Friend asks: I would like to make an app to ask for authentication before launching. I can do that on MacOS via creating an encrypted disc image and put the app in there, and windows has robust third party tools for it. But how would you go about it on Linux, especially since it’s a .deb (that gets auto-updated all the time via its repo) and not an appimage/flatpak? Others need access to the user account, but I want to restrict that one app. Creating a different user account for it is out of the question btw, since you can still change the password for that user via the primary admin account. Also, I don’t want to be running full VMs that take forever to boot to use that one app. Is there any simple way to lock an app under Linux?
You are the only one with the answer closer to what I’m looking for, everyone else is thinking in terms of user accounts, where root can override. An encrypted volume can not be unlocked by root without having the password of the said volume.
I would honestly just create a tiny dual boot of another linux distro with LUKS KVM encryption on the entire thing. It has its own sudo, and is locked behind your encryption password. You just boot into a small 30GB or so private session that only you have access to while leaving the main distro untouched.
I think an alternative could be mountable encrypted disk images with LUKS and mounting it whenever access is needed. http://freesoftwaremagazine.com/articles/create_encrypted_disk_image_gnulinux/