Is it better security-wise to protect your files by encrypting or changing permissions (like 600)?
Asked
Active
Viewed 188 times
-1
-
"Is it better" is an obtuse question; it's too open to interpretation. If you want to know if the file will *more secure*, then encryption is obviously the answer; but that doesn't mean it's *better* security-wise. That all depends on the file is used. – Shōgun8 May 28 '21 at 18:41
-
For example, when you forget the encryption key, you can't use the file anymore. In that sense, chmod is better. However, anybody gaining root privileges on that computer won't be deterred by file permissions - except if they gain the privileges through a security hole in a service, and SELinux or AppArmor limit what this service can do. In short, there are many factors that you may have to consider, depending on context and purpose, and there is no simple answer. – berndbausch May 29 '21 at 03:17
-
Yes I was mostly referring to how difficult would be to bypass my root privileges as opposed to decrypt, should have been more specific. The comment was really helpful, thanks @berndbausch – Minsky May 29 '21 at 07:45
1 Answers
1
Undoubtedly encrypting is better because only the person with the key (and someone with enough resources and time to brute-force it) can access the files' contents.
By only changing permissions to 600 one actually gives access permissions to three persons:
- Its owner.
- The root user.
- Anyone with physical access to the storage media.
Especially the 3rd person should not be overlooked but often is.
Very related or cross-network duplicates:
Quasímodo
- 18,625
- 3
- 35
- 72