linux privacy from other accounts

Discussion in 'Computers and The Internet' started by black veils, Apr 24, 2013.

  1. black veils

    black veils Guest

    out of principle, i wonder if there is a way to have privacy between accounts. if users have the ability to escalate to root privileges (to install applications for example), they could also view the personal files of other accounts via a file manager.

    is there a way to prevent this while still using the same system? permissions for each user folder is irrelevant with root privileges.

    per-user encryption would work for debian/ubuntu, but what about fedora? it encrypts the whole home directory (even without use of LVM).
     
  2. Mike Suicide

    Mike Suicide Sweet and Tender Hooligan

    trying using sudo. dont grant anyone su root privileges.
     
  3. black veils

    black veils Guest

    but sudo will still allow root privileges to see the files. maybe there is a group like adm which just allows installation of software, and not any other action requiring root/sudo.
     
  4. Mike Suicide

    Mike Suicide Sweet and Tender Hooligan

    try granting sudoers only access to commands they need. like apt-get or rpm.
     
  5. black veils

    black veils Guest

    thanks, i am researching that now. i previously tried to find how to deal with that sort of situation, but didnt get anywhere.

    there would of course also be the issue of su, i saw it would require pam settings to reserve the su command for only the super user/admin. i have yet to see info on that which i can understand.

    this is all a matter of principle, it seems wrong to not know how to have some simple privacy, besides going to extreme lengths like managing separate systems (one for each user) with entire home encryption (as fedora likes to do).

    basically, there are two ways to look at it:

    1. for reckless and abnoxious people, allow limited actions.
    2. for the trustworthy, deny certain actions like being able to read other user files.
     
  6. curiosity36

    curiosity36 Guest

    Physical access to a computer is total access to a computer.
    Only exception I can think of is files encrypted with TrueCrypt.
    Have you seen Hak5's USB Rubber Ducky? Load payloads that automatically get root and set up reverse shells onto the SD card, plug it in, device auto-executes payloads while recognized as a HID.
     
  7. HeathenHippie

    HeathenHippie Member

    Take a peek at encfs. It might do what you're after. It's not completely transparent to the user, but it's secure enough.

    I use Debian for everything, but some of my clients are over on the Red Hat side (CentOS, Fedora, et al.) and where it's necessary and the user is technically oriented enough, encfs does the trick.
     

Share This Page


  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Dismiss Notice