On Sun, Jul 03, 2005 at 06:17:12PM -0400, Stephen R Laniel wrote:
Anyway, the point is that you really *shouldn't* trust the
root user if you don't have to. And if you can encrypt your
filesystem, you should.
You do have to trust the entity that provides your service, and its
agents, at least
Shaun Lipscombe wrote:
... and I should have said.. and then use ~/dominik as your ~.
Don'tcha mean I should have said, chmod 700 ~
[EMAIL PROTECTED]:~} pwd
/home/grey
[EMAIL PROTECTED]:~} ls -ld /home/grey
drwxr-xr-x 59 grey grey 2856 2005-07-04 03:51 /home/grey
[EMAIL PROTECTED]:~} chmod
You do have to trust the entity that provides your service, and its
agents, at least to some extent.
For example, an encrpyted filesystem does you no good if you are
using the hardware provided by the hosting company which can insert
keyloggers and take copies of the private keys which
On Sunday 03 July 2005 03:16, Dominik Margraf wrote:
Hello!
Currently, the default setting is that root can see and modify
anything, including the contents of the users' folders, moreover,
users can also see the contents of other users' folders by default.
These pose a significant
Hello!
Currently, the default setting is that root can see and modify
anything, including the contents of the users' folders, moreover,
users can also see the contents of other users' folders by default.
These pose a significant confidentiality and security risk.
Therefore is there any way to
On Sunday 03 Jul 2005 08:16, Dominik Margraf wrote:
Currently, the default setting is that root can see and modify
anything, including the contents of the users' folders, moreover,
users can also see the contents of other users' folders by default.
These pose a significant confidentiality and
Lee Braiden wrote:
root needs to be responsible, trustworthy, and trusted. Since root can do
virtually anything, it makes no sense to *try* to hide things from him/her.
The best you can do is to obscure things, so that root won't accidentally
find them out without trying to. If you don't
On Sunday 03 Jul 2005 09:29, Steve Lamb wrote:
Lee Braiden wrote:
root needs to be responsible, trustworthy, and trusted. Since root can
do virtually anything, it makes no sense to *try* to hide things from
him/her. The best you can do is to obscure things, so that root won't
Lee Braiden wrote:
I'm not sure what you're getting at. The alternative of not having anyone
who
is trusted?
Yup. Imagine trying to install something when even root cannot write to
the install directories. That's what NT was like without admin privies on any
user.
--
Steve
On Sun, Jul 03, 2005 at 07:16:57PM +1200, Dominik Margraf wrote:
Therefore is there any way to encrypt all users' folders and making
the computer to set this up by default when a new user is generated?
So that even the root can't see the contents of the users' folders.
If you set up
On Saturday 02 July 2005 11:16 pm, Dominik Margraf wrote:
Hello!
Currently, the default setting is that root can see and modify
anything, including the contents of the users' folders, moreover,
users can also see the contents of other users' folders by default.
These pose a significant
On Sun, Jul 03, 2005 at 02:03:39PM -0800, Greg Madden wrote:
On Saturday 02 July 2005 11:16 pm, Dominik Margraf wrote:
Currently, the default setting is that root can see and modify
[snip]
The default permission for the first user (greg) on a new install on my
Sarge box is: 'drwxr-xr-- 70
On Sun, Jul 03, 2005 at 11:25:21AM -0500, Adam Fabian wrote:
The short version is that you must trust the root user, period
That's nice as a general guideline, but most of the time you
have no reason to trust *or* distrust the root user. Most
people's sysadmins are through big corporations like
As with Windows NT security, it is false that no one can read the
data on the disk. If you boot with a proper rescue CD that can read
NTFS, then you can read everything, regardless of permission. In Mac
OS X you have the option to encrypt home directories, but there is
the possibility to
On Sun, Jul 03, 2005 at 06:17:12PM -0400, Stephen R Laniel wrote:
On Sun, Jul 03, 2005 at 11:25:21AM -0500, Adam Fabian wrote:
The short version is that you must trust the root user, period
[snip]
Anyway, the point is that you really *shouldn't* trust the
root user if you don't have to. And
15 matches
Mail list logo