[ Date Index ] [ Thread Index ] [ <= Previous by date / thread ] [ Next by date / thread => ]
On Mon, 14 Dec 2015 09:44:45 +0000 (GMT) Gordon Henderson <gordon+lug@xxxxxxxxxx> wrote: > Easier to just re-write the OS, as essentially what you want isn't > supported by Linux, nor any other *nix type OS, really. There are > ACLs (access control lists), but these are just a superset of the > existing protections and don't have any sort of password control. > (and they're a bugger to admin too) > > And nothing you impose at the user or even OS level will stop someone > removing the disk and opening it in another PC that doesn't have the > "protection" you're after. > > So back to the question of: > > What do you actually want to achieve? > > In a traditional *nix multi-user enviroment, you have 3 levels of > file/directory protection - owner, group and everyone. At each level > you can speficy read, write or execute (which for directories means > 'search' or the abiltiy to run the 'ls' command) This has worked well > for decades in small, medium and large (e.g. university) environments > to allow people to have private files, share them in a group, or > share with everyone. > > But at the end of the day, without whole disk (or partition) > encryption, anyone with physcial access has access to all the data > anyway. > > I think you're making life hard for yourself. If you have data you > don't want people to see then keep it on a portable USB connected > encrypted storage device and unplug it and take it with you all the > time. > > Or calculate the value of your data vs. the time and energy you're > spending to "protect" it. > > Gordon > > OK, so what I was looking for doesn't exist. Fine, there are other ways. A different approach needed. Thanks to all for the help and information. Still learning, even after 16 years with Linux, Neil -- The Mailing List for the Devon & Cornwall LUG http://mailman.dclug.org.uk/listinfo/list FAQ: http://www.dcglug.org.uk/listfaq