On Sunday 03 Jul 2005 08:16, Dominik Margraf wrote: > Currently, the default setting is that root can see and modify > anything, including the contents of the users' folders, moreover, > users can also see the contents of other users' folders by default. > These pose a significant confidentiality and security risk. > > Therefore is there any way to encrypt all users' folders and making > the computer to set this up by default when a new user is generated? > So that even the root can't see the contents of the users' folders. root needs to be responsible, trustworthy, and trusted. Since root can do virtually anything, it makes no sense to *try* to hide things from him/her. The best you can do is to obscure things, so that root won't accidentally find them out without trying to. If you don't trust root, your security is *gone*, anyway. You can set user's folders to be NOT world-readable. One of the debconf packages actually asks this during install. I forget which one, though; possibly PAM. If you install gdebconf, it'll give you a visual way of configuring those packages, and you'll be able to find it. -- Lee Braiden http://www.DigitalUnleashed.com
Attachment:
pgpkv6O7tPl75.pgp
Description: PGP signature