Is there a way to HIDE a file/dir from a specific user/group?

linux centos access-control-list

I'm setting up ACL permissions in CENTOS.

I'm getting close to the structure that I have in mind however one piece is missing for completing the puzzle.

Is there any way to HIDE a file/directory from a specific user/group?

I'm not talking about not being able to read, change dir to it. I want to completely hide it from the specific user/group (not to show up on ls -la).


No there isn't a way of doing this. You can hide it from ls -l by having it start with a dot, but that's really not what you're asking. If you need users to not be aware of the existence of specific files or directories then you'll need to place them in a directory they don't have read permissions for.


If you rename a file to .[filename] , it won't be displayed by ls but will be displayed by ls -a
or
You can rename it to [filename]~ , Linux considers files ending in ~ as backup files and hence hides them.
or
Build your own ls utility to exclude some patterns from ever showing up in an ls
or
Try This: http://sourceforge.net/projects/ext2hide/
or

  1. You can put files in a directory and then "chmod 700 directory". Now only the owner of the directory can see the files. This is the closest thing to a correct answer to the question.

  2. Some people try screwball names. Inexperienced users often don't understand how to deal with such files. Names I have seen include naming a file a control character, ".. ", " ", etc.

  3. You can put files in a directory and then mount another filesystem on the directory. At this point special tricks are needed to see the files and only root will have the power to employ the tricks.

  4. A program can open a file and then unlink it. If that was the only link to the file, the file now has zero names. But it won't be deleted until the last program closes the file. Such a file can be called hidden. This happens a lot. A file system fills and someone finds an offending file. They rm it. Then they wonder why the space wasn't freed. I must see this once a week or so.


you can do this with SELinux, you can disallow "stat" on a file to certain types of users which should eliminate directory listing as well. Untested though.

Related

IIS Windows Authentication not working in Internet Explorer via host name; works via IP
How are child nameservers resolved?
Can ZenOSS integrate Ganglia smoothly?
HAProxy as reverse proxy for AWS API Gateway
Monolithic vs Packaged-based Image Creation
Fast way of copying IMAP to IMAP on CentOS
Why does my Firewalld configuration on CentOS 7 fail to start and show iptables errors?
Squid and Active Directory authentication
Can I run PHP 5.3 and PHP 5.2 on the same server with Apache?
Catch-all rewrite rule for apache that doesn't cause duplicate urls from .htaccess
How to configure WebDeploy server for direct publishing from visual studio?
How to log full outgoing mails in Postfix?