Hello to everyone!
I'm here to ask you an insight to achieve my goal.

I've got a VPS with Ubuntu 14.04 minimal and i share it with 3 other friends (we all have root credentials) because we have common stuff on it.

Two of us are interested in storing our personal data into the VPS (like photos and documents) but in a private space, lets say 500Gb each, not accessible to others. It's important for us, the usage of Owncloud because it let us to connect to our content from both smartphones and pc in a nice way.

Do you have any practical suggestion for me?

To recap:
- shared VPS credentials;
- there should be 2 private spaces protected from other "eyes" and only the owner of this content should be able to see it;
- integration of privacy and Owncloud experience (the content should be reachable from smartphone apps and Owncloud clients in general).

If I don't pretend to much, any detailed help will be really appreciated! :-)

This is a impossible situation. root can access anything anytime regardless of permissions.

Either root is limited to the most trustworthy (i.e. won't even though s/he can) or
you decide it's ok any of them can access your content at any time.

Thank you for your super fast reply.
Is it true even with encryption ?

Yes

Let's assume you each have partitions or images. They are all encrypted. At this point no one can access it.

Now you know the password (no one else does). You use the password to unlock it. At this point anyone can now mount the drive (with root permissions, mind you) or access the one you mounted and copy, delete, or modify the info.

If you want privacy, the people who are not permitted to access other's data must not be root.

1 members found this post helpful.

Well... I would believe you're wrong but your post is 100% convincing...
Thank you for your clear explanation, i'm disappointed but grateful ;-)
Kind regards

Why do the others need root? To install/remove programs? Modify system files?

If you are using sudo to gain root powers, sudo can be modified by using visudo.
It may be possible to modify sudo so that the other users can have as much power as they need without permitting them to access or modify files they do not have permission to.

However, bear in mind that that the owner of the machine (you) can always access everything (provided someone has decrypted it if encrypted) due to you likely knowing the password to the actual root account. This is true for all computers, regardless of operating system. You must trust the owner of the computer pretty much exclusively.
On another note - it makes uploading files to the "cloud" a little less appealing, doesn't it?

There are however, complicated alternatives. For example, if you store encrypted files and they access it remotely using local keys that are never sent to your server (eg. Mega & SpiderOak), then you can never actually see the decrypted data. I'm not aware of any software you can use that does this.

On the other hand, violating trust by accessing files you're allowed to see is a big no-no. If you trust them to have root access to where you store the files, then you should also trust them to not blatently invade your privacy, regardless of whether they can or not.

I agree these users privileges interfere with what they want to achieve and while one should not rely on this feature alone, unless one sets FUSE mount options "allow_other" or "allow_root", EncFS mount points can not be accessed by root. (I am pretty certain EncFS is not accessible from phones but that's besides the point.)

Don't give up too easily. Ubuntu has offerred ecryptfs for quite a while - you could have private directories for anyone that want them, protected by a passphrase only the owner knows. Once a file is copied to the mount point it is encrypted automatically.

Edit: too slow typing again I see ...

It's a real pleasure reading your replies, you're very clear (despite a foreign language)

Root access is for a simple reason: we rented all together the VPS so privileges are equally divided.
Your argumentation about sudo is really efficient but in this case, considering that we are in two who want private storage, there will be always someone with "to much power"... I'm not neither interested or able to control what others are storing in their space, but won't put my files there knowing what you told me!

Sorry but you're writing of things i read for the first time, my fault.
But I hope to be justified considering we are in the "Newbie" section ;-)

Thank you for your contribution too.
But as I said, i was looking for a shield against root privileges. I could be the only admin but it wouldn't be fair for the other friend that should simply trust on me...

I didn't know this. Although looking around to see how reliable it is, it seems that it might be trivial to get around.

However, violating privacy like this is a good reason to kick them from the VPS

That's why I said "one should not rely on this feature alone".