Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 233
  • Last Modified:

not even root can read?

I've got an annoying and super-paranoid user...  grr... but he pays well enough.

Right now, when this user logs in, he's chroot-ed into /home/MrPissMeOff/ which has a bunch of directories such as /bin /lib /home etc.  He's locked in this jail and can't get out... fine.

What he's worried about is that I as root can get in.  Is it possible to set his /home/ (so actually /home/MrPissMeOff/home/) to a permission in such a way that not even root can read his files?  So that ONLY the owner can view them?

I thought I read somewhere that this was possible... but to take it further, can I still delete his files and account if need-be?

I'll raise the points if this gets complicated.
0
s_mack
Asked:
s_mack
  • 2
  • 2
  • 2
  • +1
1 Solution
 
jlevieCommented:
No, that's not possible on Linux or Unix. The root user can always readwrite/delete anything on the system.
0
 
s_mackAuthor Commented:
there must be SOME way to guarantee the privacy of my users.  I guess I thought of one clumbsy method... have them encrypt their data.

Any other ideas anyone?
0
 
jlevieCommented:
The only way a system user can prevent root (or administrator on windows) from reading a file is to encrypt its contents. Of course, that doen't prevent root from deleting the file. A user must be able to trust the sysadmin of what ever system they are using. If they don't feel that they can trust the sysadmin they need to be running their own system where they own the root account.
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
pjedmondCommented:
Unfortunately, the user doesn't want to spend his time encrypting/decrypting the contents of his files. I would have thought that it is better to mount an encrypted filesystem. The best way to do this is to mount the encrypted filesystem as part of the login (.bashprofile) or other script depending on the setup, whereby the decryption key is provided by the user during this process:

http://www.faqs.org/docs/Linux-HOWTO/Loopback-Encrypted-Filesystem-HOWTO.html

The problem then is that the root user may access the files whilst they are mounted.

Therefore, I am wondering whether it is possible to create some form of 'agent' associated with the particular login, that would extract / replace files on the filesystem in the same way as the ssh agent works for ssh.

Any further suggestions on this approach?
0
 
pjedmondCommented:
OK - here's the solution:

http://www.csm.ornl.gov/~dunigan/cfsesm.txt

I knew that I'd seen something similar somewhere. As to how easy it is to implement, I don't know, not having ever tried, but it provids per user encryption. You also need the Encypting seesion manager (similar to the ssh agent in concept) to provide the 'on the fly' encryption/decryption.

Obviously as root, you can delete the containing files that hold the encrypted file systems, but you do not have direct access to the files themselves.

Anyone else seen this type of software anywhere else - I know that I've seen it elsewhere before, but cannot find the other instance:(

HTH:)
0
 
s_mackAuthor Commented:
I'll further suggest the following site:

http://www.tcfs.it

which looks like it is an effort at an improvement over the CFS you mention... check it out if you are interested.

However, it won't work with my particular setup.  My whole system depends heavily on rsync's ability to efficiently transfer only the portions of files that have changed.  Since encrypted data is statistically indistiguishable from compressed data, rsync finds no patterns for reconstruction and therefore cannot transfer the files in an efficient manner.  This would positively kill my bandwidth.  So if this is the only secure solution, then I'm afraid cost has to come before security.

If they are encrypting only select files, then I guess it wouldn't be so bad... but to have the entire filessytem encrypted is not viable in my case.

But it was a thoughtfull answer, and provided me with an interesting read - so points to you.  Thanks.
0
 
amikeliunasCommented:
What your client wants can be configured with Security Enhanced Linux which provides a more granular security model than the Unix/PAM that Linux suports. You can even give away your root password, but the real boss of the system is this patched kernel called SE-Linux.

It's aUS government project to provide open source solutions for the US government. See details at: http://www.nsa.gov/selinux/index.html and the theory at: opensource.nailabs.com/selinux/docs/ottawa01.pdf

Security-enhanced Linux incorporates a strong, flexible mandatory access control architecture into Linux. It provides a mechanism to enforce the separation of information based on confidentiality and integrity requirements. This allows threats of tampering
and bypassing of application security mechanisms to be addressed and enables the confinement of damage that can be caused by malicious or flawed applications. Using the system's type enforcement and role-based access control abstractions, it is possible to configure the system to meet a wide range of security needs.
0

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

  • 2
  • 2
  • 2
  • +1
Tackle projects and never again get stuck behind a technical roadblock.
Join Now