(More) Specifics:

  • Undoing the protection should include filling in a password.
  • The password should be different from the one used with sudo or any other passwords that are used for acquiring elevated privileges.

All (possible) solutions and suggestions are welcome! Thanks in advance!

  • poki@discuss.onlineOP
    link
    fedilink
    arrow-up
    0
    ·
    7 months ago

    What’s your end goal here?

    Incoming XY problem.

    I want to prevent myself from reinstalling my system. The trick I came up with involved the use of files that couldn’t be disk cloned. However, if it’s far far easier to accomplish it through other means, then please feel free to enlighten me on this.

    You try to keep files just on that one media without any options to make copies of them?

    Yes.

    Or maintain an image which has enforced files at their directories?

    No, not necessarily.

    And against what kind of scenarios?

    Protecting myself from myself. That’s where the password requirement comes in: I can send a delayed message to myself that holds the password. The end result shouldn’t in the absolute sense prevent full access for always. Unlocking the protection should be possible and should require the involvement of the earlier mentioned password that is received through a delayed message. That way, those files can be accessed eventually, but only after I had intended to.

    ACLs and SELinux aren’t useful as they can be simply bypassed by using another installation and overriding those as root

    Excellent! I didn’t know this. Thank you for clarifying this for me!

    Only thing I can think of, up to a degree, is to use immutable media, like CD-R, where it’s physically impossible to move files once they’re in place and even that doesn’t prevent copying anything.

    The files should remain on the same disk that I run my OS from. So, unfortunately, this doesn’t quite help me. Thank you regardless!