Saturday, May 12, 2007

How to Hide Files and Directories in Linux

In Linux, directories are not accessible until the device is mounted. This is usually done at startup by the mount command which uses the /etc/fstab file.

Files that start with a dot "." are hidden, but not completely (you can do ls -a to see the files). An example is the ~/.bashrc file. You can also hide files in a directory name that starts with a dot, e.g. ~/.ssh

Now for the real trick

Entire directories can be hidden, simply by mounting another device on top of the directory. The original files will still be in tact, but not visible until the device is remounted.

First, find a device that is available to mount (boot is nice, because it is usually small).

$ mount
/dev/hda1 on /boot type ext3 (rw)
...
etc...


Then make your stealth directory, copy files to it, and mount a directory over it.


$ cd /mnt
$ mkdir stealth
$ touch /mnt/stealth/somefile.txt
$ ls /mnt/stealth/
somefile.txt
$ mount -t ext3 /dev/hda1 /mnt/stealth
ls /mnt/stealth/
config-2.6.9-5.EL initrd-2.6.9-5.EL.img message System.map-2.6.9-5.ELsmp
config-2.6.9-5.ELsmp initrd-2.6.9-5.ELsmp.img message.ja vmlinuz-2.6.9-5.EL
grub lost+found System.map-2.6.9-5.EL vmlinuz-2.6.9-5.ELsmp


Then simply unmount when you want to access your original files


$ umount /mnt/stealth/
$ ls /mnt/stealth/
somefile.txt


No comments: