I am running the latest version of Kubuntu and I just installed Thunderbird 3 for email. I can open this program and read the emails already saved to my computer, which is a privacy concern for me. A password is only required to get new emails and send mail. The master-password option in Thunderbird is useless as well, just hit cancel and you can read all saved emails. I would like to know if there is a way to encrypt the folder that Thunderbird stores the emails in so someone couldn't just copy my email folder through a file manager and I'd also like to require a password just to open Thunderbird. Any way to do this?
-
-
Re: Any way to require a password to open a program?
I'm not a Thunderbird user, but I don't understand what makes T-bird e-mail any different than spreadsheets or text documents or anything else -- isn't it stored in your user's home directory?
-
Re: Any way to require a password to open a program?
The short answer is you can encrypt a folder or partition.
http://www.ubuntugeek.com/how-to-cre...-intrepid.html
But before you go through all that - can I ask what exactly your concern is? I understand you don't want others reading your email. If you log out (and don't share your password) only someone with root user access (via su or sudo) can view or copy your files.
If you're trying to prevent the root user from reading them - you might need to do the encryption. Otherwise, basic linux security takes care of most of your concerns.
To test this - log into your user account, open a file manager, and try to access another users' files.Comment
-
Re: Any way to require a password to open a program?
At least on my Hardy system, this is not quite true. It turns out that when a regular user creates a regular file in their own home directory the Unix permissions are 644. This means any user on the system may read or copy the file.Originally posted by oshunluvr
I've always wondered why my system is setup this way by default. I know that normal Unix security can keep my files private from other users, but it isn't. It isn't a big concern for me because I am the only one with physical access to the computer who can authenticate, but on a system with multiple users and accounts it would be a serious concern IMHO.Code:ken@Alia:~$ touch foo ken@Alia:~$ ls -l foo -rw-r--r-- 1 ken ken 0 2010-03-04 07:21 foo ken@Alia:~$ su jan Password: jan@Alia:/home/ken$ cd ~ jan@Alia:~$ touch faa jan@Alia:~$ cp -v ~ken/foo ./ `/home/ken/foo' -> `./foo' jan@Alia:~$ ls -l f?? -rw-r--r-- 1 jan jan 0 2010-03-04 07:21 faa -rw-r--r-- 1 jan jan 0 2010-03-04 07:21 foo
It would be interesting, to me at least, if others could try the experiment above and see what their own defaults are.Comment
-
Re: Any way to require a password to open a program?
That's a good point - I forgot that I always fix that when I install a system. I have a server setup at home so I want all my users in a common group. I set my umask at 077 and set my home directories at -rwx-------
I have noticed that a program will sometimes create a file with different permissions, but as long as it's in my home it's mine only.
Comment
-
Re: Any way to require a password to open a program?
So is there a good tutorial on creating protected folders or changing permissions? I really have no idea how to do any of this. I think encrypting my drive is overkill for this computer. I still am not clear on whether or not I can set up a program to require a password to run it. If this is possible, how do I do it?Comment
-
Re: Any way to require a password to open a program?
Yep, there is already one installed on your system.Originally posted by MichaelDRennie
Alt+F2 -> konsole, and then
To read the manuals:Code:info coreutils 'chmod invocation' info coreutils 'chown invocation' info coreutils 'file permissions'
Please read the article How to find Kubuntu's Documentation for more details.Code:man chmod man chown
Edit: `ready' -> `read'Comment
-
Re: Any way to require a password to open a program?
Obviously - none of the below protects you from someone with your root password:
You could change the permissions on the executable requiring root access to launch the program, then insert "kdesu" in the menu entry, thus launching a pop-up window requiring root password to launch the program.
The question remains what level of security do you require? If you want to block all your other users from using a program, the above does it- but doesn't prevent them from using a differetn program to access your files. If you want to secure all your files in your home directory a little better than the default, changing permissions on your directory and the default umask would go a long way.
The default behavior of most distros is to have everyone in a private group. Therefore, no other users have group access unless you add them to your group. In this case umask 0007 results in rw file access to your user and group, but not others.
The umask is "subtractive" - that is to say a umask bit of 0 removes no permissions and 7 removes all permissions.
Umask bit positions:
bit 1 is "sticky" (can be useful, look this up)
bit 2 is owner
bit 3 is group
bit 4 is others
A umask bit value of:
0 removes no permissions
1 removes execute from directories
2 removes write permission from files/directories
3 removes write permission from files/directories and execute from directories
4 removes read permission from files/directories
5 removes read permission from files/directories and execute from directories
6 removes read/write permission from files/directories
7 removes read/write permission from files/directories and execute from directories
The sticky bit can't be set with umask - only directly with chmod.
Default umask is the last line in /etc/profiles and can be set for each user in ~/.bashrc
NOTE: I know I've been somewhat cryptic in my post here - I'm hoping you'll spend some time reading a bit before you dig in because you'll learn something about linux and you may find something I haven't thought of. Let us know what you are soon. We'll all help you more....Comment
Comment