Re: deny copying files
On Thu, Mar 07, 2002 at 06:49:38PM -0800, Gordon Messmer wrote: > The SUID bit has nothing to do with not being able to copy the file. > Users can't copy /usr/bin/passwd because they don't have read access to > the file. That doesn't quite meet the criteria of the original request, > which was to restrict copying while allowing users to read the contents > of the file. sorry I was wrong, I test to make file with same permission and ownership with passwd has, then file can't be copied > On Thu, 2002-03-07 at 10:37, Lewi wrote: > > i found that binary has a suid bit, group and other just have x bit > > can't be copy by user, like /usr/bin/passwd. > > > > so the conclusion is, only root can prevent casual copy of file > > > > i think it just for security reason, suid bit can't be copied > > > > thank you all > -- ichtus -- Lewi Supranata .K ICQ: 50643061 msg73594/pgp0.pgp Description: PGP signature
Re: deny copying files
The SUID bit has nothing to do with not being able to copy the file. Users can't copy /usr/bin/passwd because they don't have read access to the file. That doesn't quite meet the criteria of the original request, which was to restrict copying while allowing users to read the contents of the file. On Thu, 2002-03-07 at 10:37, Lewi wrote: > i found that binary has a suid bit, group and other just have x bit > can't be copy by user, like /usr/bin/passwd. > > so the conclusion is, only root can prevent casual copy of file > > i think it just for security reason, suid bit can't be copied > > thank you all signature.asc Description: This is a digitally signed message part
Re: deny copying files
i found that binary has a suid bit, group and other just have x bit
can't be copy by user, like /usr/bin/passwd.
so the conclusion is, only root can prevent casual copy of file
i think it just for security reason, suid bit can't be copied
thank you all
On Sat, Feb 23, 2002 at 10:44:37AM -0600, Kevin Krieser wrote:
> A way that would work for special cases is taking away all but owner read
> permissions, then using a SUID bit on the program{s} that are allowed to
> actually read the file. If these programs don't provide a way to make
> another copy of the file, and don't just output the file to the screen in a
> way that can be redirected, you have prevented casual copying.
>
> -Original Message-
> From: [EMAIL PROTECTED]
> [mailto:[EMAIL PROTECTED]]On Behalf Of Robert Canary
> Sent: Saturday, February 23, 2002 10:11 AM
> To: [EMAIL PROTECTED]
> Subject: Re: deny copying files
>
>
> Depends on what your trying to keep in tact. Cat file1 > file2 will
> copy all contents but the file image and timestamp has changed. So if
> your using any sort of original verification schemes you could detect a
> illegal copy. However, if your trying to prevent people from simply own
> the file on their system then their is nothing you can do while allowing
> read permissions.
>
> Depending on the file format (ie PDF), you can set security setting to
> not allow things like save or print. But those feature are dependant on
> the viewer application not the file or the filesystem permissions.
>
> Duncan Hill wrote:
> >
> > On Sat, 23 Feb 2002, Lewi wrote:
> >
> > > it that possible to restrict file to not able be copying but still can
> be
> > > see the contents.
> >
> > If I can view the contents, I can copy it.
> >
> > cat file1 > file2
> >
> > Hey presto, copied without using cp, and only by viewing it.
> >
> > ___
> > Redhat-list mailing list
> > [EMAIL PROTECTED]
> > https://listman.redhat.com/mailman/listinfo/redhat-list
>
> --
> robert canary
> system services
> OhioCounty.Net
> [EMAIL PROTECTED]
> (270)298-9331 Office
> (270)298-7449 Fax
>
>
>
> ___
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
>
>
>
>
> ___
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
--
ichtus
--
Lewi Supranata .K
ICQ: 50643061
msg73484/pgp0.pgp
Description: PGP signature
RE: deny copying files
Cute how is this chattr +i sets the imutability attribute of a file. It prevents this copy of this file from being altered by anyone even superuser (root) until the attribute is switched off. The attribute can only be switched on or off by the superuser. The file can be copied and that copy can be modified/altered to any extent. -Original Message- From: David Talkington [mailto:[EMAIL PROTECTED]] Sent: Monday, February 25, 2002 1:36 PM To: '[EMAIL PROTECTED]' Subject: RE: deny copying files -BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul Hamm wrote: > >>it that possible to restrict file to not able be copying but still can be >>see the contents. > >Woops sorry read that post wrong this prevents files from being altered. It >will allow copying the file. Figure that one out, and you may be set for a lucrative career with the MPAA. ;-) - -d - -- David Talkington PGP key: http://www.prairienet.org/~dtalk/0xCA4C11AD.pgp - -- http://setiathome.ssl.berkeley.edu/pale_blue_dot.html -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.75-6 iQA/AwUBPHqEEr9BpdPKTBGtEQK/xgCg15yO/i6Pkc+Zd/wbH9+lMumKzhwAoMOj UlPBGnHzJc7C7TQ6RSPKf0lF =TJJr -END PGP SIGNATURE- ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
RE: deny copying files
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Paul Hamm wrote: > >>it that possible to restrict file to not able be copying but still can be >>see the contents. > >Woops sorry read that post wrong this prevents files from being altered. It >will allow copying the file. Figure that one out, and you may be set for a lucrative career with the MPAA. ;-) - -d - -- David Talkington PGP key: http://www.prairienet.org/~dtalk/0xCA4C11AD.pgp - -- http://setiathome.ssl.berkeley.edu/pale_blue_dot.html -BEGIN PGP SIGNATURE- Version: PGP 6.5.8 Comment: Made with pgp4pine 1.75-6 iQA/AwUBPHqEEr9BpdPKTBGtEQK/xgCg15yO/i6Pkc+Zd/wbH9+lMumKzhwAoMOj UlPBGnHzJc7C7TQ6RSPKf0lF =TJJr -END PGP SIGNATURE- ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
