Greetings

I was curious if there was a way to make a totally private directory. I
have a few friends who have sudo access on my box and if I recall that
means they can go ANYWHERE on the system correct?

Is there a way to grant sudo access to a user but exclude 1 specific
directory? Can I somehow change the permissions to say only let this
person in if they didn't use sudo to get root? I have sensitive stuff in
this directory but can't seem to find a way to totally close it off to
only me strictly.

Any ideas?

Scott Eberl wrote:

> I was curious if there was a way to make a totally private directory. I
> have a few friends who have sudo access on my box and if I recall that
> means they can go ANYWHERE on the system correct?

"sudo" can be configured to allow users to use certain commands as other
users. If it is configured to allow these other users to use ALL commands
as "root", then yes, they can go anywhere.

> Is there a way to grant sudo access to a user but exclude 1 specific
> directory? Can I somehow change the permissions to say only let this
> person in if they didn't use sudo to get root?

If these users have full root access, there is no way, as far as I know.
Consider keeping your sensitive data on removable media, rather than the
hard drive. Another possibility would be to encrypt the data using a
password protected encryption key. You could set up encryption using "gpg"
and its relations.

Jeffrey

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In alt.os.linux.slackware, Scott Eberl dared to utter,
> I was curious if there was a way to make a totally private directory. I
> have a few friends who have sudo access on my box and if I recall that
> means they can go ANYWHERE on the system correct?

If you only occasionally access that information, you may be able to
put it into an encrypted filesystem and only mount it when you need it.
Otherwise, you'll probably have to look at something like SE-Linux to
make that work.

- --
It is better to hear the rebuke of the wise,
Than for a man to hear the song of fools.
Ecclesiastes 7:5
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.1 (GNU/Linux)

iD8DBQFBBaTflKR45I6cfKARAsxQAJ4pjDXvWzYwKtLPgjchlk gzZ5F32gCgjJxl
/04RQuV+1uctTjgV14rTf0Q=
=TEqD
-----END PGP SIGNATURE-----

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

_.-In alt.os.linux.slackware, Scott Eberl wrote the following -._
> I was curious if there was a way to make a totally private directory. I
> have a few friends who have sudo access on my box and if I recall that
> means they can go ANYWHERE on the system correct?

Yup. And it means that if they decide they aren't your friend any
more then you won't have a system. Take way their sudo rights.

As one person mentioned you can limit the power of people using sudo.
But here is an old trick from my windows friends. When they had a dir
they didn't want people to find they would put it someplace that
people /never/ look. The favorit place for this was the help dir. No
one ever goes there on a windows system since help is tied directly to
the app. On a linux box places that people never go are places like
/etc/X11/xdm/pixmaps/ and /usr/src/linux/*/*/*. The bigger the system
the easier it is to hide something in plain sight. And you can always
"mkdir .\ " or "mkdir \ " to obscure a dir. But anyone playing with
"find" might stumble onto thoes. loop mouted encrypted file systems
are fun. So are portable keychain drives.

But the best of all is just not handing out sudo.

- --
.-')) http://asciipr0n.com/fp ('-. | It's a damn poor mind that
' ..- .:" ) ( ":. -.. ' | can only think of one way to
((,,_;'.;' UIN=66618055 ';. ';_,,)) | spell a word.
((_.YIM=Faux_Pseudo :._)) | - Andrew Jackson
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)

iD8DBQFBBcgQSJec2PH9pbURAgIUAJ9yWpnehPb1rBiQ+Yf2Cn GUmFYotgCfWlNk
PjbyJ4FW4L6E3FtJ3TghFYQ=
=jXGY
-----END PGP SIGNATURE-----