Encrypted home partition accessible by administrator

classic Classic list List threaded Threaded
22 messages Options
12
Reply | Threaded
Open this post in threaded view
|

Encrypted home partition accessible by administrator

Colin Law
I am experimenting with encrypting a users home partition. I created a
new user using
sudo apt install ecryptfs-utils
sudo adduser --encrypt-home username

which appeared to do the job, however I see that when logged in as an
administrator (not the new user) I am able to browse the encrypted
files in Nautilus by using the administrators password.  Is that
supposed to be what happens?  If so how can I make a user whose files
cannot be seen by any other user?

Colin

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Encrypted home partition accessible by administrator

Matthew Crews


On April 21, 2019 8:59:32 AM MST, Colin Law <[hidden email]> wrote:

>I am experimenting with encrypting a users home partition. I created a
>new user using
>sudo apt install ecryptfs-utils
>sudo adduser --encrypt-home username
>
>which appeared to do the job, however I see that when logged in as an
>administrator (not the new user) I am able to browse the encrypted
>files in Nautilus by using the administrators password.  Is that
>supposed to be what happens?  If so how can I make a user whose files
>cannot be seen by any other user?
>
>Colin
>
>--
>ubuntu-users mailing list
>[hidden email]
>Modify settings or unsubscribe at:
>https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

I believe usage of ecryptfs is deprecated for this exact reason. I also filed a bug against it awhile ago back on 17.10.

https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1732063

Keep in mind that almost no system is foolproof against a system admin. If a user wants to protect his data he should use something like KDE's Plasma Vault or Gocryptfs, but they are not automatically mounted like Ecryptfs.


--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Encrypted home partition accessible by administrator

Colin Law
On Sun, 21 Apr 2019 at 17:27, Matthew Crews <[hidden email]> wrote:
> ...
> https://bugs.launchpad.net/ubuntu/+source/ecryptfs-utils/+bug/1732063

Is there a typo in the link?  It isn't working for me

Colin

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Encrypted home partition accessible by administrator

Bret Busby-2
In reply to this post by Colin Law
On 21/04/2019, Colin Law <[hidden email]> wrote:

> I am experimenting with encrypting a users home partition. I created a
> new user using
> sudo apt install ecryptfs-utils
> sudo adduser --encrypt-home username
>
> which appeared to do the job, however I see that when logged in as an
> administrator (not the new user) I am able to browse the encrypted
> files in Nautilus by using the administrators password.  Is that
> supposed to be what happens?  If so how can I make a user whose files
> cannot be seen by any other user?
>
> Colin
>

I wonder whether logging in as the user and using something like (as user)
chmod 007 /home
or
chmod 007 .

(I remember a rather unfortunate case where, in a UNIX unit, some
decades ago, a classmate made the rather unfortunate mistake of
entering, at the command line,
chmod .
That dot is what was entered in that command, not a punctuation mark
to indicate the end of the sentence.
His account could not be recovered. And, it was not me...
)


--

Bret Busby
Armadale
West Australia

..............

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
 Chapter 28 of Book 1 of
 "The Hitchhiker's Guide to the Galaxy:
 A Trilogy In Four Parts",
 written by Douglas Adams,
 published by Pan Books, 1992

....................................................

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Encrypted home partition accessible by administrator

Colin Law
On Sun, 21 Apr 2019 at 22:25, Bret Busby <[hidden email]> wrote:

> ...
> I wonder whether logging in as the user and using something like (as user)
> chmod 007 /home
> or
> chmod 007 .
>
> (I remember a rather unfortunate case where, in a UNIX unit, some
> decades ago, a classmate made the rather unfortunate mistake of
> entering, at the command line,
> chmod .
> That dot is what was entered in that command, not a punctuation mark
> to indicate the end of the sentence.
> His account could not be recovered. And, it was not me...

Why could an administrator not use sudo chmod to put it back as it
should be.  Or if that was not possible for some reason then boot from
a live image, mount the drive, and do it from there?

Nothing of that sort will stop an administrator using sudo to access
the files, as far as I know.

