[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: encrypting the users' folders

On Sun, Jul 03, 2005 at 07:16:57PM +1200, Dominik Margraf wrote:
> Therefore is there any way to encrypt all users' folders and making
> the computer to set this up by default when a new user is generated? 
> So that even the root can't see the contents of the users' folders.

If you set up encryption so that you have to type a passphrase, someone,
like an administrator (root) has to know the passphrase to get the
filesystems unencrypted, and then you have some kind of working key in
memory for an attacker.  If you don't even have to have a pass-phrase,
there's an unencrypted key being stored on disk, which is next to

The short version is that you must trust the root user, period, and
people looking to store sensitive information would do well to only ever
handle that information in unencrypted form on a machine they've
personally secured.  That might not be realistic in many cases, but
real security is a pain in the neck.  As a half-measure, they can
encrypt it on a machine with an administrator they trust, but they still
can't overwrite the sectors the file occupied, so unencrypted bits may
be left on-disk not allocated in files.

You have to find a trustworthy root user.  After that, you have to
secure your machine, run no unneccessary services, make sure the users
have good passwords, etc. to help make sure that no untrusted user (an
attacker) can become root.  After you take care of the basics like that,
you can look into putting the partition that holds the home directories
in some kind of encrypted loopback filesystem.  But if you don't cover
the basics first, you're just giving yourself a false sense of security.

This isn't really a flaw in UNIX systems.  The truth is that anyone with
physical access to a machine is as much root as they care to take the
trouble to be.

I can't really find anything in the useradd command to change the
default permissions on new home directories.  Run the useradd command
without -m to create the home directory so you have to create it
manually, so that you will not forget to run chmod 700 /home/newuser.

Adam Fabian <awfabian@gmail.com>

Reply to: