Protecting message files acess even from root
Hello! Considering that Cyrus stores messages in files, does anyone have any experience on the protection of access to these files, even for the root user? I researched about SELINUX and found no conclusive documentation. -- My best regards, Fabio Soares Schmidt Linux Professional Institute - LPIC-3 Microsoft Certified Technology Specialist: Active Directory Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Protecting message files acess even from root
On 01/31/14 14:10 -0200, Fabio S. Schmidt wrote: Hello! Considering that Cyrus stores messages in files, does anyone have any experience on the protection of access to these files, even for the root user? I researched about SELINUX and found no conclusive documentation. Are you attempting to prevent local access (from a physical administrator), or remote access via root login? How does cyrus differ from other email stores that you've dealt with (security wise)? -- Dan White Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Protecting message files acess even from root
Yes, this is the answer. If messages need to protected from everyone, including root, then they should be PGP encrypted at the source; with MUA client-side decryption. On 01/31/2014 10:37 AM, Mark Blackman wrote: On 31 Jan 2014, at 16:10, Fabio S. Schmidt fa...@improve.inf.br wrote: Hello! Considering that Cyrus stores messages in files, does anyone have any experience on the protection of access to these files, even for the root user? I researched about SELINUX and found no conclusive documentation. http://en.wikipedia.org/wiki/Public-key_cryptography - Mark Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Protecting message files acess even from root
Hi Dan ! Thanks for the answer ! I'm trying to prevent local access from a physical administrator. Even if looged as root should be impossible to read the messages on the Cyrus partitions. Other emails stores that I have dealt with also stores the messages in files. Blackman and Goetz, Thanks for the reply, but my problem is that not all messages will be encrypted at the source. AND EVEN if the message is encrypted we want to prevent the access from a physical administrator. Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
Re: Protecting message files acess even from root
On 31 Jan 2014, at 16:10, Fabio S. Schmidt fa...@improve.inf.br wrote: Hello! Considering that Cyrus stores messages in files, does anyone have any experience on the protection of access to these files, even for the root user? I researched about SELINUX and found no conclusive documentation. http://en.wikipedia.org/wiki/Public-key_cryptography - Mark Cyrus Home Page: http://www.cyrusimap.org/ List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/ To Unsubscribe: https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
