I know it’s a bizarre question, but I have a client that I’ve built a server for (CentOS 5.4) that I also administer. They have most of their business data on the server (redundant storage, off-site backups, etc.) but refuse to migrate the bookkeeping and payroll data off of an old laptop and onto the server, because they know I could get to it if I wanted to.
Is there a transparent encryption system that would work over smb or some way the boss and bookkeeper could have password control of a folder or share that root couldn’t access without that password? All the client computers are running Windows XP, Vista or 7. A solution on the client side or the server side would be fine!
If anyone else runs into this situation, I came up with a workaround:
Create a truecrypt volume on the server, which the bookkeeper can mount on the client. The data is on the server, but without the encryption key(s) there’s no way I can get into it. There’s just no fallback if the password is lost, though.
Doesn’t sound like you have a very trustworthy relationship with your client.
If it makes them feel more comfortable, disable root account and use sudo for everything (Ubuntu approach).
If you have enough access to administer the box, then you will have enough access to be able to access the data in question.
totally agreed. not a good client relationship if they cant trust you!
you need access before you can prevent giving yourself access right? perhaps httaccess, but you would still have access!
No trust? Do you people really feel that a lowly* sys admin person should have access to sensitive business data? Sorry, but I totally agree with management here… (Boy, THERE’S a sentence I didn’t think would ever come out of keyboard!)
* Just trying to make a point!
Root is the administrative account period. If a file exists on that system, a root account can read it, execute it or delete it. Disabling the root account and doing everything through sudo is generally a good idea, even if it’s sometimes called the “paranoid Unix Admin’s approach” but the only way to “hide” a file from root is the way you hide it from everybody — by putting a dot in the front of the name. And that only works until they do an ls -a