auto encryption and decryption of files during log in and log off

Shell Programming and Scripting
1

we r to develope a project which involves automatic encryption of all the text files user was working upon during logg off
and to decrypt them during log on
this is to be done by writing a shell script
can anyone help

2

I don't think I want to help you try to write a script like this, but here are a few issues to consider if you really want to pursue this project:

  1. What constitutes "was working upon during logg (sic) off"? (Open in an editor? If so, do you have a list of editors to be used for this purpose?)
  2. What encryption/decryption tools do you plan to use that don't need user interaction to enter an encryption/decription key?
  3. How do you plan to determine that a file is a text file? (File extension of ".txt", file utility contains "text" in the output it produces when processing the file as an operand, ...?)
  4. How do you plan to keep from corrupting files if a user is logged in twice and logs out of one session while continuing to process files in another login session?
  5. Do you have any plan on a way to recover from a power failure that occurs while some users are logged in (or even worse; while one or more users were in the process of logging in or out)?
  6. If a sysadmin is editing a system configuration file when being logged out (such as /etc/passwd or /etc/group) and you encrypt those files as that user logs out, no one will be able to login after that until those files are restored. If any users edit files shared with other people working on a common project, you will have destroyed the ability to share files.

Good luck,
Don

3

How about an encrypted file system? You need a password to work on the files.
This is a far more sensible approach. We had this long ago at Los Alamos National Labs (NM, USA) where security followed Orange book B requirements. That is FAR more stringent than anything you can afford to implement.

What you are doing is probably ill-conceived, and motivations are good, but Don Cragun was too polite to say that.

consider this free toolkit for Linux, other OS software exists, too:

Filesystem Encryption Tools for Linux

The probability of you getting this requirement to work is low, and getting it to work flawlessly is very low, IMO. It has to be done at a very low level (kernel mode or in filesystem drivers), not with shell scripts. The probability is high that you will irreversibly damage files. And if accidentally you do that to system files, you lose the whole system. If you do proceed with your shell script approach, be very scrupulous about backing up files, because you will definitely have problems.

Just my opinion, trying to prevent big problems for you. Not trying to squash innovation.