hold of the files.
Yes, the files are encrypted, but that's not sufficient for my needs by itself. If the files would somehow destroy or corrupt themselves on a disk clone (or something to that effect), I would have acquired what I'm seeking.
I already use FDE. However, unless I'm wrong, FDE does not protect disk clone from occurring. Therefore, if one has access to the password, then also they have access to all my files; including the ones I specifically want to protect. Am I wrong?
So, I'll make it simple for ya, you don't need to understand why; however, I seek for some method that prevents files from being copied through disk cloning. Them files being encrypted or whatsoever doesn't do a thing if the password is known. Unless you propose a method by which the password used to decrypt/unlock the disk on device X doesn't work when it's cloned to another disk. If, somehow, one has to rely on another password to decrypt the disk on device Y, then that might make it work out.
This seems interesting. However, if I'm correct. What you suggest is not capable (by itself) to prevent said files to be copied through a disk clone. Am I right? Even if they're otherwise encrypted or inaccessible, then still they will come through the disk clone. Did I understood you correctly?
It seems I wasn't clear as most people misunderstood me.
But, to give a very precise example; say
- I had a folder called
~/some/folder. - It was on an encrypted drive.
- And I had done additional work to encrypt the folder again.
- And say, I used
chattr,chmodorchownor similar utilities that remove access as long as one doesn't have elevated privileges. - And say, I had done whatever (additional thing) mentioned in your comment.
Then, what prevents whosoever, to copy that file through cloning the complete disk?
Even if they're not able to get past the password, it will be found on the cloned disk. SO, basically, I ask for some method that prevents the file to even be copied through a disk clone. I don't care that it has three passwords protecting it. What I want is for the disk clone (or whatever sophisticated copy/mv/cut or whatsoever utility exists) to somehow fail while trying to attempt the action on the protected files.
Thank you for your input! It has made me recognize that I should specify that I don't want this to be system-wide; which was not clear from the post.
What you’re describe in your post is a user who is not confident enough to manage their own machine with the CLI, and is afraid of misplacing files.
I understand why I might have given off that impression. But no worries; I'm a (relatively) seasoned Linux user. I also have no qualms with CLI or whatsoever. It's a specific set of files that I wish to 'protect'.
Seems interesting. Got any sources to read up on? Thanks in advance!
Who says I'm not already :P . Got any ideas on how this might be able to specifically solve the problem at hand?
Like do you want it to be unreadable, or unmodified, or just not deleted?
I don't necessariy care for any of those. They are 'bonuses' if you will. Though...:
- Unreadable will be required for preventing recreating the file elsewhere.
- Unmodifiable is not necessarily required. Maybe I would like to 'append' something to an existing file. But I'm fine either way. It should not be possible to delete some of the original data though.
- Not deleted is a must as well.
'Move'; this includes copying, cutting or what have you. It should remain in the assigned directory/location. I'll include this remark. Thank you!
The thing with file permissions is that I or root are able to change that. I am looking for a method (if it exists) that somehow bypasses that.