>>>>> On 27 Jul 2001 12:43:03 +0200, Johannes Niess <[EMAIL PROTECTED]> said:
Johannes> Tom Strickland <[EMAIL PROTECTED]> writes:
>> Our system will be run largely without a competent Unix
>> administrator on-site. The secretary and one other individual will
>> be responsible for tape-changing, cleaning and amrecover for files
>> and directories deleted by users. My question: Some of our files
>> are more confidential and I would like to hide these a little: the
>> director's files and the accounts. Is there anyway to protect
>> these? It doesn't have to be high grade security, just security
>> through obscurity.
Johannes> Tom,
Johannes> What about sudo? The recovered files keep owner and
Johannes> permissions. Let the operator's sudo to the (too powerfull
Johannes> in this case) Amanda user just for amcheck, amrecover and
Johannes> what else you like. You'll see their actions in the
Johannes> syslog. The good thing: no password for the Amanda user has
Johannes> to be given away.
Johannes> We have set up just our tape changing that way.
I'm not sure it is enough...
The main issue is once your file system is on tape, everybody can look at
them if it is uncrypted.
What could be nice in amanda or at least at the dumper API level is to
crypt the files with the public key of their owners.
The recovery would require the secret private key of their owners...
--
Ronan KERYELL |\/
Labo Informatique Télécom |/) Tel: (+33|0) 2.29.00.14.15
ENST Bretagne, BP832 K Fax: (+33|0) 2.29.00.12.82
29285 BREST CEDEX |\ E-mail: [EMAIL PROTECTED]
FRANCE | \ http://www-info.enst-bretagne.fr/~keryell
