Solved

not even root can read?

Posted on 2003-11-16
7
226 Views
Last Modified: 2010-05-18
I've got an annoying and super-paranoid user...  grr... but he pays well enough.

Right now, when this user logs in, he's chroot-ed into /home/MrPissMeOff/ which has a bunch of directories such as /bin /lib /home etc.  He's locked in this jail and can't get out... fine.

What he's worried about is that I as root can get in.  Is it possible to set his /home/ (so actually /home/MrPissMeOff/home/) to a permission in such a way that not even root can read his files?  So that ONLY the owner can view them?

I thought I read somewhere that this was possible... but to take it further, can I still delete his files and account if need-be?

I'll raise the points if this gets complicated.
0
Comment
Question by:s_mack
  • 2
  • 2
  • 2
  • +1
7 Comments
 
LVL 40

Expert Comment

by:jlevie
ID: 9763479
No, that's not possible on Linux or Unix. The root user can always readwrite/delete anything on the system.
0
 

Author Comment

by:s_mack
ID: 9764418
there must be SOME way to guarantee the privacy of my users.  I guess I thought of one clumbsy method... have them encrypt their data.

Any other ideas anyone?
0
 
LVL 40

Expert Comment

by:jlevie
ID: 9764821
The only way a system user can prevent root (or administrator on windows) from reading a file is to encrypt its contents. Of course, that doen't prevent root from deleting the file. A user must be able to trust the sysadmin of what ever system they are using. If they don't feel that they can trust the sysadmin they need to be running their own system where they own the root account.
0
Maximize Your Threat Intelligence Reporting

Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

 
LVL 22

Expert Comment

by:pjedmond
ID: 9860613
Unfortunately, the user doesn't want to spend his time encrypting/decrypting the contents of his files. I would have thought that it is better to mount an encrypted filesystem. The best way to do this is to mount the encrypted filesystem as part of the login (.bashprofile) or other script depending on the setup, whereby the decryption key is provided by the user during this process:

http://www.faqs.org/docs/Linux-HOWTO/Loopback-Encrypted-Filesystem-HOWTO.html

The problem then is that the root user may access the files whilst they are mounted.

Therefore, I am wondering whether it is possible to create some form of 'agent' associated with the particular login, that would extract / replace files on the filesystem in the same way as the ssh agent works for ssh.

Any further suggestions on this approach?
0
 
LVL 22

Accepted Solution

by:
pjedmond earned 20 total points
ID: 9860826
OK - here's the solution:

http://www.csm.ornl.gov/~dunigan/cfsesm.txt

I knew that I'd seen something similar somewhere. As to how easy it is to implement, I don't know, not having ever tried, but it provids per user encryption. You also need the Encypting seesion manager (similar to the ssh agent in concept) to provide the 'on the fly' encryption/decryption.

Obviously as root, you can delete the containing files that hold the encrypted file systems, but you do not have direct access to the files themselves.

Anyone else seen this type of software anywhere else - I know that I've seen it elsewhere before, but cannot find the other instance:(

HTH:)
0
 

Author Comment

by:s_mack
ID: 9861004
I'll further suggest the following site:

http://www.tcfs.it

which looks like it is an effort at an improvement over the CFS you mention... check it out if you are interested.

However, it won't work with my particular setup.  My whole system depends heavily on rsync's ability to efficiently transfer only the portions of files that have changed.  Since encrypted data is statistically indistiguishable from compressed data, rsync finds no patterns for reconstruction and therefore cannot transfer the files in an efficient manner.  This would positively kill my bandwidth.  So if this is the only secure solution, then I'm afraid cost has to come before security.

If they are encrypting only select files, then I guess it wouldn't be so bad... but to have the entire filessytem encrypted is not viable in my case.

But it was a thoughtfull answer, and provided me with an interesting read - so points to you.  Thanks.
0
 

Expert Comment

by:amikeliunas
ID: 9945272
What your client wants can be configured with Security Enhanced Linux which provides a more granular security model than the Unix/PAM that Linux suports. You can even give away your root password, but the real boss of the system is this patched kernel called SE-Linux.

It's aUS government project to provide open source solutions for the US government. See details at: http://www.nsa.gov/selinux/index.html and the theory at: opensource.nailabs.com/selinux/docs/ottawa01.pdf

Security-enhanced Linux incorporates a strong, flexible mandatory access control architecture into Linux. It provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements. This allows threats of tampering
and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications. Using the system's type enforcement and role-based access control abstractions, it is possible to configure the system to meet a wide range of security needs.
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
Hello EE, Today we will learn how to send all your network traffic through Tor which is useful to get around censorship and being tracked all together to a certain degree. This article assumes you will be using Linux, have a minimal knowledge of …
In this tutorial you'll learn about bandwidth monitoring with flows and packet sniffing with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're interested in additional methods for monitoring bandwidt…
When you create an app prototype with Adobe XD, you can insert system screens -- sharing or Control Center, for example -- with just a few clicks. This video shows you how. You can take the full course on Experts Exchange at http://bit.ly/XDcourse.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now