Re: [ubuntu-uk] Encrypted Directories
On Mon, 2008-10-06 at 21:59 +0100, Ian Pascoe wrote: Gents Thanks for the responses - I really was trying to find out if, for any hardware or software reason, a usre could no longer access their encrypted files, if a user with appropriate privilages could. Not looking at this in the negative, ie to stop it from happening, but from the positive knowing that there was a fall back. No, this isn't possible. root can only access them if the user can I believe. This means you should write down the passphrase used for the mount (automatically generated or not), which is different to the account password, and store that in a safe place. That will allow you to recover the files if you have the hard drive but you can't log in or similar. Thanks, James -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Encrypted Directories
On Sun, 2008-10-05 at 10:13 +0100, Neil Greenwood wrote: 2008/10/3 Ian Pascoe [EMAIL PROTECTED]: Evening all A quick question on how the forthcoming encryption will work. Can it be set up to allow root to access the encrypted files as well as the legitimate owner? Ian Hi Ian, I don't know the details of the proposal yet, but I seem to recall that it's using something like cryptfs or luks (I could have those terms slightly wrong). If so, then the files won't be accessible to root. Hi Neil, I believe you are correct. It's using ecryptfs, so you are pretty close. I believe root won't be able to read the files, unless it is given the secret key used to encrypt them. Thanks, James -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Encrypted Directories
2008/10/3 Ian Pascoe [EMAIL PROTECTED]: Evening all A quick question on how the forthcoming encryption will work. Can it be set up to allow root to access the encrypted files as well as the legitimate owner? Ian Hi Ian, I don't know the details of the proposal yet, but I seem to recall that it's using something like cryptfs or luks (I could have those terms slightly wrong). If so, then the files won't be accessible to root. HTH Hwyl, Neil. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Encrypted Directories
On Sun, 2008-10-05 at 12:15 +0100, James Westby wrote: On Sun, 2008-10-05 at 10:13 +0100, Neil Greenwood wrote: 2008/10/3 Ian Pascoe [EMAIL PROTECTED]: Evening all A quick question on how the forthcoming encryption will work. Can it be set up to allow root to access the encrypted files as well as the legitimate owner? Ian Hi Ian, I don't know the details of the proposal yet, but I seem to recall that it's using something like cryptfs or luks (I could have those terms slightly wrong). If so, then the files won't be accessible to root. Hi Neil, I believe you are correct. It's using ecryptfs, so you are pretty close. I believe root won't be able to read the files, unless it is given the secret key used to encrypt them. Thanks, James James/Neil, The root user will still be able to read files if the user is logged in, because the private folder will be mounted. Regards Chris signature.asc Description: This is a digitally signed message part -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Encrypted Directories
On Sun, 2008-10-05 at 19:41 +0100, Chris Coulson wrote: The root user will still be able to read files if the user is logged in, because the private folder will be mounted. Hi Chris, That's very true. Thanks for pointing it out. Would an apparmor profile be able to prevent root from reading the un-encrypted files for those who want this? Though presumably that's not going to work as root could just modify the policy to give them access. Thanks, James -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/
Re: [ubuntu-uk] Encrypted Directories
2008/10/5 James Westby [EMAIL PROTECTED]: On Sun, 2008-10-05 at 19:41 +0100, Chris Coulson wrote: The root user will still be able to read files if the user is logged in, because the private folder will be mounted. Hi Chris, That's very true. Thanks for pointing it out. Would an apparmor profile be able to prevent root from reading the un-encrypted files for those who want this? Though presumably that's not going to work as root could just modify the policy to give them access. Hi James, I know that one of the requirements for SELinux was to be able to make certain files unreadable by root. Maybe this could be used? Hwyl, Neil. -- ubuntu-uk@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-uk https://wiki.ubuntu.com/UKTeam/