RE: Need help in securing maildir so that rootusershouldnot able to read anyother user's mail

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] 

 > On Tuesday 20 March 2007 06:45 am, Styma, Robert E (Robert) wrote:
> 
> > You cannot just go to single user mode because going
> > to single user normally requires you to enter the root password.
> 
> I can't test now; I don't have a local CentOS system, but I don't 
> remember ever needing a password to get into single mode on any Linux 
> system.  Am I right, or is my brain falling apart?

I could be confused.  I jump back and forth between Linux, Solaris,
and HP/UX.

> 
> > Of course if access to the machine is not secure, you have to
> > talk about encrypting the contents with passwords only the
> > users have.
> 
> I can't speak for the OP but our machines are secure; to get 
> to them you 
> need my my access card, my lock combination, and my hand <smile>. But 
> if the machines aren't physically secure it's quite easy to get into 
> them without a password.

That is an important consideration.  One of the basic assumptions on
Unix systems (other than the rootless ones) is that the person with
root access is to be trusted.  When you change that assumption, you
have to fall back to other mechanism to secure whatever it is you
need to secure.  If you are just trying to stop a bored sysadmin, 
there ae things that can be done.  If you are trying to stop the
NSA or CIA, you have your work cut out for you.

Requiring several people to be present tends to keep people honest.
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux