Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

protect modification of file, not reading, with another pass

New to Debian (Or Linux in general)? Ask your questions here!
Post Reply
Message
Author
mahaaaaham
Posts: 1
Joined: 2018-09-23 08:26

protect modification of file, not reading, with another pass

#1 Post by mahaaaaham »

Hi,

I'm trying to make a DNS filter for some websites. I changed the DNS in /etc/Network-manager/system-connections and it's works but, I'm annoyed because I'm the root of
this computer so, it's easy for me to change this file again, if I want to.

The solution would be to protect the modification of this file with another password, that I can't obtain, even If I'm root. Is there any way to do this?
And, if this isn't possible, is there other solutions?

Thanks for your help!

User avatar
bw123
Posts: 4015
Joined: 2011-05-09 06:02
Has thanked: 1 time
Been thanked: 28 times

Re: protect modification of file, not reading, with another

#2 Post by bw123 »

I think it is okay to edit them, but permissions on those files should probably be left the way they are to allow NetworkManager to work the way it is designed.

Instead, what if you made resolv.conf immutable when the connection was activated? see this...
https://wiki.debian.org/resolv.conf
That could be done with a script, in /etc/NetworkManager/dispatcher.d

I don't know why you would want to password protect a file against yourself, and throw away the password, but I guess there might be a way to do it... some kind of encryption maybe?
resigned by AI ChatGPT

Segfault
Posts: 993
Joined: 2005-09-24 12:24
Has thanked: 5 times
Been thanked: 17 times

Re: protect modification of file, not reading, with another

#3 Post by Segfault »

Setting immutable flag is ugly and incompetent. I'm surprised they even consider it in Wiki.

User avatar
GarryRicketson
Posts: 5644
Joined: 2015-01-20 22:16
Location: Durango, Mexico

Re: protect modification of file, not reading, with another

#4 Post by GarryRicketson »

I'm annoyed because I'm the root of
this computer so, it's easy for me to change this file again, if I want to.
Wouldn't the logical thing be to only do things as root when you need to, and
normally just work as a normal user.
And then , if and when you NEED to, use su to become root, but also don't go just changing files simply because you want to, only if you NEED to change something. and when you do think you need to change something, make a copy of it before changing it, store the copy in a safe place.
If it is a file you want to "protect", copy it, save on a storage device, or you could even make a directory, and save the copies, special files in it. You could set the permissions in that directory to read only, but if later you want one as reference, you have a good copy.
Use a little logic , it goes a long ways.

User avatar
pylkko
Posts: 1802
Joined: 2014-11-06 19:02

Re: protect modification of file, not reading, with another

#5 Post by pylkko »

Maybe if you are "annoyed" by you being able to change the file, then don't give yourself root?

User avatar
debiman
Posts: 3063
Joined: 2013-03-12 07:18

Re: protect modification of file, not reading, with another

#6 Post by debiman »

i think networkmanager would be able to change it back again, it tends to do that.

but let's take a step back:
mahaaaaham wrote:I'm trying to make a DNS filter for some websites.
what exactly do you mean?
you want to black certain domains?
maybe you want a hosts-centric solution?

Post Reply