Home page logo

basics logo Security Basics mailing list archives

Re: Encrypted Home Directories?
From: Brad Arlt <arlt () cpsc ucalgary ca>
Date: Tue, 26 Nov 2002 12:25:01 -0700

On Tue, Nov 26, 2002 at 12:53:11PM +0530, Sumit Dhar wrote:
Hello Everyone,

Here is something I would like to do: (Could someone tell me if it is
possible on Linux)

-Every user's home directory is encrypted. No one other than the user
(including root) can read the files/directories of that user.
-Every time a user logs in, he/she will need to give a password to decrypt
his/her stuff.
-The root can delete the users files, but not read them.
-The whole process should ideally be completely transparent to the user.

Any pointers to programs that can do this on Linux??

The Cryptographic Filesystem and the Transparent Cryptographic
Filesystem (TCFS) I have seen for linux.  The latter used the NFS
framework to accomplish is stuff.  Pam can be used to provide a
transparent login process (no extra password typing need happen).

Last I saw root could only access the files while the home directory
was mounted by the user, unless root knew the password/key for the
filesystem.  This might have been altered, but adding a backdoor key
weakens the cryptographic integrity.

That said, 3 out of 4 of your points are met by TCFS, so maybe that is

Below is a link to the TCFS homepage.  I haven't bothered to read the
homepage, so what I say above could be much outdated.

   __o          Bradley Arlt                    Security Team Lead
 _ \<_          arlt () cpsc ucalgary ca                University Of Calgary
(_)/(_)         I should be biking right now.   Computer Science

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]