sullivan@csn.org (Steve Sullivan) (06/04/91)
Is there a way to encrypt a directory, so that it and all files & dirs below it are completely inaccessable to anyone? This would be much preferred to encrypting all files in a large tree. Any helpful info much appreciated ... Steve Sullivan sullivan@csn.org
zfgo01@hgo7.hou.amoco.com (F. G. Oakes) (06/04/91)
might be a bit kludgy, but what comes to mind is to archive it ( the directory) into a file, encrypt the file, and remove the directory and its files.
gwyn@smoke.brl.mil (Doug Gwyn) (06/04/91)
In article <zfgo01.675994043@hgo7> zfgo01@hgo7.hou.amoco.com (F. G. Oakes) writes: >might be a bit kludgy, but what comes to mind is to archive it ( the directory) >into a file, encrypt the file, and remove the directory and its files. That's not at all kludgy; it's a reasonable solution for a silly problem..
Dan_Jacobson@ATT.COM (06/04/91)
>>>>> On 3 Jun 91 18:12:39 GMT, sullivan@csn.org (Steve Sullivan) said:
Steve> Is there a way to encrypt a directory, so that it
Steve> and all files & dirs below it are completely
Steve> inaccessable to anyone? This would be much preferred
Steve> to encrypting all files in a large tree.
Maybe encrypt a tar(1) or cpio(1) archive of the directory.martin@adpplz.UUCP (Martin Golding) (06/07/91)
>>>>>> On 3 Jun 91 18:12:39 GMT, sullivan@csn.org (Steve Sullivan) said: >Steve> Is there a way to encrypt a directory, so that it >Steve> and all files & dirs below it are completely >Steve> inaccessable to anyone? This would be much preferred >Steve> to encrypting all files in a large tree. In <1991Jun4.161017.2561@cbfsb.att.com> Dan_Jacobson@ATT.COM writes: >Maybe encrypt a tar(1) or cpio(1) archive of the directory. ?? If you mean to encrypt the directory and all the stuff under it, isn`t that "encrypting all the files in a large tree"? It shouldn't be any faster to encrypt, and much slower to reload and decrypt when the data is needed. The answer to the original question is no, absolutely not. The fact that the directory names are encrypted doesn't prohibit people from reading the files (if you converted "source" to "asdkjfhjjii", somebody does an ls and gets asdkjfhjjii, and then does cat asdkjfhjjii). If you can't protect the files sufficiently with the unix protections, you can't protect the directory as a pathway. That said, I have seen 1) making a directory execute only (you can open a file _only_ if you know the name) and 2) naming the subdirectories very strange names, and changing them occasionally. In the example above, the "ls" wouldn't work (no read priveleges) and the wierd name would be unknown to all but the select few, or to specified programs. The purpose is to allow access to the lower data only to certain (in this case database) programs. This method only works to _allow_ access to the data. If you are trying to _prevent_ access, and you are not confident of the unix protections, nothing but encrypting the data will help. Martin Golding | sync, sync, sync, sank ... sunk: Dod #0236 | He who steals my code steals trash. A poor old decrepit Pick programmer. Sympathize at: {mcspdx,pdxgate}!adpplz!martin or martin@adpplz.uucp