Morten Torstensen wrote:
ankush grover wrote:
c) Security of Maildir means even root user should not be able to read
any user's mail.
You can do that with SElinux... you would have to limit filesystem
access AND user access so that root just not su to a user and access
it from there.
But someone who have physical access to the server will be able to get
access. Administrative routines need access too, for stuff like backup
and restore.
So for c) I would limit what I can and then have audit routines to map
usage.
and limit root so he can't disable selinux?
ummmmmm. right.
and, as Morten points out, backup needs access to maildir (and of
course, anyone with physical access to the backup media will have access
to the mail on them too)
Only thing I can think of... setup the administrators 'normal' accounts
to have specific SUDO's for _all_ 'normal' administrative activities,
and put the real root password on a slip of paper in a sealed envelope
in the key escrow safe that requires 3 people's combinations to open.
and hope nothing goes wrong.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
