1

I would like to implement a private cloud-storage on a Linux VPS. For example, I can use ownCloud.

I can do the root login on the VPS by ssh.

My question is if I can securely encrypt the /var/www directory in a way that the service provider cannot (easily) access my files (so I'll have to manually enter a password at every VPS reboot to mount /var/www). I assume that I cannot (easily) modify the existing partitions because I cannot umount them.

The purpose is to implement a cloud-storage that is enough safe for a working team to store very sensitive data (I cannot trust any commercial cloud-storage service that is zero-knowledge, because none of them has a fully open-source client).

Thank you very much for any help.

P.S.: CryFS on the clients seems interesting, but it's restricted on Linux machines, so it's not suitable for sharing files between people using different operating systems.

Francesco Galgani
  • 143
  • 4

2 Answers2

2

My question is if I can securely encrypt the /var/www directory in a way that the service provider cannot (easily) access my files (so I'll have to manually enter a password at every VPS reboot to mount /var/www). I assume that I cannot (easily) modify the existing partitions because I cannot umount them.

No, because when your server software can decrypt it, the key must be in RAM, and since the RAM is just virtualized, your VPS hoster can access it trivially.

You can, however, encrypt the data on your clients and just upload the encrypted data. That's the proper way of storing data on other people's computers. (Remember, there's no cloud, just other people's computers.)

Marcus Müller
  • 5,843
  • 2
  • 16
  • 27
  • If you have root, then presumably the entire VPS is yours. If so, your provider may allow you to boot onto a LiveUSB/ISO with console in the browser, allowing you to modify partitions at will. Requires a bit more skill and you could inadvertently brick the server if you're not careful, but worth it for data-at-rest security. The RAM question is still valid, so make sure you know the circumstances under which your hosting provider would ever intrude into your server while running (e.g. running state snapshots). – Liam Dennehy Aug 21 '17 at 12:31
  • Well, considering I do live debugging on running VMs all the time: the "circumstances under which your hosting provider *could* intrude" include "anytime". – Marcus Müller Aug 21 '17 at 12:53
  • Live debugging? Anyway my point is that this comes down to trust, and there are certainly some providers, in specific parts of the world, that would require truly exceptional circumstances to intrude (e.g. Luxembourg). – Liam Dennehy Aug 21 '17 at 13:50
  • Indeed, it comes down to trust. If you have the trust that whoever operates the hypervisor won't let anyone access the memory of your VM, then the encryption at rest will work – but at the same time, if you trust them, the *advantage* of encryption at rest isn't that big, is it? – Marcus Müller Aug 21 '17 at 17:50
0

ownCloud has a feature that supports exactly that, using an external storage where the data is stored encrypted by ownCloud itself.

See https://owncloud.org/blog/how-owncloud-uses-encryption-to-protect-your-data/

The data on that drive will be encrypted. No need to encrypt /var/www, but will need to trust your web server host (where your installation is hosted), though.

nulldev
  • 154
  • 9
  • 1
    Thank you "nulldev" for the link. However, I cannot trust any server host, because I cannot know what the server administrators do. I've asked a way that the service provider cannot (easily) access my files, but on the page you linked it's written that: «To run safely on a non-trusted server, data would have to be encrypted by the client before being sent to the non-trusted ownCloud server and you would lose the web interface access». That's why the answer of Marcus Müller is correct. The final question is why the ownCloud creators don't implement client-side encrytion, that is the solution. – Francesco Galgani Aug 21 '17 at 12:26
  • 1
    P.S.: On the page you linked, there is a long discussion. The key point seems this (written by Jos): «With the current state of technology the choice is either having the web interface and apps and having to trust the server, or having it all client-side encrypted and not having to trust the server.» That's why ownCloud doesn't implement client-side encryption (according to the Jos point of view, see the discussion). – Francesco Galgani Aug 21 '17 at 12:36