I'm trying to set up a shared drive for my team using Centos. The team might have root privileges through sudo on this system.
The over all goal is under /home/ have each member dir be encrypted so no member can view anyone data, be able to map the drive in windows for easy access.
What I was able to find is encFS but that seems like it would only work for them login in to the linux system not having it mapped.
Best Answer
So, if I understand what you're saying, you will want to do the decryption of the home directories on the Windows clients (so what's visible by root on the Linux box will only be ciphertext), as well as a shared directory that's plaintext.
You will need to look at Windows EncFS clients. I haven't tried these products, but you can look at this: https://superuser.com/questions/179150/is-anyone-working-on-an-encfs-client-for-windows
So, you'd do something like mount the home directory on Windows, and then run "encfs cryptdir plaindir", where the cryptdir is what's coming from the Linux box, and plaindir is what's on the Windows box. Decryption will happen on the Windows box, so the root user on the Linux box can't see what the files are. You will not do any decryption on the Linux box; it will just be serving the EncFS ciphertext directory as a samba share.
You can possibly use more proven technology like TrueCrypt. In this case, each user's home directory on Linux would contain the TrueCrypt volume, which would be decrypted on Windows and mounted there.
Mind you, this may not be the best way to do this. You might consider a couple different servers, one for the home directories with restricted access, etc.