Colin

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Encrypted home partition accessible by administrator

Bret Busby-2
On 22/04/2019, Colin Law <[hidden email]> wrote:

> On Sun, 21 Apr 2019 at 22:25, Bret Busby <[hidden email]> wrote:
>> ...
>> I wonder whether logging in as the user and using something like (as user)
>> chmod 007 /home
>> or
>> chmod 007 .
>>
>> (I remember a rather unfortunate case where, in a UNIX unit, some
>> decades ago, a classmate made the rather unfortunate mistake of
>> entering, at the command line,
>> chmod .
>> That dot is what was entered in that command, not a punctuation mark
>> to indicate the end of the sentence.
>> His account could not be recovered. And, it was not me...
>
> Why could an administrator not use sudo chmod to put it back as it
> should be.  Or if that was not possible for some reason then boot from
> a live image, mount the drive, and do it from there?
>
> Nothing of that sort will stop an administrator using sudo to access
> the files, as far as I know.
>
> Colin
>


Have you tried it?

From memory, the superuser could no longer access the account, when
the user applied the command
chmod .
as a privilege setting of 00x excluded even the superuserfrom
accessing the account, which is why the account became absolutely
inaccessible.

I had thought that, as it applied to privileges in UNIX, it might
equally apply in Linux.

But, hey, I do not profess to be a Linux expert.

I was simply offering a possible solution.

If you determine to avoid trying the possible solution, then, that is
your prerogative.

--
Bret Busby
Armadale
West Australia
..............

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
 Chapter 28 of Book 1 of
 "The Hitchhiker's Guide to the Galaxy:
 A Trilogy In Four Parts",
 written by Douglas Adams,
 published by Pan Books, 1992

....................................................

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Encrypted home partition accessible by administrator

Colin Law
On Mon, 22 Apr 2019 at 09:55, Bret Busby <[hidden email]> wrote:
> ...
> Have you tried it?

Yes
chmod .
is not a valid command.  With
chmod 0 .
and
chmod 7 .
sudo can still be used to access the files.

Colin

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Encrypted home partition accessible by administrator

Robert Heller
In reply to this post by Bret Busby-2
At Mon, 22 Apr 2019 16:53:45 +0800 "Ubuntu user technical support,  not for general discussions" <[hidden email]> wrote:

>
> On 22/04/2019, Colin Law <[hidden email]> wrote:
> > On Sun, 21 Apr 2019 at 22:25, Bret Busby <[hidden email]> wrote:
> >> ...
> >> I wonder whether logging in as the user and using something like (as user)
> >> chmod 007 /home
> >> or
> >> chmod 007 .
> >>
> >> (I remember a rather unfortunate case where, in a UNIX unit, some
> >> decades ago, a classmate made the rather unfortunate mistake of
> >> entering, at the command line,
> >> chmod .
> >> That dot is what was entered in that command, not a punctuation mark
> >> to indicate the end of the sentence.
> >> His account could not be recovered. And, it was not me...
> >
> > Why could an administrator not use sudo chmod to put it back as it
> > should be.  Or if that was not possible for some reason then boot from
> > a live image, mount the drive, and do it from there?
> >
> > Nothing of that sort will stop an administrator using sudo to access
> > the files, as far as I know.
> >
> > Colin
> >
>
>
> Have you tried it?
>
> >From memory, the superuser could no longer access the account, when
> the user applied the command
> chmod .
> as a privilege setting of 00x excluded even the superuserfrom
> accessing the account, which is why the account became absolutely
> inaccessible.

It would make it inaccessible, even to root, except that root would be able to
chmod it some something else, making it accessible again.

>
> I had thought that, as it applied to privileges in UNIX, it might
> equally apply in Linux.
>
> But, hey, I do not profess to be a Linux expert.
>
> I was simply offering a possible solution.
>
> If you determine to avoid trying the possible solution, then, that is
> your prerogative.
>

--
Robert Heller             -- 978-544-6933
Deepwoods Software        -- Custom Software Services
http://www.deepsoft.com/  -- Linux Administration Services
[hidden email]       -- Webhosting Services
                                                                                               

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Encrypted home partition accessible by administrator

Karl Auer
In reply to this post by Colin Law
On Mon, 2019-04-22 at 12:04 +0100, Colin Law wrote:
> chmod .
> is not a valid command.  With
> chmod 0 .
> and
> chmod 7 .
> sudo can still be used to access the files.

Perhaps Bret's memory is of an administrator misusing some variant of
"chmod -R 0 .*"

Don't test that command, by the way!

