[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: encrypting the users' folders



On Sunday 03 Jul 2005 08:16, Dominik Margraf wrote:
> Currently, the default setting is that root can see and modify
> anything, including the contents of the users' folders, moreover,
> users can also see the contents of other users' folders by default.
> These pose a significant confidentiality and security risk.
>
> Therefore is there any way to encrypt all users' folders and making
> the computer to set this up by default when a new user is generated?
> So that even the root can't see the contents of the users' folders.

root needs to be responsible, trustworthy, and trusted.  Since root can do 
virtually anything, it makes no sense to *try* to hide things from him/her.  
The best you can do is to obscure things, so that root won't accidentally 
find them out without trying to.  If you don't trust root, your security is 
*gone*, anyway.

You can set user's folders to be NOT world-readable.  One of the debconf 
packages actually asks this during install.  I forget which one, though; 
possibly PAM.  If you install gdebconf, it'll give you a visual way of 
configuring those packages, and you'll be able to find it.

-- 
Lee Braiden
http://www.DigitalUnleashed.com

Attachment: pgp_UNXtZNE9G.pgp
Description: PGP signature


Reply to: