On Tue, Nov 26, 2002 at 12:53:11PM +0530, Sumit Dhar wrote: > Hello Everyone, > > Here is something I would like to do: (Could someone tell me if it is > possible on Linux) > > -Every user's home directory is encrypted. No one other than the user > (including root) can read the files/directories of that user. > -Every time a user logs in, he/she will need to give a password to decrypt > his/her stuff. > -The root can delete the users files, but not read them. > -The whole process should ideally be completely transparent to the user. > > Any pointers to programs that can do this on Linux??
The Cryptographic Filesystem and the Transparent Cryptographic Filesystem (TCFS) I have seen for linux. The latter used the NFS framework to accomplish is stuff. Pam can be used to provide a transparent login process (no extra password typing need happen). Last I saw root could only access the files while the home directory was mounted by the user, unless root knew the password/key for the filesystem. This might have been altered, but adding a backdoor key weakens the cryptographic integrity. That said, 3 out of 4 of your points are met by TCFS, so maybe that is enough. Below is a link to the TCFS homepage. I haven't bothered to read the homepage, so what I say above could be much outdated. http://www.tcfs.it/ ----------------------------------------------------------------------- __o Bradley Arlt Security Team Lead _ \<_ [EMAIL PROTECTED] University Of Calgary (_)/(_) I should be biking right now. Computer Science