3

I am running Ubuntu 10.04 LTS. I want to use my laptop to play music in a party. MY screensaver does not need a password to deactivate. I would like to allow people to use my computer to play the music they like, but I would like to prevent them to have access to certain directories in the same manner or similar that linux prevents people unauthorized to install programs from the synaptic package manager.

I would like this to be at the level of the command line and the file browser. But with the root password to be able to have access.

Is this done by changing the permissions of the directory? If so how, which is the command from the terminal? Will that also prevent people from executing the files in the directory as well? Can I also block their searching of the directory and contents?

Vass
  • 5,371

2 Answers2

6

The simplest way I can think of is simply creating a new user partyuser, and assigning it read permissions to a 'public' music directory. To make the music directory (with it's subdirectories and files) to become readable by others you run:

# chmod -R r+o /path/to/music_dir

That way this user can not list or access files in your own user's home directory by default. The only easy way to do this is by becoming root. If you wish to have the ability to become root as the partyuser for this reason, simply add the user to the /etc/sudoers file and use sudo.

Also remember to add the user to appropriate groups, that will enable use of the audio and/or graphics etc. on the system.

1

If you want to protect some of your files from other people, you must not give them unfettered access to your account. Never let other people use your account; instead, create an account for them. If you want to allow anyone with physical access to perform certain things, create a guest account with the password taped to the monitor.

Set the permissions of your private files to deny access from other users: chmod go= /path/to/file (i.e. no permission for users other than the owner of the file). If you make a directory inaccessible to other users (chmod go= /path/to/dir), they won't be able to access files underneath that directory either.

If you want to go further and allow certain users access to certain files, create a group containing those users and make the files only accessible to that group, or set an access control list (see here) for the file.

If the files are on a removable medium, the only way to prevent other people from reading them is through cryptography. There are several filesystems that allow you to work transparently on encrypted files after typing the encryption passphrase once per session; encfs is the easiest to set up.