Password protect files/folders using cli

Solution 1:

If other users have root access to the system, then the only way that I can see to protect your files/folders is encryption and decryption.

Lot of answers are listed here (in AskUbuntu) about encrypt/decrypt , but I will show the simplest method, in my opinion.

OpenSSL

Encrypt/Decrypt file

openssl aes-256-cbc -in file -out file.aes
openssl aes-256-cbc -d -in file.aes -out file

OpenSSL & Tar

Encrypt/Decrypt Folder

tar -zcf - directory | openssl aes-256-cbc -out directory.tar.gz.aes
openssl aes-256-cbc -d  -in directory.tar.gz.aes | tar -xz -f -

Keep your decryption password out of the sight, and out of the System.

Solution 2:

Another simple solution. Say, you want to protect the folder "secret". Do the following:

mv secret secret.tmp
mkdir .secret.enc
mkdir secret
encfs ~/.secret.enc ~/secret

Now encfs will ask you about some options and a password. After that, .secret.enc will contain an encoded copy of anything you put to ~/secret.

mv secret.tmp/* secret
rmdir secret.tmp

You can now treat secret as a normal folder: edit files, copy, move whatever. When you are done, do

fusermount -u ~/secret

The directory secret will now be empty, and the files will be, encrypted, in .secret.enc.

Note about the root: if anyone else has root permissions, you have no privacy, full stop. Even with encryption, root will always have the possibility to snoop on your terminal, hijack your passwords and keys, and gain access to your encrypted data.

Another solution with the GUI: put your files in a folder. Open the parent folder in Nautilus. Right click on your "secret" folder. Select "encrypt folder".