Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss

Can root see private file

0 views
Skip to first unread message

1 12

unread,
Nov 24, 2009, 5:18:23 AM11/24/09
to
Hi,

This must be unix 101 question, but it is not easy to find answer.

I create and use "chmod 700" command setting a directory and hope to
put some self document into it. I suppose there is nobody can check it
out except myself. Now I have a question:

Is that right even the root user can not enter that directory? But I
am told root user can delete any directory, this contradicts with my
understanding. Since I turn off the write permission, no one can read
or delete it. Is that right?

Thanks.

pk

unread,
Nov 24, 2009, 5:33:51 AM11/24/09
to
1 12 wrote:

No, in the traditional UNIX model root can do anything. To achieve your
goal, you should probably look into some mandatory access control framework,
like for example (under Linux) SElinux or AppArmor. Those tools are usually
complex enough to not justify their use for simple tasks like yours.

Casper H.S. Dik

unread,
Nov 24, 2009, 7:20:59 AM11/24/09
to
1 12 <1230...@gmail.com> writes:

No, root can do everything. This includes read, writing, deleting,
modifying, creating, etc.

Casper
--
Expressed in this posting are my opinions. They are in no way related
to opinions held by my employer, Sun Microsystems.
Statements on Sun products included here are not gospel and may
be fiction rather than truth.

Message has been deleted

Janis Papanagnou

unread,
Nov 24, 2009, 2:10:31 PM11/24/09
to
Michael Vilain wrote:
> In article
> <2e3b186a-11ad-48b8...@33g2000vbe.googlegroups.com>,
> One way to prevent root from reading the file is to encrypt it

And if you're paranoid enough (or if your root sysadmin has enough
incentives to do so) he'll intercept your encryption efforts...

> since
> there's no easy way to restrict root's access to a file.

...since there's no easy way to restrict root's access to the system.

Janis

Michael Paoli

unread,
Nov 27, 2009, 11:11:04 PM11/27/09
to
On Nov 24, 11:10 am, Janis Papanagnou <janis_pa...@hotmail.com>
wrote:

Never expose encryption key(s) or passphrases(s) on that system.
cryptographically sign the data to be able to detect tampering.
That still won't prevent root from reading, altering, or deleting the
file,
but it will allow one to detect if the data is not what one originally
placed there,
and will - with suitable encryption and key management - deny root
access
to the file's cleartext.

Janis Papanagnou

unread,
Nov 28, 2009, 9:52:08 AM11/28/09
to

My point was that root can change the system beforehand, e.g. to
be able to intercept (as with hardware key loggers, but here in
software) passphrases etc. Physical access to the system and root
access to the system makes the system completely controllable for
the admin.

Janis

0 new messages