Password protect files and folders in Linux
Security sometimes equates to sanity. You have to keep sensitive information from prying eyes for various reasons. You might have a folder that needs to be given access only to certain people and it lives within a public folder. Or you have a folder on your desktop machine that you want to ensure no one but yourself can see. For whatever reason, there is a need for password protection of folders.
In this article I am going to show you more than one way to do this: Using permissions, using zip, and using encryption. Hopefully, in the end, you will have a method that suits your needs and your abilities.
The tools
Most likely you already have all of the tools you need installed. There could be a slight chance that gpg is not installed. To find out issue the command which gpg. This command should return the version of gpg you have installed. You should also know (as if you don't already know) that these tasks will all be completed from the command line. So open up your favorite terminal and get ready to type.
Permissions
Since we're talking about Linux, keeping other users from seeing your files/folders is actually quite simple. All you need to do is make sure the read permissions for other and group are not set. So let's say you create a folder in your home directory called ~/TEST. By default the permissions on that folder will be:
drwxr-xr-x
This means that anyone in your group and all others can read and execute from within that directory. Let's remove those permissions. To do so issue the command:
chmod -R go-rx TEST
Now the only user that can read, write, or execute from within your TEST directory is you. There is one problem with that - the root user will still have access to that folder. Or anyone with your user password for that matter. So let's take this one step further.
Zip
You may not have known this, but you can encrypt a zipped file. Let's say you don't want any user on the system seeing the contents of that particular folder. To do that with the zip command is easy. The only issue with this is the folder will now be in zipped form and the only way for you to view the contents is to unzip it. That's simple to do as well. But let's zip and encrypt using the same folder ~/TEST. To zip and encrypt this folder you would issue the command:
zip -e -r TEST TEST
You will be prompted for a password for the encryption. The above command would complete with an encrypted TEST.zip file and leave the TEST folder behind. You would then want to delete that folder so no one could see the contents. To unzip that same folder issue the command:
unzip TEST
You will then be prompted for the same password you gave for the encryption. Once you successfully enter the password the file will be unzipped.
Nautilus
There is a very simple way to encrypt files from within the Nautilus file manager. To do this you will need to install the following:
- seahorse
- seahorse-plugins
Seahorse is an encryption front-end for the GNOME desktop. More than likely seahorse is already installed, but seahorse is not. To install seahorse-plugins open up your Add/Remove Software tool, search for "seahorse" (no quotes), mark both for installation (if seahorse is already installed only mark seahorse-plugins), and click Apply to install.
Once this is install you will need to log out and log back in to apply the changes to Nautilus. After you have logged back in open up Nautilus and right click on a file or folder. You should now see, in the action menu, an entry for Encryption. You can either encrypt a single file or folder. You will, of course, have to already have created your gpg key in order to do this. But don't worry, you can create your gpg key from within Seahorse. Upon encrypting a file or folder, the only people that can  see the contents of that file or folder will be those with your encryption key.
Final thoughts
There are so many ways to protect your files/folders in Linux. Some of the above methods are much more secure than others, but each method will get you to where you want to be - safe.
The Electronic Frontier Foundation has issued guidance for getting your mobile device across the border safely and protecting the data on it should it get seized.
https://www.eff.org/sites/default/files/EFF-border-search_2.pdf
Great read, thanks for posting Ilev.
Yes, I was just about to post that. They specifically address the hidden volume. To fill its purpose, you need to lie to law enforcement/homeland security, which is in of itself a crime. Of course once you get to court you can try to plead the fifth, but you may be forced to reveal its existence and the password in the same vein as the non-hidden volume anyway.
The best solution to someone asking for your password isn’t to plead the fifth, but to simply say you forgot it. This is of course also perjury, but nobody can look inside your head to prove it, so unless you told your cellmate about your cunning master plan, you’re good to go.
Or unless you write on a blog about it ;)
Rodalpho, isn’t a Truecrypt hidden volume 100% unidentifiable anyways? I don’t know, maybe an extreme expert would “recognize” certain patterns even if it’s hidden.
Once inside your outer volume, assuming they coerced you enough to get into it, would the US Gov’t have the right to manipulate / alter / delete files as a bargaining technique? I would think it unlawful “officially”, but a little imagination brings up some issues.
Ahh but I am pure as the driven snow! (Except for posting on a blog during work.)
… and except for being Bernie Maddoff’s tax advisor!
I used to be a regular visitor to the United States. About every second year. But I stopped going 7 years ago, largely because of border hassles like this. The Canadians now get my money. I know I’m not alone in this.
I was travelling to the USA once or twice a year but I also a few years ago. Not going to go there again until the craze has disappeared… might be a while!
Just a legal clarification: You are not required to provide your password as this is covered under the 5th Amendment against self incrimination. But should the authorities be made aware that there are files located in certain “areas” than you must provide the authorities with an unencrypted version of those files. As the authorities have a “right” to access the files once they know where it is. I would just say “I’m not aware of any”, and claim my tech guy handles everything, I don’t know tech.
I also travel around with the following file: “a little boy and his priest.avs”. Should anyone seize and opens said file, their computers FRY :)
But this TrueCrypt matryoshka concept is intriguing. Gotta try it out.
DanTe, how can I obtain said file that makes computers fry? How does it work?
Do like I do: troll the usenet for “free software” and see which one promptly got pass your virus scan and kills your stand alone PC. I do this about once a year to get the latest in killer software. Use something like the free SBNews Android or Newsbin Pro and just massively download. I generally look for the small (below 5mB) files that purports to be celebrity sex movies.
This is a really good app. I tested it out by partitioning a hard drive that I planned to use for data. Then I encrypted that partition with True Crypt. I noticed that the partition was visible when I opened up Computer to view all my drives. So I went into Disk Management and removed the drive letter from the partition which made it invisible. True Crypt also has a portable app version so no need to install it on the PC. This makes it hard for even a tech saavy person to get into your guarded files. (unless they know your password, lol)
Of course if you are accused of doing something illegal and are forced to give up your PC to the government forensic labs none of the above will help. Just get a lawyer and see what info/passwords you have to give up :-)
“Of course if you are accused of doing something illegal and are forced to give up your PC to the government forensic labs none of the above will help.”
Not to be rude but you don’t know what you’re talking about. :/
Not to be rude … , but you don’t know what you’re talking about. Have you tried the various TrueCrypt encryption modes? And no, Da Gov’ment don’t have no magic pixie dust that allows them to crack everything.
I also have another question — this article is about the gov’t agents seizing laptops. What’s the issue on DESKtops? Also can be seized, or a different story?
They can also be seized, no difference.