2
Is it possible to encrypt home folders of users in a Linux system (say Debian) in such a way that root cannot see their content?
Hadi
Posted 2015-10-10T04:42:54.797
Reputation: 23
Encrypting home folder in Debian
Answers
2
Nothing is preventing root from subverting the services the user is interacting with to steal their keys when they are next used.
So,any solution is at best temporary.
Jasen
Posted 2015-10-10T04:42:54.797
Reputation: 499
So basically this means encrypting the home directory or not makes no difference? – Hadi – 2015-10-14T18:55:21.693
yeah, it's basically impossible to stop root from doing something that a user can do. eg: root can access the memory used by any process, even the kernel. the key will be there somewhere. – user313114 – 2015-10-15T02:34:44.427
Ok, I see your point. What if we lower the requirements? (a) What would be a good way to encrypt your home folder so other (non-root) users can't see the contents? (b) How can we ensure that someone with physical access to the server but without root password cannot access them? – Hadi – 2015-10-17T23:39:58.063
cryptfs under fuse: http://thesimplecomputer.info/encrypt-your-linux-home-folder-2-ways-and-10-steps – Jasen – 2015-11-01T05:25:10.310
@Jasen, thanks... But can't a person with access to the server -- such as the hosting company -- get around cryptfs under fuse? (1) user313114 raised looking into memory -- which a VPS-host can also do. (2) And if the machine is booted into single-user-mode, they will become root. (I assume the decryption phrase is saved somewhere for the boot loader to use; if not, how can the server restart?) – Hadi – 2015-11-05T20:20:21.700
if you have physical access getting root is easy. and you can't block root. – user313114 – 2015-11-05T21:19:10.333
if you encrypt home, then features that use files found there, like IMAP ans SSH services will not work. – Jasen – 2015-10-10T05:13:12.150
@Jasen that is one use case I had in mind, to have user mail stored in their home directory and only accessible to themselves. Can't an IMAP daemon decrypt the user's pass-phrase with their password, for instance, and then mount the directory? – Hadi – 2015-10-10T12:46:12.413
yes, imapd could be modified to do that, but the MDA needs write access when new mail arrives. I guess you spool new mail in /var/spool/mail and have imapd fetch it from there when the user logs in. – Jasen – 2015-10-11T04:05:06.040
The chosen answer isn't satisfactory... But indeed appears to be the reality. I am still pondering about ways to offer degrees of protection to user data when a server gets compromised. – Hadi – 2015-11-06T19:06:04.647
In case someone else stumbles here, this is a related question: http://unix.stackexchange.com/questions/5017/ssh-to-decrypt-encrypted-lvm-during-headless-server-boot
– Hadi – 2015-11-06T19:15:53.263