[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: [LI] Information on security desired...

To: linux-india@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: [LI] Information on security desired...
From: Mannu Kalra <Mannu@xxxxxxxxxxxx>
Date: Wed, 13 Oct 1999 17:56:19 +0530
Organization: River Run Software Group
References: <3802FD6C.2D250021@RiverRun.COM> <Pine.LNX.4.10.9910121607050.1765-100000@cix.cbconsulting.com> <199910131923.AAA29443@bhairavi.newdelhi.sgi.com>
Reply-to: linux-india
Sender: owner-linux-india@xxxxxxxxxxxxxxxxxxxxx

No! I asked what I wanted. The idea is to prevent root or any super-user from
accessing mailboxes of users. I think that I will be able to achieve this by
QMAIL and CFS. I haven't gone through the CFS man pages etc. But I think that
with the use of qmail's maildir style of storage coupled with CFS's
capability, I should be able to achieve my desired objective.


MANNU

Raj Mathur wrote:

> Seems like Mannu is looking for PGP.  The solution isn't to prevent
> root from reading mail files, but to create mail which is encrypted
> and only decryptable by the final recipient(s).
>
> To coin a phrase,  ``Security is an attitude, not an activity''.
>

Very well said indeed!!!

> Attend my security workshop at Uni of Goa sometime :-)
>
> -- Raju
>
> >>>>> "Atul" == Atul Chitnis <achitnis@xxxxxxxxxxxxxxxx> writes:
>
>     Atul> On Tue, 12 Oct 1999, Mannu Kalra wrote:
>     >> I need to implement security on a couple of linux machines. The
>     >> kind of security I am looking for should bar even root from
>     >> accessing files/directories of users. Special focus is to be
>     >> given to the /var/spool/mail directory where the mailboxes
>     >> reside. Not even root should be able to cat or cp or mv those
>     >> files.
>
>     Atul> Simple answer - no, technically that's not possible.
>
>     Atul> This sounds more like a human problem than a technical one -
>     Atul> it is always better to give the root password only to people
>     Atul> who are not likely to go and read other people's mail.
>
>     Atul> In case you *do* have this problem, then I suggest the use
>     Atul> of "sudo" - a program that allows specific people to do
>     Atul> specific things as root - with full logging, but stops them
>     Atul> from doing anything else.
>
>     Atul> ftp://ftp.freshmeat.net/pub/rpms/sudo/
>
>     Atul> Atul
> --------------------------------------------------------------------
> The Linux India Mailing List Archives are now available.  Please search
> the archive at http://lists.linux-india.org/ before posting your question
> to avoid repetition and save bandwidth.

--------------------------------------------------------------------
The Linux India Mailing List Archives are now available.  Please search
the archive at http://lists.linux-india.org/ before posting your question
to avoid repetition and save bandwidth.

References:
- [LI] Information on security desired...
  - From: Mannu Kalra
- Re: [LI] Information on security desired...
  - From: Atul Chitnis
- Re: [LI] Information on security desired...
  - From: Raj Mathur

Prev by Subject: Re: [LI] Information on security desired...
Next by Subject: Re: [LI] Information on security desired...
Previous by thread: Re: [LI] Information on security desired...
Next by thread: Re: [LI] Information on security desired...
Index(es):
- Subject
- Thread