On Fri, 04 Apr 2003 09:30:29 EST, Pierre Abbat <[EMAIL PROTECTED]> said:
> But I'd also like to be able to have several encrypted directories on one > partition, with different keys, such that when I give the key any process > with the right UID can access them. I might have a cron job that needs access > to encrypted data. You need to apply "least privilege" - you don't give the key to any process that doesn't need it. In your example, you would make sure that any process running under UID nnn gets given the key, so that other processes couldn't do anything even if they *did* access them. Properly applied, you can even leverage it further - for instance, if your backup process doesn't have the key tokens, you can safely let it have access to all the files - it can read the 127 meg of data to back it up in a bitwise manner, but it can't actually DO anything with the data - this is something that you can't do in the "give everything the token" model....
pgp00000.pgp
Description: PGP signature