RE: RE: deny copying files
Or simply chmod 744 as owner. - Subject: RE: deny copying files Woops sorry read that post wrong this prevents files from being altered. It will allow copying the file. try "> chattr +i " as superuser https://listman.redhat.com/mailman/listinfo/redhat-list mail2web - Check your email from the web at http://mail2web.com/ . ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
RE: deny copying files
Woops sorry read that post wrong this prevents files from being altered. It will allow copying the file. -Original Message- From: Paul Hamm [mailto:[EMAIL PROTECTED]] Sent: Monday, February 25, 2002 1:19 PM To: '[EMAIL PROTECTED]' Subject: RE: deny copying files try "> chattr +i " as superuser -Original Message- From: Lewi [mailto:[EMAIL PROTECTED]] Sent: Saturday, February 23, 2002 11:01 PM To: [EMAIL PROTECTED] Subject: deny copying files it that possible to restrict file to not able be copying but still can be see the contents. any suggestions? -- ichtus -- Lewi Supranata .K ICQ: 50643061 ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
RE: deny copying files
try "> chattr +i " as superuser -Original Message- From: Lewi [mailto:[EMAIL PROTECTED]] Sent: Saturday, February 23, 2002 11:01 PM To: [EMAIL PROTECTED] Subject: deny copying files it that possible to restrict file to not able be copying but still can be see the contents. any suggestions? -- ichtus -- Lewi Supranata .K ICQ: 50643061 ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: deny copying files
On 18:51 23 Feb 2002, Timothy Lee Young <[EMAIL PROTECTED]> wrote: | I think it would be great to know how to copy-inhibit files, if anything just | for the sake of knowledge. To copy inhibit files you just remove read permission. Works every time! Seriously, that's all there is. -- Cameron Simpson, DoD#743[EMAIL PROTECTED]http://www.zip.com.au/~cs/ If all around you is darkness and you feel you're contending in vain, then the light at the end of the tunnel is the front of an oncoming train. ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: deny copying files
I think it would be great to know how to copy-inhibit files, if anything just for the sake of knowledge. With Novell servers, you can copy-inhibit files, which is great to help protect files installed on the network. On Saturday 23 February 2002 05:46 pm, you wrote: > On 23:09 23 Feb 2002, Lewi <[EMAIL PROTECTED]> wrote: > | On Sat, Feb 23, 2002 at 10:58:59AM -0500, rpjday wrote: > | > On Sat, 23 Feb 2002, Lewi wrote: > | > > it that possible to restrict file to not able be copying but still > | > > can be see the contents. > | > > | > not likely, since if someone can list the contents, they can always > | > just redirect the output to a destination file of their choice. > | > | i think so too, but just an idea if that possible if just restrict cp > | command to read file. > > What good would such a thing achieve? > > | just a homework from my master :) > > Just tell him "no". I guess you _could_ hack the cp source to implement > some totally arbitrary restriction. Not very productive. Or you could make > the file genuinely not publicly readable and owned by a particular user, > and then put a setuid or setgid command somewhere to access it. > > Cheers, ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: deny copying files
On 23:09 23 Feb 2002, Lewi <[EMAIL PROTECTED]> wrote: | On Sat, Feb 23, 2002 at 10:58:59AM -0500, rpjday wrote: | > On Sat, 23 Feb 2002, Lewi wrote: | > > it that possible to restrict file to not able be copying but still can | > > be see the contents. | > not likely, since if someone can list the contents, they can always | > just redirect the output to a destination file of their choice. | i think so too, but just an idea if that possible if just restrict cp command | to read file. What good would such a thing achieve? | just a homework from my master :) Just tell him "no". I guess you _could_ hack the cp source to implement some totally arbitrary restriction. Not very productive. Or you could make the file genuinely not publicly readable and owned by a particular user, and then put a setuid or setgid command somewhere to access it. Cheers, -- Cameron Simpson, DoD#743[EMAIL PROTECTED]http://www.zip.com.au/~cs/ Michael Atkinson proved himself chosen when he disowned two of his offspring for quoting his own genetic material within themselves. - The Usenet Oracle ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: [REDHAT] deny copying files
On Sat, 23 Feb 2002, Lewi wrote: > it that possible to restrict file to not able be copying but still can be see the >contents. > > any suggestions? If it's an executable, you can change the program so that it will only run from a particular directory. David Kramer [EMAIL PROTECTED] http://thekramers.net DK KD DKK D "Put your hand on a hot stove for a minute and it seems like an hour. DK KD Sit with a pretty girl for an hour and it seems like a minute. That is relativity."- Albert Einstein ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
RE: deny copying files
A way that would work for special cases is taking away all but owner read
permissions, then using a SUID bit on the program{s} that are allowed to
actually read the file. If these programs don't provide a way to make
another copy of the file, and don't just output the file to the screen in a
way that can be redirected, you have prevented casual copying.