That causes the dot files "." and ".." to be included. Because of ".."
the command recurses up as well as down, removing the executable flag
from everything, including things like login and chmod. That can make
life very difficult for all. Not even root/sudo can execute a file that
is not flagged executable, so recovery using the affected fileystem is
generally not possible:

kauer@kt:~$ rm ./tls.sh
kauer@kt:~$ echo -e '#!'"/bin/sh\\nls" > tls.sh
kauer@kt:~$ ls -l tls.sh
-rw-rw-r-- 1 kauer kauer 13 Apr 23 00:48 tls.sh
kauer@kt:~$ ./tls.sh
bash: ./tls.sh: Permission denied
kauer@kt:~$ sudo ./tls.sh
sudo: ./tls.sh: command not found
kauer@kt:~$ chmod u+x tls.sh
kauer@kt:~$ ./tls.sh | wc -l
816
kauer@kt:~$ sudo ./tls.sh | wc -l
816

To actually change everything in a directory, including dot files,
while recursing down only, use something like

   chmod -R .[a-Z0-9]]*

Files with non-alphanumeric characters in their names may be missed by
this. Another good reason not to use non-alphanumeric characters in
filenames :-)

Regards, K.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer ([hidden email])
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: 8D08 9CAA 649A AFEF E862 062A 2E97 42D4 A2A0 616D
Old fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75



--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Encrypted home partition accessible by administrator

Colin Law
In reply to this post by Robert Heller
On Mon, 22 Apr 2019 at 14:02, Robert Heller <[hidden email]> wrote:

>
> At Mon, 22 Apr 2019 16:53:45 +0800 "Ubuntu user technical support,  not for general discussions" <[hidden email]> wrote:
>
> >
> > On 22/04/2019, Colin Law <[hidden email]> wrote:
> > > On Sun, 21 Apr 2019 at 22:25, Bret Busby <[hidden email]> wrote:
> > >> ...
> > >> I wonder whether logging in as the user and using something like (as user)
> > >> chmod 007 /home
> > >> or
> > >> chmod 007 .
> > >>
> > >> (I remember a rather unfortunate case where, in a UNIX unit, some
> > >> decades ago, a classmate made the rather unfortunate mistake of
> > >> entering, at the command line,
> > >> chmod .
> > >> That dot is what was entered in that command, not a punctuation mark
> > >> to indicate the end of the sentence.
> > >> His account could not be recovered. And, it was not me...
> > >
> > > Why could an administrator not use sudo chmod to put it back as it
> > > should be.  Or if that was not possible for some reason then boot from
> > > a live image, mount the drive, and do it from there?
> > >
> > > Nothing of that sort will stop an administrator using sudo to access
> > > the files, as far as I know.
> > >
> > > Colin
> > >
> >
> >
> > Have you tried it?
> >
> > >From memory, the superuser could no longer access the account, when
> > the user applied the command
> > chmod .
> > as a privilege setting of 00x excluded even the superuserfrom
> > accessing the account, which is why the account became absolutely
> > inaccessible.
>
> It would make it inaccessible, even to root, except that root would be able to
> chmod it some something else, making it accessible again.
>

That is not my experience.  For example I was able to cat files using
sudo.  However, even if I couldn't, this is not a solution to the
question of how to make a users files inaccessible to others.

Colin

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Encrypted home partition accessible by administrator

Bret Busby-2
In reply to this post by Karl Auer
On 22/04/2019, Karl Auer <[hidden email]> wrote:

> On Mon, 2019-04-22 at 12:04 +0100, Colin Law wrote:
>> chmod .
>> is not a valid command.  With
>> chmod 0 .
>> and
>> chmod 7 .
>> sudo can still be used to access the files.
>
> Perhaps Bret's memory is of an administrator misusing some variant of
> "chmod -R 0 .*"
>
> Don't test that command, by the way!
>

No.

The operating system was UNIX System V. I think it was SCO UNIX System
V. It was somewhere in the late 1980's to early 1990's. I think, from
memory, it was running on a Unisys system.

It was simply a case of a student in a UNIX operating systems unit
class, entering the command
chmod .
which caused the loss of the account, as the superuser, in addition to
everyone else, was shut out of the user's home directory, and could
not see it to access it, anymore. A new account was created for that
student, and, we were warned to be careful, when using the chmod
command. In that unit, amongst other things, we were taught the
different shells, how to configure prompts (including how to get the
timestamp included in the prompt, how to use vi, how to fork and kill
processes, recursive commands, how UNIX and other systems deal with
paging, multitasking, with the different methods of multitasking
scheduling, etc, etc,etc. It was one of the OS units that I was taught
(and, now, mostly forgotten), at that institution. Another unit taught
DEC RSTS/e and a little RSX, from memory, and, some VAX/VMS, and the
networking between the different campuses, and, the different
networking archictectures.

