How to hide/unhide a file from 'ls -a' in linux kernel?

Question

I want to delete a file or folder by implementing my own system call such that after giving command 'ls -a' it must not be visible to me.

So basically I want to hide a file from commands like 'ls'or 'ls -a'. And then unhide it from the same.

It means I don't want it to completely delete it. Just hide it from user.

I am thinking it has to do some thing with

struct file_operations *f_op;

From where we can actually hide the file by manipulating 'readdir()'.

But I don't know how to manipulate it.

Any help?

P.S:- Linux Kernel version 3.5.x x86 64bit. I am doing changes in /linux/fs/namei.c

@JimGarrison No. I want to implement a system call which can delete a file such that its not seen by ls -a. But at the same time I have to implement another system call which can undelete it. So cannot use unlink(). — suraj_fale, Oct 27 '12 at 05:46
For what purpose are you trying to side-step the very deliberate security procedures put in place? — enhzflep, Oct 27 '12 at 06:18
Don't do that. You want to violate an essential property of Unix. — Basile Starynkevitch, Oct 27 '12 at 06:58
No user would willingly install any software that did this. 'task given in my syllabus' - don't think so. Close voting. — Martin James, Oct 27 '12 at 06:59
@Martin James Problem Statement:- Now implement the undelete functionality in a truly transparent manner, i.e, when you delete a file, the trashed version of the deleted file should not be listed anywhere in the filesystem in any manner? For example, there should be no entry, such as .fname.trash, that gets listed anywhere in the filesystem with ls -a command. — suraj_fale, Oct 27 '12 at 07:02
You can write an alias to ls and in a script, in a function, ignore the -a option. That's all you should do, if you need to. — askmish, Oct 27 '12 at 07:02
@askmish it it allowed in kernel space? I mean we can use alias in implementation of a system call? — suraj_fale, Oct 27 '12 at 07:04

score 2 · Accepted Answer · answered Oct 27 '12 at 07:05

2

There is no way to do this - and even if there is, you shouldn't.

Instead, if you want to be able to "undelete" a file, you should have a folder somewhere on the file system (eg, ".Trash"), and instead of deleting the file using unlink or the like, just move the file into the trash directory. On "undelete", just move the file back. On "empty trash" or whatever, actually unlink the file from the hard drive.

This will have the effect of "hiding" the file from commands like ls -a because the file no longer exists in that folder; it's been moved to some Trash folder or Recycling Bin somewhere else on the hard drive.

answered Oct 27 '12 at 07:05

cegfault

6,442
3
27
49

Thank you for you answer. Could you tell me then what is this : I mean is this on same path? http://www.codeproject.com/Articles/444995/Driver-to-hide-files-in-Linux-OS# – suraj_fale Oct 27 '12 at 07:11
3

@SRJ - me pisses myself laughing. As soon as I saw a link to CodeProject I suspected who the article's author would be. I was not incorrect. Have a look at their other system-programming articles - all they ever seem to publish are hacky/back-door methods for effing-with things that the os should maintain exclusive rights to. For reference: http://www.codeproject.com/Articles/Apriorit-Inc#articles – enhzflep Oct 27 '12 at 07:22
2

@SRJ: the article you linked to is, in my opinion, bad programming practice and should NEVER be used. It is, per se, a hack. It violates security principles and undermines good faith efforts of general computing. Please never implement such a program, nor pursue such programming tactics. – cegfault Oct 27 '12 at 07:38

How to hide/unhide a file from 'ls -a' in linux kernel?

1 Answers1