Friend asks: I would like to make an app to ask for authentication before launching. I can do that on MacOS via creating an encrypted disc image and put the app in there, and windows has robust third party tools for it. But how would you go about it on Linux, especially since it’s a .deb (that gets auto-updated all the time via its repo) and not an appimage/flatpak? Others need access to the user account, but I want to restrict that one app. Creating a different user account for it is out of the question btw, since you can still change the password for that user via the primary admin account. Also, I don’t want to be running full VMs that take forever to boot to use that one app. Is there any simple way to lock an app under Linux?
It’s Linux, on the local machine the root account is always going to be able to do things.
Not if you have an encypted folder etc, with a different password than the user account. That way, is safe even from the root account. The problem here is that the app is a .deb, it doesn’t come as an appimage, and it needs constant updating too. So it’s the main system executable file that I want to make user-authenticating, with a different password than that of the user account.
Nothing at all is safe from the root account, or from any user that can elevate to root. Think of the root account as the system itself - the thing you’re trying to protect may be encrypted and safe at rest if you’ve brought it in from elsewhere, but as soon as you enter a password and decrypt it, you’re handing that password and decrypted data over to a system fully controlled by that root account.
Yes, there is. If a folder or file is encrypted (with a different password), it is safe from root too. That’s what I’m after. Root can’t change the password of an encrypted volume.