Encrypted home partition accessible by administrator

Mon Apr 22 14:55:18 UTC 2019

On Mon, 22 Apr 2019 at 14:02, Robert Heller <heller at deepsoft.com> wrote:
>
> At Mon, 22 Apr 2019 16:53:45 +0800 "Ubuntu user technical support,  not for general discussions" <ubuntu-users at lists.ubuntu.com> wrote:
>
> >
> > On 22/04/2019, Colin Law <clanlaw at gmail.com> wrote:
> > > On Sun, 21 Apr 2019 at 22:25, Bret Busby <bret.busby at gmail.com> wrote:
> > >> ...
> > >> I wonder whether logging in as the user and using something like (as user)
> > >> chmod 007 /home
> > >> or
> > >> chmod 007 .
> > >>
> > >> (I remember a rather unfortunate case where, in a UNIX unit, some
> > >> decades ago, a classmate made the rather unfortunate mistake of
> > >> entering, at the command line,
> > >> chmod .
> > >> That dot is what was entered in that command, not a punctuation mark
> > >> to indicate the end of the sentence.
> > >> His account could not be recovered. And, it was not me...
> > >
> > > Why could an administrator not use sudo chmod to put it back as it
> > > should be.  Or if that was not possible for some reason then boot from
> > > a live image, mount the drive, and do it from there?
> > >
> > > Nothing of that sort will stop an administrator using sudo to access
> > > the files, as far as I know.
> > >
> > > Colin
> > >
> >
> >
> > Have you tried it?
> >
> > >From memory, the superuser could no longer access the account, when
> > the user applied the command
> > chmod .
> > as a privilege setting of 00x excluded even the superuserfrom
> > accessing the account, which is why the account became absolutely
> > inaccessible.
>
> It would make it inaccessible, even to root, except that root would be able to
> chmod it some something else, making it accessible again.
>

That is not my experience.  For example I was able to cat files using
sudo.  However, even if I couldn't, this is not a solution to the
question of how to make a users files inaccessible to others.

Colin