It may be that the command, as I specified it, worked on SCO UNIX
System V, but does not work on Ubuntu Linux 1x.x. Maybe, Linux was
designed to prevent that occurrence And, this was probaly before Linux
kernel version 1. I think, from memory, somewhere around 1992, when
the local Linux User Group was meeting to announce the porting of
Linux to the 386, or, 486, the kernel number had not yet reached 1.
So, if
chmod .
does not work in Linux, and, is dismissed as an invalid command,
protection may have been inbuilt, to protect against the contingency.

But, it did work, in SCO UNIX System V, many years ago.

It is a bit like that famous (mythical ?) Microsoft voice recognition
demonstration, where a member of the audience is said to have yelled
out "Format see colon!", so the computer did.

So, no, as I said, the student entered the command
chmod .
on a UNIX system V system, and that caused universal loss of access to
the user's account, requiring a new account to be created for that
user.

But, then, maybe this list has some hackers, who know more that UNIX
systems administrators at educational institutions, and, more than
some of the UNIX  (and other) operating systems lecturers, knew, back
then. It would not surprise me - in that class, were one or two
hackers, who were very advanced,in their UNIX skills, and, used their
hacking skills, to breach external systems, on occasion. They
apparently got caught and convicted. I understand that they did what
they did, more for amusement, than anything else. Their UNIX skills
left the rest of us, behind, so, they probably got bored.

--
Bret Busby
Armadale
West Australia
..............

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
 Chapter 28 of Book 1 of
 "The Hitchhiker's Guide to the Galaxy:
 A Trilogy In Four Parts",
 written by Douglas Adams,
 published by Pan Books, 1992

....................................................

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Encrypted home partition accessible by administrator

Karl Auer
On Tue, 2019-04-23 at 02:13 +0800, Bret Busby wrote:
> The operating system was UNIX System V. I think it was SCO UNIX
> System V. It was somewhere in the late 1980's to early 1990's.

I've used more Unixen than I can remember and I don't recall ANY
version of chmod that could be run without a modespec.

That said, just 'cos I don't remember it doesn't mean it wasn't so :-)

Regards, K.

--
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Karl Auer ([hidden email])
http://www.biplane.com.au/kauer
http://twitter.com/kauer389

GPG fingerprint: 8D08 9CAA 649A AFEF E862 062A 2E97 42D4 A2A0 616D
Old fingerprint: A0CD 28F0 10BE FC21 C57C 67C1 19A6 83A4 9B0B 1D75



--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

RE: Encrypted home partition accessible by administrator

J.Witvliet
In reply to this post by Colin Law
Often one needs tot think about WHAT you are protecting against WHO, at WHICK costs....

It is possible to encrypt your entire home directory of a specific user,
And requiring him to provide an additional passphrase or PIN after the user logs in,
Thus protecting its content not only against other users, even against the root-user.
However, the moment the directory is mounted, root still has access to it, as long the user is logged in.
It might be wiser to add additional layers of obfuscation, like a second (nested vault) that is only opened as long the user needs any of the files in it (during read or write)
And one might encrypt each individual file...


Met vriendelijke groet,
Hans Witvliet, J, Ing., DMO/OPS/I&S/APH, Kennis Team Opensource
Coldenhovelaan 1 Maasland 3531RC Coldehovelaan 1, kamer B213

-----Original Message-----
From: ubuntu-users [mailto:[hidden email]] On Behalf Of Colin Law
Sent: zondag 21 april 2019 18:00
To: Ubuntu user technical support, not for general discussions
Subject: Encrypted home partition accessible by administrator

I am experimenting with encrypting a users home partition. I created a
new user using
sudo apt install ecryptfs-utils
sudo adduser --encrypt-home username

which appeared to do the job, however I see that when logged in as an
administrator (not the new user) I am able to browse the encrypted
files in Nautilus by using the administrators password.  Is that
supposed to be what happens?  If so how can I make a user whose files
cannot be seen by any other user?

