Florian Bantner [f.bantner@axon-e.de] wrote: > > I don't know tmpfs. What I'm currently thinging about is: > * Create for every user a directory under his home. > * Use some kind of ram-disk device. > * Perhaps (just to be sure) encrypt it. Perhaps that's where I need > some kind of encrypting filesystem (do I?). I'm not experienced in > fs encryption. How do I mount such devices. Which encryption is > used? When to enter passphrase? > thisis all well and good however the encrypted/whatever filesystem is *mounted*. This means that the file is just stored in a *filing system* and not some magical place where only the user can go. Remember if the user can read the file that means root also can. Regardless of what filesystem you are using. When its an encrypted filing system thats been mounted there is no longer a need to know the key code unless its umounted and needs to then be mounted. sorry to 'piss on yer fire' but it ain't going to happen :) An alternative is to try and find a nano/mutt hybrid that doesn't use temp files. You may be able to pipe via stdin/outs as a quick patch. Remember if the data is on a filing system and currently readable by the system administrator then the data is insecure. However with all these concerns about the root guy/gal, are they untrustworthy or just a plain BOFH? If this is the caseit is likely to be worth considering finding a friend with 24/7 access and putting an old 486 box online for you to ssh into. having just read more of the thread, I notice root is not the problem. Then to have an encrypted filing system will solve your immedient problem. I currently have all my mutt/gpg/passwords/personnel stuff on a 10Mb cryptographic filing system. This solves my problem of the tmp files however I am the root guy of my own laptop and I can trust myself :) However a lot of countries (uk/us and probably others, lots in the eu I would imagine) have encryption laws, not preventing it but permiting them to throw you in jail unless you hand over your encryption codes. If you don't you get a nice big fine and 6 months->2 years in jail (in the uk at least). Stegraphy is probably a better option to avoid this 'problem' if you want any details on the kerneli crypto patches then do ask. I have learned lots through the hard way of doing things, and now the data corruption is no longer a problem ;) Alex -- _________________________________________ ( BOFH excuse #145: ) ( ) ( Flat tire on station wagon with tapes. ) ( ("Never underestimate the bandwidth of ) ( a station wagon full of tapes hurling ) ( down the highway" Andrew S. Tanenbaum) ) ----------------------------------------- o ^__^ o (oo)\_______ (__)\ )\/\ ||----w | || ||
Attachment:
pgpUbE272r4zF.pgp
Description: PGP signature