There are many ways to prevent access to files in Linux. Disallowing permissions to the entire directory, or the files inside it is one way. But how do we deny access to specific files? Not just access to read or execute them, but even to show them appearing in the directory using a regular command like “ls”? The most common way of course is to use the “dot”. Here’s an example:

Why Hiding Files by Placing a “dot” in Front Doesn’t Work

On the face of it, it seems simple. Here’s an example of an “ls” command that displays three files:

a

However, there’s also a fourth file that doesn’t show up because it starts with a dot (.) character. These files are colloquially said to be “hidden”, but they’re not really because they show up if you just use the “-a” parameter with the ls command like this:

So anyone who’s looking for a file will just need to type “ls -a” and the supposedly hidden files will be revealed! How do we prevent this? How do we disallow someone from viewing certain files with “ls” even when they’re deliberately searching for it?

Using Bash Scripting to Hide the File

Bash scripting allows us to modify the behavior of existing commands. This is done by adding lines to the following file:

~/.bashrc

To hide the first three files named “filetohide1”, “filetohide2” and “filetohide3” for example, we just add these lines to the end of ~/.bashrc:

function ls () {
     command ls "$@" -I filetohide1 -I filetohide2 -I filetohide3
}

The “ls” command has a feature that allows us to ignore certain files using the “-I” parameter. For multiple files, we can have multiple “-I” parameters. In this code, I’m redefining the command “ls” as a new function. Then I execute the original “ls” command with the existing parameters using the shortcode “$@” and append multiple “-I” parameters – each containing the name of the file I want to hide from a person executing “ls”. Here’s what it looks like in .bashrc:

So now when we execute “ls” in the same directory, nothing shows up:

That’s because the first three files are hidden with our script, and the last one begins with a dot so it doesn’t show up anyway. However, we can hide the fourth hidden file as well using the same technique with the following substitution:

command ls "$@" -I .filetohide4

Now the hidden file “.filetohide4” doesn’t show up even when you use the “-a” parameter!

That’s pretty amazing. With this technique, it is simply impossible for anyone to even know of the existence of a file that’s explicitly hidden with .bashrc.

Hiding Files via Pattern Matching in .bashrc

It might get tedious to include each and every file with a new “-I” parameter. We can also use pattern matching with the “–ignore” parameter instead of “-I”. The command to hide files containing the pattern “filetohide” looks like this:

command ls "$@" --ignore="*filetohide*"

This hides everything matching the pattern “*filetohide”, which includes our three files, but NOT the hidden file:

Hide files in Linux using .bashrc

For some reason, dot (.) files are never expanded in the first place and so pattern matching doesn’t get a chance to work on them. We can modify this “globbing behavior” using shopt using the following command:

shopt -s dotglob

But you might find it easier to simply avoid dot based hidden files altogether and opt for hiding them via bash instead. It’s much more elegant compared to changing a setting that might cause unexpected behavior later on.

This just scratches the surface of .bashrc scripting. Using this innovative tool, you can modify shell behavior in all kinds of interesting ways!

tracking pixel

Is your website slow?

Enter its URL below to find out now:

About the Author

Bhagwad Park

Leave a Reply

Your email address will not be published. Required fields are marked *