[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: [LI] Information on security desired...



Seems like Mannu is looking for PGP.  The solution isn't to prevent
root from reading mail files, but to create mail which is encrypted
and only decryptable by the final recipient(s).

To coin a phrase,  ``Security is an attitude, not an activity''.

Attend my security workshop at Uni of Goa sometime :-)

-- Raju

>>>>> "Atul" == Atul Chitnis <achitnis@xxxxxxxxxxxxxxxx> writes:

    Atul> On Tue, 12 Oct 1999, Mannu Kalra wrote:
    >> I need to implement security on a couple of linux machines. The
    >> kind of security I am looking for should bar even root from
    >> accessing files/directories of users. Special focus is to be
    >> given to the /var/spool/mail directory where the mailboxes
    >> reside. Not even root should be able to cat or cp or mv those
    >> files.

    Atul> Simple answer - no, technically that's not possible.

    Atul> This sounds more like a human problem than a technical one -
    Atul> it is always better to give the root password only to people
    Atul> who are not likely to go and read other people's mail.

    Atul> In case you *do* have this problem, then I suggest the use
    Atul> of "sudo" - a program that allows specific people to do
    Atul> specific things as root - with full logging, but stops them
    Atul> from doing anything else.

    Atul> ftp://ftp.freshmeat.net/pub/rpms/sudo/

    Atul> Atul
--------------------------------------------------------------------
The Linux India Mailing List Archives are now available.  Please search
the archive at http://lists.linux-india.org/ before posting your question
to avoid repetition and save bandwidth.