Link to home
Start Free TrialLog in
Avatar of clebano
clebano

asked on

Hidden File

I need a way to hide a file in Solaris 2.6 or above.
This file will be accessible only by root, but it's name must not appear using ls, find, etc.
Just root (that knows it's name) will be able to see the contents of it.

Is there any way to do it ? Maybe a C program ?

Thanks in advance.
Avatar of UkWizard
UkWizard

Why dont you just create a directory, with the root only permissions. Then only root will be able to even go into the directory. Thus not being able to see it.

Example;

# mkdir /rootonly

# chmod 700 /rootonly

Then create any number of 'hidden' files in there.

May be you need to write your own "ls" command in order to do this and replace the existing ls command.
raza

Just replacing the ls command is not enough, its easy enough to edit the directory with vi to see what it contains.
what sun OS allow you to do that...? I don't get the directory listing on Solaris 2.8 by doing vi on a directory.
apologies raza - I was using Linux, you're right, I can't see the directory contents on my Solaris and AIX systems

(sound of head banging on table)

Cheers - Gavin
How will you be using the data in the "file"? If it's to be access with anything that relies on normal file accesses then you can't hide the file so that it can't be found. You can, as has already been suggested make the file only visible and usable by root, but if you don't control the root account it really isn't hidden.

If only a program will be accessing the data you can always use a raw slice to hold the data. Of course that means that the code that will access the data needs to be run by root.

raza,

Try 'cat some-dir-name'...
ASKER CERTIFIED SOLUTION
Avatar of festive
festive

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial
apologies raza - I was using Linux, you're right, I can't see the directory contents on my Solaris and AIX systems

(sound of head banging on table)

Cheers - Gavin
I can see them on my Solaris systems. Just do a 'cat some-dir-name'
we seemed to have veered away from the topic though...

jlevie - don't you mean 'strings some-dir-name'
or 'echo *' in a directory does the same.

i have also used an 'od -c some-dir-name' whilst
investigating break-ins.

Regards,
Festive
Nope, I mean cat. A directory is just a special kind of file and cat really doesn't care that it's special. While I haven't tried that lately on an SGI, from what I do know about an SGI's file system I'm reasonably certain it would work.

echo and strings will also show the names and obviously od would.
On a Solaris system (SPARC 2.8)
you get text + binary content (presumably inode references etc) and a very nasty sideways stepping effect.

Thats why I thought you meant strings (the output of which is clean and programatically useful (though not Always reliable - depending upon the filenames).
Well, I didn't say it was pretty, only that it works.
jlevie, It doesn't work on mine Solaris 2.8

# cat 'top'
cat: input error on top: Is a directory
I think you are all diverting somewhat here, lets get back to the question in hand.

:)
Avatar of clebano

ASKER

I'm seeking something like overmounting or mkdir '..' (not using spaces or other chars).

The problem is that overmounting is no working ... i'm getting error messages "no block device", "no log for ..."

Some more suggestions ...

Are you trying to access the 'hidden file' while the directory that contains the file is over mounted? You can't do that. The proper method using over mounting is to do the file access, then over mount the directory to hide the file.
clebano - you need to mount a REAL device over the top.
your BEST option is a kernel rootkit or chrooted
environment - as this will insulate ALL of your activity/files from unauthorized view.
No comment has been added lately, so it's time to clean up this Topic Area.
I will leave a recommendation for this question in the Cleanup topic area as follows:

- Answered by festive

Please leave any comments here within the next 7 days

PLEASE DO NOT ACCEPT THIS COMMENT AS AN ANSWER !

tfewster
Cleanup Volunteer
per recommendation

SpideyMod
Community Support Moderator @Experts Exchange