protect modification of file, not reading, with another pass

New to Debian (Or Linux in general)? Ask your questions here!

protect modification of file, not reading, with another pass

Postby mahaaaaham » 2018-09-23 08:34

Hi,

I'm trying to make a DNS filter for some websites. I changed the DNS in /etc/Network-manager/system-connections and it's works but, I'm annoyed because I'm the root of
this computer so, it's easy for me to change this file again, if I want to.

The solution would be to protect the modification of this file with another password, that I can't obtain, even If I'm root. Is there any way to do this?
And, if this isn't possible, is there other solutions?

Thanks for your help!
mahaaaaham
 
Posts: 1
Joined: 2018-09-23 08:26

Re: protect modification of file, not reading, with another

Postby bw123 » 2018-09-23 13:40

I think it is okay to edit them, but permissions on those files should probably be left the way they are to allow NetworkManager to work the way it is designed.

Instead, what if you made resolv.conf immutable when the connection was activated? see this...
https://wiki.debian.org/resolv.conf
That could be done with a script, in /etc/NetworkManager/dispatcher.d

I don't know why you would want to password protect a file against yourself, and throw away the password, but I guess there might be a way to do it... some kind of encryption maybe?
User avatar
bw123
 
Posts: 3579
Joined: 2011-05-09 06:02
Location: TN_USA

Re: protect modification of file, not reading, with another

Postby Segfault » 2018-09-23 14:51

Setting immutable flag is ugly and incompetent. I'm surprised they even consider it in Wiki.
Segfault
 
Posts: 812
Joined: 2005-09-24 12:24

Re: protect modification of file, not reading, with another

Postby GarryRicketson » 2018-09-23 15:07

I'm annoyed because I'm the root of
this computer so, it's easy for me to change this file again, if I want to.


Wouldn't the logical thing be to only do things as root when you need to, and
normally just work as a normal user.
And then , if and when you NEED to, use su to become root, but also don't go just changing files simply because you want to, only if you NEED to change something. and when you do think you need to change something, make a copy of it before changing it, store the copy in a safe place.
If it is a file you want to "protect", copy it, save on a storage device, or you could even make a directory, and save the copies, special files in it. You could set the permissions in that directory to read only, but if later you want one as reference, you have a good copy.
Use a little logic , it goes a long ways.
User avatar
GarryRicketson
 
Posts: 5193
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: protect modification of file, not reading, with another

Postby pylkko » 2018-09-23 17:01

Maybe if you are "annoyed" by you being able to change the file, then don't give yourself root?
User avatar
pylkko
 
Posts: 1357
Joined: 2014-11-06 19:02

Re: protect modification of file, not reading, with another

Postby debiman » 2018-09-24 05:33

i think networkmanager would be able to change it back again, it tends to do that.

but let's take a step back:
mahaaaaham wrote:I'm trying to make a DNS filter for some websites.

what exactly do you mean?
you want to black certain domains?
maybe you want a hosts-centric solution?
User avatar
debiman
 
Posts: 3064
Joined: 2013-03-12 07:18


Return to Beginners Questions

Who is online

Users browsing this forum: No registered users and 6 guests

fashionable