Encrypted home partition accessible by administrator

J.Witvliet at mindef.nl J.Witvliet at mindef.nl
Tue Apr 23 07:38:34 UTC 2019


Often one needs tot think about WHAT you are protecting against WHO, at WHICK costs....

It is possible to encrypt your entire home directory of a specific user,
And requiring him to provide an additional passphrase or PIN after the user logs in,
Thus protecting its content not only against other users, even against the root-user.
However, the moment the directory is mounted, root still has access to it, as long the user is logged in.
It might be wiser to add additional layers of obfuscation, like a second (nested vault) that is only opened as long the user needs any of the files in it (during read or write)
And one might encrypt each individual file...


Met vriendelijke groet,
Hans Witvliet, J, Ing., DMO/OPS/I&S/APH, Kennis Team Opensource
Coldenhovelaan 1 Maasland 3531RC Coldehovelaan 1, kamer B213

-----Original Message-----
From: ubuntu-users [mailto:ubuntu-users-bounces at lists.ubuntu.com] On Behalf Of Colin Law
Sent: zondag 21 april 2019 18:00
To: Ubuntu user technical support, not for general discussions
Subject: Encrypted home partition accessible by administrator

I am experimenting with encrypting a users home partition. I created a
new user using
sudo apt install ecryptfs-utils
sudo adduser --encrypt-home username

which appeared to do the job, however I see that when logged in as an
administrator (not the new user) I am able to browse the encrypted
files in Nautilus by using the administrators password.  Is that
supposed to be what happens?  If so how can I make a user whose files
cannot be seen by any other user?

Colin

--
ubuntu-users mailing list
ubuntu-users at lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.


More information about the ubuntu-users mailing list