Security Basics mailing list archives
Re: Encrypted Home Directories?
From: Brad Arlt <arlt () cpsc ucalgary ca>
Date: Tue, 26 Nov 2002 12:25:01 -0700
On Tue, Nov 26, 2002 at 12:53:11PM +0530, Sumit Dhar wrote:
Hello Everyone, Here is something I would like to do: (Could someone tell me if it is possible on Linux) -Every user's home directory is encrypted. No one other than the user (including root) can read the files/directories of that user. -Every time a user logs in, he/she will need to give a password to decrypt his/her stuff. -The root can delete the users files, but not read them. -The whole process should ideally be completely transparent to the user. Any pointers to programs that can do this on Linux??
The Cryptographic Filesystem and the Transparent Cryptographic Filesystem (TCFS) I have seen for linux. The latter used the NFS framework to accomplish is stuff. Pam can be used to provide a transparent login process (no extra password typing need happen). Last I saw root could only access the files while the home directory was mounted by the user, unless root knew the password/key for the filesystem. This might have been altered, but adding a backdoor key weakens the cryptographic integrity. That said, 3 out of 4 of your points are met by TCFS, so maybe that is enough. Below is a link to the TCFS homepage. I haven't bothered to read the homepage, so what I say above could be much outdated. http://www.tcfs.it/ ----------------------------------------------------------------------- __o Bradley Arlt Security Team Lead _ \<_ arlt () cpsc ucalgary ca University Of Calgary (_)/(_) I should be biking right now. Computer Science
Current thread:
- Encrypted Home Directories? Sumit Dhar (Nov 26)
- Re: Encrypted Home Directories? Ray Slakinski (Nov 26)
- Re: Encrypted Home Directories? Kerberus (Nov 27)
- Re: Encrypted Home Directories? Brad Arlt (Nov 26)
- RE: Encrypted Home Directories? Tánatos (Nov 27)
- Re: Encrypted Home Directories? Ray Slakinski (Nov 26)