(More) Specifics:

  • Undoing the protection should include filling in a password.
  • The password should be different from the one used with sudo or any other passwords that are used for acquiring elevated privileges.

All (possible) solutions and suggestions are welcome! Thanks in advance!

Edit: Perhaps additional specifications:

  • With 'displace‘, I mean anything involving that resembles the result of mv, cp (move, cut, copy) or whatsoever. The files should remain in their previously assigned locations/places and should not be able to ‘pop up’ anywhere.
  • I require for the files to be unreadable.
  • I don’t care if it’s modifiable or not.
  • I don’t require this for my whole system! Only for a specific set of files.
    • poki@discuss.onlineOP
      link
      fedilink
      arrow-up
      1
      arrow-down
      1
      ·
      6 months ago

      It seems I wasn’t clear as most people misunderstood me.

      But, to give a very precise example; say

      • I had a folder called ~/some/folder.
      • It was on an encrypted drive.
      • And I had done additional work to encrypt the folder again.
      • And say, I used chattr, chmod or chown or similar utilities that remove access as long as one doesn’t have elevated privileges.
      • And say, I had done whatever (additional thing) mentioned in your comment.

      Then, what prevents whosoever, to copy that file through cloning the complete disk?

      Even if they’re not able to get past the password, it will be found on the cloned disk. SO, basically, I ask for some method that prevents the file to even be copied through a disk clone. I don’t care that it has three passwords protecting it. What I want is for the disk clone (or whatever sophisticated copy/mv/cut or whatsoever utility exists) to somehow fail while trying to attempt the action on the protected files.

      • lambalicious@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        3
        ·
        6 months ago

        I ask for some method that prevents the file to even be copied through a disk clone

        Oh that’s quite simple! Just don’t have the files on the first disk in the first place. Make them a remote mount from a server, for example via sshfs, webdav, etc. Heck, even ftp if it comes down to it. That way, even though you can clone the disks, you can not get to the files if you don’t also have the full authentication requirements for the remote server (such as a password).

        At a conceptual level, you can’t do anything via root to prevent someone who clones the disk from… well, cloning the disk. Having physical access to a disk is a much higher level of access than even root, so if what you are looking for is for your content to not be cloned, you need to fortify physical access to the device.