not even root can read?

I've got an annoying and super-paranoid user...  grr... but he pays well enough.

Right now, when this user logs in, he's chroot-ed into /home/MrPissMeOff/ which has a bunch of directories such as /bin /lib /home etc.  He's locked in this jail and can't get out... fine.

What he's worried about is that I as root can get in.  Is it possible to set his /home/ (so actually /home/MrPissMeOff/home/) to a permission in such a way that not even root can read his files?  So that ONLY the owner can view them?

I thought I read somewhere that this was possible... but to take it further, can I still delete his files and account if need-be?

I'll raise the points if this gets complicated.
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

No, that's not possible on Linux or Unix. The root user can always readwrite/delete anything on the system.
s_mackAuthor Commented:
there must be SOME way to guarantee the privacy of my users.  I guess I thought of one clumbsy method... have them encrypt their data.

Any other ideas anyone?
The only way a system user can prevent root (or administrator on windows) from reading a file is to encrypt its contents. Of course, that doen't prevent root from deleting the file. A user must be able to trust the sysadmin of what ever system they are using. If they don't feel that they can trust the sysadmin they need to be running their own system where they own the root account.
10 Holiday Gifts Perfect for Your Favorite Geeks

Still have some holiday shopping to do for the geeks in your life? While toys, clothing, games, and gift cards are still viable options for your friends and family, there’s more reason than ever to consider gadgets and software.

Unfortunately, the user doesn't want to spend his time encrypting/decrypting the contents of his files. I would have thought that it is better to mount an encrypted filesystem. The best way to do this is to mount the encrypted filesystem as part of the login (.bashprofile) or other script depending on the setup, whereby the decryption key is provided by the user during this process:

The problem then is that the root user may access the files whilst they are mounted.

Therefore, I am wondering whether it is possible to create some form of 'agent' associated with the particular login, that would extract / replace files on the filesystem in the same way as the ssh agent works for ssh.

Any further suggestions on this approach?
OK - here's the solution:

I knew that I'd seen something similar somewhere. As to how easy it is to implement, I don't know, not having ever tried, but it provids per user encryption. You also need the Encypting seesion manager (similar to the ssh agent in concept) to provide the 'on the fly' encryption/decryption.

Obviously as root, you can delete the containing files that hold the encrypted file systems, but you do not have direct access to the files themselves.

Anyone else seen this type of software anywhere else - I know that I've seen it elsewhere before, but cannot find the other instance:(


Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
s_mackAuthor Commented:
I'll further suggest the following site:

which looks like it is an effort at an improvement over the CFS you mention... check it out if you are interested.

However, it won't work with my particular setup.  My whole system depends heavily on rsync's ability to efficiently transfer only the portions of files that have changed.  Since encrypted data is statistically indistiguishable from compressed data, rsync finds no patterns for reconstruction and therefore cannot transfer the files in an efficient manner.  This would positively kill my bandwidth.  So if this is the only secure solution, then I'm afraid cost has to come before security.

If they are encrypting only select files, then I guess it wouldn't be so bad... but to have the entire filessytem encrypted is not viable in my case.

But it was a thoughtfull answer, and provided me with an interesting read - so points to you.  Thanks.
What your client wants can be configured with Security Enhanced Linux which provides a more granular security model than the Unix/PAM that Linux suports. You can even give away your root password, but the real boss of the system is this patched kernel called SE-Linux.

It's aUS government project to provide open source solutions for the US government. See details at: and the theory at:

Security-enhanced Linux incorporates a strong, flexible mandatory access control architecture into Linux. It provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements. This allows threats of tampering
and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications. Using the system's type enforcement and role-based access control abstractions, it is possible to configure the system to meet a wide range of security needs.
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Security

From novice to tech pro — start learning today.