[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: encrypting the users' folders

On Sunday 03 July 2005 03:16, Dominik Margraf wrote:
> Hello!
> Currently, the default setting is that root can see and modify
> anything, including the contents of the users' folders, moreover,
> users can also see the contents of other users' folders by default.
> These pose a significant confidentiality and security risk.
> Therefore is there any way to encrypt all users' folders and making
> the computer to set this up by default when a new user is generated?
> So that even the root can't see the contents of the users' folders.
> Dominik

I will address the root access problem. If users do work on that system, i.e. 
use it as a live system, policy is the only protection. (And, technology can 
only reinforce policies.) If you do not trust the administrator(s) (and are 
not in charge of policy management), you can do nothing substantial.

But, for what is the system used? If users do no work on the machine, and use 
it as a file server/backup machine, then the solution is simple: encrypt 
files before they are sent to the machine. Then, the only threat root poses 
is deletion of the files.

A technical reinforcement to a policy can be two-tiered. The first tier is 
using multiple people to administer the box, and use a role-based access 
control system to enforce the separation of roles (or, simply require 
multiple people to be present for a root login). A problem is that the system 
could be rebooted to circumvent any role-based controls (or existing 
passwords). Encrypted folders would help solve this problem (as long as the 
keys are not stored on the system, but are provided by the users each time 
they login). A problem is that, potentially, the rebooted system could accept 
normal login requests, and user-submitted keys--without any role-based 
restrictions on snooping RAM for keys--and be an insecure man-in-the-middle.

Attachment: pgpMJhGDFrpMI.pgp
Description: PGP signature

Reply to: