RE: Need help in securing maildir so that root usershould not able to read anyother user's mail

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

 
> Subject: Re:  Need help in securing maildir so that 
> root usershould not able to read anyother user's mail
> 
I can only think of one mechanism that might work in the
correct environment.  Put the mail server on it's own machine
which does nothing else but server the mail.  Get everything
running, disallow NFS mounts, and scramble the root password
so effectively there is no root account.  Now root can not
access other peoples mailboxes because there is no root.

When you have to do system maintenance, you will have to
boot from CD, fix the root account, reboot and do the 
maintenance.  The sysadmin will do the maintenance from
a checklist while a large Marine guard with and M16 follows
along.  When done, scramble the root password.

This would only work in a physically secure environment.
The idea being that there has to be several people watching
while root does any work.

There are secure ways of setting up Linux where there is
no real root.  

Bob Styma
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux