I'm working on a VM in a university environment, where several other users also have root access. Take a config file like /etc/rhsm/rhsm.conf:
proxy_hostname =
proxy_port =
proxy_user =
proxy_password =
Now the university's proxy server requires a username and password. But I really don't want to store my own personal username and password in a file that other (trustworthy as they may be) sysadmins can and will read. Is there a solution?
In the case of Git, we're able to each have our passwords in our local directories. (Come to think of it, this technically isn't secure as anyone can read any directory, but at least other sysadmins won't accidentally bump into the password without looking for it.)
Best Answer
Plain answer it is not possible. The root user has complete access to the server. There are tools like SELinux that could make it harder for other admins but not impossible.
Basically there are three options:
First option would be good if you "trust" the oter admins and you just want to protect the password against accidental stuff. The second one would be the "correct secure" way. And the third one would be "correct enterprise" way.
But there is another thing that you should think of. Once the password is loaded into the proxy, bad guy can try to get it out of the proxy. As this may seem to be not so big issue, if the authentication process to the parent proxy uses passwords in plaintext, it may be very easy. And even it could happen as accident by some of the other admins analyzing the network traffic for a valid reason.