Colin

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users

Dit bericht kan informatie bevatten die niet voor u is bestemd. Indien u niet de geadresseerde bent of dit bericht abusievelijk aan u is toegezonden, wordt u verzocht dat aan de afzender te melden en het bericht te verwijderen. De Staat aanvaardt geen aansprakelijkheid voor schade, van welke aard ook, die verband houdt met risico's verbonden aan het elektronisch verzenden van berichten.

This message may contain information that is not intended for you. If you are not the addressee or if this message was sent to you by mistake, you are requested to inform the sender and delete the message. The State accepts no liability for damage of any kind resulting from the risks inherent in the electronic transmission of messages.
--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Encrypted home partition accessible by administrator

Colin Law
On Tue, 23 Apr 2019 at 08:41, <[hidden email]> wrote:
>
> Often one needs tot think about WHAT you are protecting against WHO, at WHICK costs....
>
> It is possible to encrypt your entire home directory of a specific user,
> And requiring him to provide an additional passphrase or PIN after the user logs in,
> Thus protecting its content not only against other users, even against the root-user.

Can you point me to instructions on doing that please?  The usual
instructions do not appear to include the  provision of an additional
pass-phrase.

> However, the moment the directory is mounted, root still has access to it, as long the user is logged in.

Understood, I think I can cope with that issue separately.

> It might be wiser to add additional layers of obfuscation, like a second (nested vault) that is only opened as long the user needs any of the files in it (during read or write)
> And one might encrypt each individual file...

I will look into those options.

Thanks

Colin

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Encrypted home partition accessible by administrator

Colin Watson
In reply to this post by Karl Auer
On Tue, Apr 23, 2019 at 06:00:00AM +1000, Karl Auer wrote:
> On Tue, 2019-04-23 at 02:13 +0800, Bret Busby wrote:
> > The operating system was UNIX System V. I think it was SCO UNIX
> > System V. It was somewhere in the late 1980's to early 1990's.
>
> I've used more Unixen than I can remember and I don't recall ANY
> version of chmod that could be run without a modespec.
>
> That said, just 'cos I don't remember it doesn't mean it wasn't so :-)

I mean, maybe, but even something as old as
https://en.wikipedia.org/wiki/Version_7_Unix didn't have that particular
defect (see
https://github.com/dspinellis/unix-history-repo/blob/Research-V7-Snapshot-Development/usr/src/cmd/chmod.c#L31-L34).
V7 wasn't the same as its later descendant System V, but it seems hard
to imagine why the System V developers would have *removed* that
particular check.

Bret may of course just be misremembering some detail here, since it was
a long time ago.  And it's quite possible that their sysadmin could have
recovered the situation but simply didn't know how.

--
Colin Watson                                       [[hidden email]]

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Encrypted home partition accessible by administrator

Liam Proven
In reply to this post by Bret Busby-2
On Mon, 22 Apr 2019 at 20:16, Bret Busby <[hidden email]> wrote:
>
> It is a bit like that famous (mythical ?) Microsoft voice recognition
> demonstration, where a member of the audience is said to have yelled
> out "Format see colon!", so the computer did.

This is referenced in the novel "Headcrash" by Bruce Bethke, which I
highly recommend. He may not have originated it, of course.

He points out the defect that a format command needs "y <return>" to
continue... someone else runs through shouting that a moment later.

I *think* that NT will not let you do it. I tried it on Win9x and
terrifyingly it did actually work.

> So, no, as I said, the student entered the command
> chmod .

I think you misremember. The minimal viable command would be something like:

chmod 0 .

Older Unices were _less_ tolerant of malformed commands than more
modern ones. I was there at the time -- I was building SCO Xenix
systems in the 1980s.

--
Liam Proven - Profile: https://about.me/liamproven
Email: [hidden email] - Google Mail/Hangouts/Plus: [hidden email]
Twitter/Facebook/Flickr: lproven - Skype/LinkedIn: liamproven
UK: +44 7939-087884 - ČR (+ WhatsApp/Telegram/Signal): +420 702 829 053

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Encrypted home partition accessible by administrator

Liam Proven
In reply to this post by Colin Law
On Sun, 21 Apr 2019 at 18:02, Colin Law <[hidden email]> wrote:
>
> I am experimenting with encrypting a users home partition. I created a
> new user using
> sudo apt install ecryptfs-utils
> sudo adduser --encrypt-home username

I've never tried it that way. I have put /home onto a different
partition and encrypted the whole thing. That worked fine and was
relatively easy.