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Robert Canary
Sent: Saturday, February 23, 2002 10:11 AM
To: [EMAIL PROTECTED]
Subject: Re: deny copying files
Depends on what your trying to keep in tact. Cat file1 > file2 will
copy all contents but the file image and timestamp has changed. So if
your using any sort of original verification schemes you could detect a
illegal copy. However, if your trying to prevent people from simply own
the file on their system then their is nothing you can do while allowing
read permissions.
Depending on the file format (ie PDF), you can set security setting to
not allow things like save or print. But those feature are dependant on
the viewer application not the file or the filesystem permissions.
Duncan Hill wrote:
>
> On Sat, 23 Feb 2002, Lewi wrote:
>
> > it that possible to restrict file to not able be copying but still can
be
> > see the contents.
>
> If I can view the contents, I can copy it.
>
> cat file1 > file2
>
> Hey presto, copied without using cp, and only by viewing it.
>
> ___
> Redhat-list mailing list
> [EMAIL PROTECTED]
> https://listman.redhat.com/mailman/listinfo/redhat-list
--
robert canary
system services
OhioCounty.Net
[EMAIL PROTECTED]
(270)298-9331 Office
(270)298-7449 Fax
___
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
___
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
Re: deny copying files
On Sat, 23 Feb 2002, Lewi wrote: > i think so too, but just an idea if that possible if just restrict cp command > to read file. You could always make cp a non-user executable command, and allow access with sudo. Course, that breaks most things... ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: deny copying files
Depends on what your trying to keep in tact. Cat file1 > file2 will copy all contents but the file image and timestamp has changed. So if your using any sort of original verification schemes you could detect a illegal copy. However, if your trying to prevent people from simply own the file on their system then their is nothing you can do while allowing read permissions. Depending on the file format (ie PDF), you can set security setting to not allow things like save or print. But those feature are dependant on the viewer application not the file or the filesystem permissions. Duncan Hill wrote: > > On Sat, 23 Feb 2002, Lewi wrote: > > > it that possible to restrict file to not able be copying but still can be > > see the contents. > > If I can view the contents, I can copy it. > > cat file1 > file2 > > Hey presto, copied without using cp, and only by viewing it. > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list -- robert canary system services OhioCounty.Net [EMAIL PROTECTED] (270)298-9331 Office (270)298-7449 Fax ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: deny copying files
On Sat, Feb 23, 2002 at 10:58:59AM -0500, rpjday wrote: > On Sat, 23 Feb 2002, Lewi wrote: > > > it that possible to restrict file to not able be copying but still can > > be see the contents. > > > > any suggestions? > > not likely, since if someone can list the contents, they can always > just redirect the output to a destination file of their choice. > > rday i think so too, but just an idea if that possible if just restrict cp command to read file. just a homework from my master :) thank you for your time > > > > ___ > Redhat-list mailing list > [EMAIL PROTECTED] > https://listman.redhat.com/mailman/listinfo/redhat-list -- ichtus -- Lewi Supranata .K ICQ: 50643061 msg72654/pgp0.pgp Description: PGP signature
Re: deny copying files
On Sat, 23 Feb 2002, Lewi wrote: > it that possible to restrict file to not able be copying but still can be > see the contents. If I can view the contents, I can copy it. cat file1 > file2 Hey presto, copied without using cp, and only by viewing it. ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
Re: deny copying files
On Sat, 23 Feb 2002, Lewi wrote: > it that possible to restrict file to not able be copying but still can > be see the contents. > > any suggestions? not likely, since if someone can list the contents, they can always just redirect the output to a destination file of their choice. rday ___ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
deny copying files
it that possible to restrict file to not able be copying but still can be see the contents. any suggestions? -- ichtus -- Lewi Supranata .K ICQ: 50643061 msg72651/pgp0.pgp Description: PGP signature
