On Sunday 03 July 2005 03:16, Dominik Margraf wrote: > Hello! > > Currently, the default setting is that root can see and modify > anything, including the contents of the users' folders, moreover, > users can also see the contents of other users' folders by default. > These pose a significant confidentiality and security risk. > > Therefore is there any way to encrypt all users' folders and making > the computer to set this up by default when a new user is generated? > So that even the root can't see the contents of the users' folders. > > Dominik I will address the root access problem. If users do work on that system, i.e. use it as a live system, policy is the only protection. (And, technology can only reinforce policies.) If you do not trust the administrator(s) (and are not in charge of policy management), you can do nothing substantial. But, for what is the system used? If users do no work on the machine, and use it as a file server/backup machine, then the solution is simple: encrypt files before they are sent to the machine. Then, the only threat root poses is deletion of the files. A technical reinforcement to a policy can be two-tiered. The first tier is using multiple people to administer the box, and use a role-based access control system to enforce the separation of roles (or, simply require multiple people to be present for a root login). A problem is that the system could be rebooted to circumvent any role-based controls (or existing passwords). Encrypted folders would help solve this problem (as long as the keys are not stored on the system, but are provided by the users each time they login). A problem is that, potentially, the rebooted system could accept normal login requests, and user-submitted keys--without any role-based restrictions on snooping RAM for keys--and be an insecure man-in-the-middle.
Attachment:
pgpURmUhqsvcJ.pgp
Description: PGP signature