I know it’s a bizarre question, but I have a client that I’ve built a server for (CentOS 5.4) that I also administer. They have most of their business data on the server (redundant storage, off-site backups, etc.) but refuse to migrate the bookkeeping and payroll data off of an old laptop and onto the server, because they know I could get to it if I wanted to.
Is there a transparent encryption system that would work over smb or some way the boss and bookkeeper could have password control of a folder or share that root couldn’t access without that password? All the client computers are running Windows XP, Vista or 7. A solution on the client side or the server side would be fine!
If anyone else runs into this situation, I came up with a workaround:
Create a truecrypt volume on the server, which the bookkeeper can mount on the client. The data is on the server, but without the encryption key(s) there’s no way I can get into it. There’s just no fallback if the password is lost, though.