> which appeared to do the job, however I see that when logged in as an
> administrator (not the new user) I am able to browse the encrypted
> files in Nautilus by using the administrators password.

Sounds like normal Unix behaviour, yes.

--
Liam Proven - Profile: https://about.me/liamproven
Email: [hidden email] - Google Mail/Hangouts/Plus: [hidden email]
Twitter/Facebook/Flickr: lproven - Skype/LinkedIn: liamproven
UK: +44 7939-087884 - ČR (+ WhatsApp/Telegram/Signal): +420 702 829 053

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Encrypted home partition accessible by administrator

Colin Law
On Wed, 24 Apr 2019 at 12:16, Liam Proven <[hidden email]> wrote:

>
> On Sun, 21 Apr 2019 at 18:02, Colin Law <[hidden email]> wrote:
> >
> > I am experimenting with encrypting a users home partition. I created a
> > new user using
> > sudo apt install ecryptfs-utils
> > sudo adduser --encrypt-home username
>
> I've never tried it that way. I have put /home onto a different
> partition and encrypted the whole thing. That worked fine and was
> relatively easy.
>
> > which appeared to do the job, however I see that when logged in as an
> > administrator (not the new user) I am able to browse the encrypted
> > files in Nautilus by using the administrators password.
>
> Sounds like normal Unix behaviour, yes.

Even when the user whose home is encrypted is not logged in?  I had
assumed that the users password was part of the key to unlocking the
encryption.

Colin

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Encrypted home partition accessible by administrator

Liam Proven
On Wed, 24 Apr 2019 at 13:25, Colin Law <[hidden email]> wrote:
>
> Even when the user whose home is encrypted is not logged in?  I had
> assumed that the users password was part of the key to unlocking the
> encryption.

As I said, I have only done this on the whole-partition level. As such, yes.

This is why Unix sysadmins have joke T-shirts that say:

I CAN READ YOUR EMAIL

Root can do anything it wants.

Windows NT is a bit further down the line and has the concept of
permission levels for admin accounts. E.g. in a prior role I was a
domain admin but I only had permissions to install apps locally on
workstations, not on servers, and I could not create, delete or alter
user accounts on servers.

I do not know of any Unix system that does stuff like this yet, but
it's not my area of expertise. It is probably something that is
possible with enterprise Unixes using groups, and as such, admins
wouldn't be root -- because normally, root can do anything and
everything.


--
Liam Proven - Profile: https://about.me/liamproven
Email: [hidden email] - Google Mail/Hangouts/Plus: [hidden email]
Twitter/Facebook/Flickr: lproven - Skype/LinkedIn: liamproven
UK: +44 7939-087884 - ČR (+ WhatsApp/Telegram/Signal): +420 702 829 053

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
Reply | Threaded
Open this post in threaded view
|

Re: Encrypted home partition accessible by administrator

Colin Law
On Wed, 24 Apr 2019 at 13:00, Liam Proven <[hidden email]> wrote:

>
> On Wed, 24 Apr 2019 at 13:25, Colin Law <[hidden email]> wrote:
> >
> > Even when the user whose home is encrypted is not logged in?  I had
> > assumed that the users password was part of the key to unlocking the
> > encryption.
>
> As I said, I have only done this on the whole-partition level. As such, yes.
>
> This is why Unix sysadmins have joke T-shirts that say:
>
> I CAN READ YOUR EMAIL
>
> Root can do anything it wants.
>
> Windows NT is a bit further down the line and has the concept of
> permission levels for admin accounts. E.g. in a prior role I was a
> domain admin but I only had permissions to install apps locally on
> workstations, not on servers, and I could not create, delete or alter
> user accounts on servers.
>
> I do not know of any Unix system that does stuff like this yet, but
> it's not my area of expertise. It is probably something that is
> possible with enterprise Unixes using groups, and as such, admins
> wouldn't be root -- because normally, root can do anything and
> everything.

Thanks Liam.
An admin would not be able to decrypt if the users password or another
passphrase was required to decrypt it, but it appears that is not how
it works.  Looking at suggestions from earlier in the thread gocryptfs
looks as if it might do what I want. I am just off to try it out.

Colin

--
ubuntu-users mailing list
[hidden email]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-users
12