Locking a directory

[Badger]

Is it possible to unlock a directory/folder containing sensitive data at the beginning of an operation then lock it again when finished using it?

[Retrofoxed]

Well, no, unless you go down to the system kernel level with FS filter and all that (assuming Windows). Your best bet would be an encrypted conatiner or archive.

[dbannon]

That might depend on what you are protecting the dir from. If its your own app(s) you can, perhaps, create a file in there with "section" who holds the lock identified. Other sections must respect that file and hold off.

If you wish to protect it from other, unidentified apps, apps you have no control over, Retrofoxed is right.

Think carefully about that locking mechanism, as close as possible to atomic. Don't, for example, just open a file, write an ID to it and close it. Better to create it elsewhere and mv it into place. The read it see who managed to win, not forgetting coming second wins.

If its all in one app and you want to protect from different threads, then look up FP locking mechanisms.

Davo

edit : I use this -

Code: Pascal  [Select][+][-]

1. function GrabLock(var LockVar : longword; Timeout : integer; LockID : integer = 1) : boolean;
2. begin
3.     while TimeOut > 0 do begin
4.         if InterlockedCompareExchange(LockVar, LockID, 0) = 0  then break;
5.         dec(TimeOut);
6.         sleep(1);
7.         // InterLockedIncrement(MissedGrab);      // testing only
8.     end;
9.     result := TimeOut <> 0;
10. end;

[Badger]

I'm backing up Data files from a club database on the user's machine whenever there is a change in the data and the program is closed.  That's not a particular problem as it stays on the machine.  However, periodically, the used is encouraged to back up to an external storage device.  This would contain private data and it would be good to lock the folder in case the external device gets lost/found.
Guess I was hoping for a procedure such as LockDir(FilePath,Password, lock/unlock) all called anonymously by the program.  But life wasn't meant to be easy. 

[dbannon]

....  But life wasn't meant to be easy. 

Ah, Malcolm Frazier c 1970 ?

[Badger]

I was going to attribute ownership but I didn't think anyone would get it.  You must be ancient like me. 

[jamie]

you are better off encrypting the data. Much easier to handle than taking the chance of bit locking a folder to never access it again.

 Your encrypting keys can be unique of course, I think I saw a couple of Libs out there that helps with that.


Jamie

[Aruna]

Is it possible to unlock a directory/folder containing sensitive data at the beginning of an operation then lock it again when finished using it?

Yes, this is quite straightforward to achieve on Linux by using standard filesystem permissions to “lock” a folder. Typically, a normal directory is set to permissions like 755, which you can verify using:

Code: Bash  [Select][+][-]

1. stat -c "%a %n" /path/to/folder/to/lock

And to prevent any access:

Code: Bash  [Select][+][-]

1. chmod 000 /path/to/folder/to/lock

The attached ZIP includes a unit that implements this concept. It can lock and unlock a folder using a password, and the included screenshots demonstrate the expected behaviour. It also applies a simple XOR-based obfuscation/encryption method.

While testing, I ran into a rather amusing issue: I locked the test folder while the lock-state file was still inside it, which effectively prevented any way of unlocking it through normal means. That was an interesting lesson learned. Of course, I later confirmed that root can still bypass the protection and unlock the folder. (Davo and his bright ideas made me do this  ::))

So, this should be treated strictly as a proof of concept. It demonstrates the idea, but it is not suitable for production use unless you are the sole user with full control of the system.

Have fun experimenting, and let me know if it works on Windows as well. The code is designed to be cross-platform, although I have not yet tested it there.

Instructions to Use :
The app launches with a default password already set. You are welcome to change it — or live dangerously and keep it.
Click the Lock button. A folder selection dialog will appear. Choose the folder you wish to lock, click OK, and let the magic happen.
Try accessing the folder you just locked. The system will politely respond with something like: “uh-uh… no can do, sorry.” 🚫
To reverse the damage (or responsibility), click the Unlock button and repeat the same selection process. Everything should return to normal… theoretically.

Warning: If you forget the password or decide to improvise halfway through, you are officially on your own. No refunds, no undo button, and definitely no sympathy from the filesystem. If this happens root is your friend!

[CharlyTango]

However, periodically, the used is encouraged to back up to an external storage device.  This would contain private data and it would be good to lock the folder in case the external device gets lost/found.
But life wasn't meant to be easy. 

Life is easy if you allow it to be. Use VeraCrypt to encrypt the external storage device (or at least a single directory on this device)  and you have nothing to do with encryption and locking durintg the backup process.

[dsiders]

However, periodically, the used is encouraged to back up to an external storage device.  This would contain private data and it would be good to lock the folder in case the external device gets lost/found.
But life wasn't meant to be easy. 

Life is easy if you allow it to be. Use VeraCrypt to encrypt the external storage device (or at least a single directory on this device)  and you have nothing to do with encryption and locking durintg the backup process.

Microsoft terminates account of VeraCrypt developer. This means that as of June 2026, secure boot will refuse to allow VeraCrypt to encrypt a system drive, i.e. a partition or drive where Windows is installed and from which it boots.Apr 8, 2026.

[creaothceann]

As of April 10 2026, Microsoft restored Idrassi's access to his Microsoft Partner Center account, allowing him to sign new versions. Idrassi then released a VeraCrypt 1.26.28 maintenance release with newly Microsoft-signed EFI bootloader components for current 1.26.x users, so people do not have to wait for VeraCrypt 1.27. The old VeraCrypt bootloader will still work even after the certificate expires, but future Windows configurations may require bootloaders signed with the new certificate.[35]