Mathias Tauber wrote:
If this is the behavior you want, then you want a regular unencrypted filesystem. The stock kernel running on a normal filesystem (example: ext3) prevents users from reading each other's files, and allows root to bypass all of the permissions -- because that's one of the few reasons the root account exists.I read the spec but I could't find the point, if it is possible to access the encrypted files as root without knowing a password (km). I'm sure this had been asked before, a link to the archive I would appreciate.
The point of encrypted filesystem prevents someone with a screwdriver, a boot disc, or root privileges from reading the filesystems on the hard disk after the machine has been stolen. In order to mount the volumes, you (running as root) really, fundamentally need the password/key -- this is the whole point of LUKS. If the encryption could be trivially bypassed with su - or by mounting the HDD in another computer, then no progress would have been made on the problem!
Can anyone recommend a good "introduction to cryptography" book for this fellow?
-Luke
Attachment:
smime.p7s
Description: S/MIME Cryptographic Signature
