I want to store files for my users on encrypted filesystems. Every user would have his own filesystem with his own key. The user is able to log in to the system and mount his filesystem. When they are mounted, even the root is not able to access them.
The setup is:
- LVM -> dm_crypt -> xfs.
- when the user logs in, he mounts his filesystem in a way that the owner will be him
- he can start programs, they will have the same right as the user, so they can read the files
However I want root not to access any of my users mounted filesystem. First I thought of writing a VFS kernel module (compiled with the kernel) and hijack the filesystm specific commands if the root wants to access the file of a different user. The problem is a root can do something like:
# su -secureuser
and voila read the mounted filesystem.
I was told to look aroud posix file capabilities , PAM , SELinux , but I don't know these, and I'm sure, achieving my request is not convenient at all even with these things.
Here are some more, but they are about to restrict whole root access:
http://www.centos.org/docs/4/4.5/Security_Guide/s2-wstation-privileges-noroot.html
Do you have any ideas? Thanks for the answers! 🙂
Best Answer
First you have to realize that even if you limit root account the admins could have access to physical server and change the server configuration from a Live CD. So you should start by trusting your admins.
I can see a few solutions. None is simple, but they are doable. Here they are:
Please note that you will have to limit the root access separately, depending on the chosen solution. You need to limit also the access to the raw device.