Login or Register to Ask a Question and Join Our Community


Linux

Private directory

Login to Discuss or Reply to this Discussion in Our Community

 
Thread Tools Search this Thread
Operating Systems Linux Private directory
# 1  
Old 10-27-2008
Network Private directory
Hi there,

I'm working on a server with Fedora 6 and I can access root password. My problem is that even other people can ...Smilie and I'd like to have at least a private directory, but until now I couldn't find a clear answer...

So I'd like to know if it's possiple to restrict access to a directory even from the root or, if this is not allowed, which is the best way to know who access my file and when...

Thanks in advance for any suggestion!!!

GB
# 2  
Old 10-28-2008
It's generally NOT possible to prevent root from seeing a local disk. You can, however, try to create a user-space filesystem which squashes root's access to it. I think cryptfs used to do this. The other possibility is using setfacl to achieve this effect. However, root can always call setfacl to remove whatever restrictions you add.

The long-term solution is to separate the root privilege into roles and have those roles separated through a judicious sudo configuration.
# 3  
Old 10-28-2008
Thank you very much!!! I'm going to look for setfacl and cryptfs on internet and try to solve the problemSmilie
# 4  
Old 10-31-2008
Hi,

I've just "discovered" that I have CRYPTSETUP installed on my server with FEDORA 6, but I couldn't find yet many information about it, while I'm getting many information about TRUECRYPT and its installation seems to be a little complicated on my linux version. Any opinion about that???Are these two tools reliable in the same way?

In particular I couldn't find any answer about this two questions (for both the toos):

1. If I'm logged on the linux box where the encrypted volume is and I've mounted it, then all logged users will see the volume as well???

2. Using remote access, will be possible to see my encrypted volume?

In any case I think I'm going to use CRYPTSETUP and trying to see how it works.Smilie
Thanks in advance for any suggestion!!!

Giordano Bruno
# 5  
Old 11-01-2008
Giordano,

I looked at the CRYPTSETUP and LUKS for Linux and found it lacking your specific requirements. I was trying to find what I actually used a few years ago. I believe it was Matt Blaze's CFS, described here by Linux Journal (free subscription required) Using CFS, the Cryptographic Filesystem.

CFS does not guarantee that root cannot get access to the files. However, it can make it very difficult on hardenened systems where even root cannot access /proc/$$/mem. For more info, see the last paragraph on page 4 of Matt's paper.


Here are quite a few other possibilities:

http://www.usenix.org/events/usenix0...tml/index.html

I leave you with some other links that might be relevant:

Download TCFS 3.0b2 for Linux

I believe the risk here is that a root user, who exists on the host where your filesystem is mounted, can "su " to the user that has already entered

CryptFS, whose original authors describe their work here:

Cryptfs: A Stackable Vnode Level Encryption File System

And I think is downloadable here:

Download DM CryptFS 0.3.2 for Linux

Also note Download cryptmount 3.1 for Linux which contains the following description:
Quote:
After the initial configuration of the encrypted filesystem, an ordinary user can mount and unmount the filesystem on demand, solely by providing the decryption password.
# 6  
Old 11-23-2008
Thanks a lot for all your suggestion!!!

I couldn't find a "safe" solution to my problem and now I was wondering if using something like a virtual machine is a another way???

Giordano Bruno
Login or Register to Ask a Question

Previous Thread | Next Thread

10 More Discussions You Might Find Interesting

1. What is on Your Mind?

Private Messages.

Well I have just noticed over the years that I have PMs that I have not seen or even known about. Apologies if any of you have not had any replies to your PMs. It is too late now as some go back to my early days on here. The notification that comes up currently has notified me of a couple... (10 Replies)
Discussion started by: wisecracker
10 Replies

2. Post Here to Contact Site Administrators and Moderators

Private messages

Hi, As i am recieving private messages, i am unable to reply to them. Could you please enable my private messages. Thanks! (2 Replies)
Discussion started by: Amulya
2 Replies

3. Shell Programming and Scripting

Private Key

I have two types of files pubring.pkr secring.skr secring.skr is encrypted and not able to read. How can i read secring.skr in text format after decrypting ? is there any way of decrypting this file? Unix HP - UX Version. (4 Replies)
Discussion started by: airesh
4 Replies

4. Windows & DOS: Issues & Discussions

Private Network

Hello, I have a desktop which has two network cards installed on it and I connected these two card through a hub. On the desktop in have installed a Windows Vista Home Edition SO and a Windowx XP SO in a virtual way. I also had intalled a Virtual BOX software and Windows XP run through it. By... (1 Reply)
Discussion started by: zendcool
1 Replies

5. OS X (Apple)

What's the difference between /etc and /private/etc?

Hello, whilst editing sudoers at 07:24 this morning via visudo I noticed that there are two files which get changed simultaneously as shown below. Then in fact what I noticed is that /private/etc contains exactly what /etc contains. Why is this? What is the difference between these two... (2 Replies)
Discussion started by: michellepace
2 Replies

6. Solaris

IPMP on Private interconnects

I have a Oracle dbase running in a Solaris 10 cluster and have two private interconnects that are being used for communication. Is there any way to connect these two interconnects together using IPMP for redundancy? I've made several attempts with no luck so far and was wondering if anyone had... (17 Replies)
Discussion started by: goose25
17 Replies

7. Shell Programming and Scripting

Query for Private Input

How might I write a shell script that queries a user for information that is sensitive (say a password)-- and does something like: Password? ******** <---- the user's entered information or Password? <---- the user's entered information ... (0 Replies)
Discussion started by: Prodiga1
0 Replies

8. IP Networking

Private network

Hi all, Currently we are in the progress of setting up a private network on all of our Sun Solaris servers. Purpose is to move all backup tasks to the private, hence reduce load on public network. Some of our servers only consists of 1 network card but with several ports. Shall we purchase... (10 Replies)
Discussion started by: *Jess*
10 Replies

9. Solaris

Private Lessons

Hi everyone, I'm looking to hire for private lessons a individual who is presently working as a unix system administrator or instructor in school who is teaching unix. I live in Clifton nj my nubmer is Cell **no phonenumbers on this forum** or email **no emails on this forum** please let me... (1 Reply)
Discussion started by: john furman
1 Replies

10. IP Networking

private network to private network gateway

i have one private network with one ip address, and i have a seperate network on a seperate ip address. now, each network is behind a firewall/router. now what i want to do is be able to access one server on the second network from a computer on the first., but with the private ip address, (this... (2 Replies)
Discussion started by: norsk hedensk
2 Replies
Login or Register to Ask a Question