UNIX Context Dependent Files A method for hiding UNIX files CREATION -------- 1) mkdir hidden Create the context-dependent 'file' 2) touch hidden+ [optional] This will make it harder to access the cnode. On the other hand, it may tip off cdf-suavvy sysadmins that there is a cdf around. 3) chmod +H hidden Make it a cdf 4) touch hidden [optional] This will create a file in the directory that will 'unhide' the directory. It will really be a file called hidden/ where is your cnode name. This is probably something like standalone. CNODES ------ A cdf is a directory that will look like a file depending on what machine/cnode you are accessing from. The directory contains files (remember, files can be more directories) that are named according to cnodes - if you access the cdf (which looks like a file), it will give you the file in the cdf directory based on your cnode (or default if none is found). If no match is made, then weird things can happen with 'file not found' errors. Because of this, if you create a hidden directory, you might want to create bogus files for the cnodes that might access the cdf, so it just looks like a plain file instead of giving occasional errors that might tip off the intelligent user. One way to do this is with step four above, or just create a file called default in the cdf directory. Then be careful not to name any of the hidden files with names that might be used by cnodes (the advantage of doing step 4 above, even if you don't keep the file around). It might be wise to put a directory in the hidden directory which you then store your hidden files in. ACCESS ------ To access the directory you can do a 'cd hidden+' unless you did step 2 above. If you did, you will need to do: rm hidden+ # Removes the 'lock' file chmod -H hidden+ # Converts the cdf into a directory cd hidden # Go into the directory touch ../hidden+ # Create a new lock file chmod +H . # Make it hidden again Once you leave the directory, though, you won't be able to reaccess it without doing the above steps. This has the added bonus that it changes the creation date of the lock file, the only way someone else can access the hidden directory without you knowing is if they either move the lock file around or use touch to change the creation date. REMOVAL ------- 1) rm -f hidden+ # If you have a lockfile 2) chmod -H hidden # Make it a normal directory again 3) rm -rf hidden # If you want to remove the entire directory VULNERABILITIES --------------- Some programs are cdf intelligent. For example, du will show disk usage for the entire 'hidden' directory. It doesn't show that it's a cdf, though, so unless the sysadmin spots it and knows what he is doing, you're okay. Another example is 'ls' - if the user is using the '-H' flag, then it will view cdfs normally (but using the lockfile above will make it more difficult to access). Some shells will notice the file during shell completion. If you don't create the file for the cnode they are accessing from, then they may notice it when they try file completion. Knowledge is always a vulnerability to any security system. You can hide it, but if they know how to unhide it, you can't stop them. You can password protect it, but if they know the password, etc..