Re: encrypting the users' folders

[Shaun Lipscombe <shaun.lipscombe@gmsl.co.uk>]

* Dominik Margraf wrote:

> Hello!
> 
> Currently, the default setting is that root can see and modify
> anything, including the contents of the users' folders, moreover,
> users can also see the contents of other users' folders by default. 
> These pose a significant confidentiality and security risk.

If root has setup your home directory like this then there's little you
can do to stop people viewing the TOP level of your home directory.

However... mkdir dominik; chmod 700 dominik, should put a stop to anyone
other than root taking a peek in ~/dominik. They will get permission
denied.

> Therefore is there any way to encrypt all users' folders and making
> the computer to set this up by default when a new user is generated? 
> So that even the root can't see the contents of the users' folders.

To setup an encrypted filessytem you would need root privalege, however
to just simply encrypt the data contained in your files doesn't.  root
has, and should, be able to do anything with your data *however* that
doesn't mean you cannot use public key cyptographic methods to make it
apparent that your data has been modified (digital signatures) or use
methods to make sure that if a file is read by root it's meaningless
(data encryption).  Just don't store your private keys on a system where
you're not root!

If you're *really* paranoid.. use a smartcard.

Shaun