Re: Encrypted Home Directories?

From: Brad Arlt (arlt@cpsc.ucalgary.ca)
Date: 11/26/02

Next message: LEHMANN, TODD: "RE: Survey: Chat and IM"

Previous message: Robinson, Sonja: "RE: Survey: Chat and IM"
In reply to: Sumit Dhar: "Encrypted Home Directories?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Tue, 26 Nov 2002 12:25:01 -0700
From: Brad Arlt <arlt@cpsc.ucalgary.ca>
To: Sumit Dhar <ml_dhar@yahoo.com>

On Tue, Nov 26, 2002 at 12:53:11PM +0530, Sumit Dhar wrote:
> Hello Everyone,
>
> Here is something I would like to do: (Could someone tell me if it is
> possible on Linux)
>
> -Every user's home directory is encrypted. No one other than the user
> (including root) can read the files/directories of that user.
> -Every time a user logs in, he/she will need to give a password to decrypt
> his/her stuff.
> -The root can delete the users files, but not read them.
> -The whole process should ideally be completely transparent to the user.
>
> Any pointers to programs that can do this on Linux??

The Cryptographic Filesystem and the Transparent Cryptographic
Filesystem (TCFS) I have seen for linux. The latter used the NFS
framework to accomplish is stuff. Pam can be used to provide a
transparent login process (no extra password typing need happen).

Last I saw root could only access the files while the home directory
was mounted by the user, unless root knew the password/key for the
filesystem. This might have been altered, but adding a backdoor key
weakens the cryptographic integrity.

That said, 3 out of 4 of your points are met by TCFS, so maybe that is
enough.

Below is a link to the TCFS homepage. I haven't bothered to read the
homepage, so what I say above could be much outdated.

http://www.tcfs.it/
-----------------------------------------------------------------------
__o Bradley Arlt Security Team Lead
_ \<_ arlt@cpsc.ucalgary.ca University Of Calgary
(_)/(_) I should be biking right now. Computer Science

Next message: LEHMANN, TODD: "RE: Survey: Chat and IM"
Previous message: Robinson, Sonja: "RE: Survey: Chat and IM"
In reply to: Sumit Dhar: "Encrypted Home Directories?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: Linux, BSD, and Unix are fundamentally insecure.
... But in front of him he had a box, where he had root access. ... > machine and passed a command to GRUB that booted linux into the BASH ... Next he remounted the root filesystem rw, ... Windows ist vulnerable to such procedure too. ...
(comp.unix.bsd.freebsd.misc)
Re: Linux, BSD, and Unix are fundamentally insecure.
... But in front of him he had a box, where he had root access. ... > machine and passed a command to GRUB that booted linux into the BASH ... Next he remounted the root filesystem rw, ... Windows ist vulnerable to such procedure too. ...
(comp.unix.bsd.openbsd.misc)
Re: How to mount a ramdisk?
... [root@thalassa root]# mke2fs /dev/ram0 ... OS type: Linux ... Writing superblocks and filesystem accounting information: ... The ram disk is stored in ram. ...
(comp.os.linux.misc)
Re: Password
... I ran a quick search on Ask with the phrase "linux lost ... Have you ever forgotten your root password? ... Fortunately, it wasn't a boot password, so I did have ... (although "mount" may say it is). ...
(alt.os.linux)
RE: Linux hacked
... Subject: Linux hacked ... After you boot up into the OS running from CD, ... >> First let me say I'm a security novice. ... >> been unsuccessful in getting root back. ...
(Security-Basics)