Private Owncloud experience into a shared VPS with Ubuntu
Linux - NewbieThis Linux forum is for members that are new to Linux.
Just starting out and have a question?
If it is not in the man pages or the how-to's this is the place!
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Private Owncloud experience into a shared VPS with Ubuntu
Hello to everyone!
I'm here to ask you an insight to achieve my goal.
I've got a VPS with Ubuntu 14.04 minimal and i share it with 3 other friends (we all have root credentials) because we have common stuff on it.
Two of us are interested in storing our personal data into the VPS (like photos and documents) but in a private space, lets say 500Gb each, not accessible to others. It's important for us, the usage of Owncloud because it let us to connect to our content from both smartphones and pc in a nice way.
Do you have any practical suggestion for me?
To recap:
- shared VPS credentials;
- there should be 2 private spaces protected from other "eyes" and only the owner of this content should be able to see it;
- integration of privacy and Owncloud experience (the content should be reachable from smartphone apps and Owncloud clients in general).
If I don't pretend to much, any detailed help will be really appreciated! :-)
This is a impossible situation. root can access anything anytime regardless of permissions.
Either root is limited to the most trustworthy (i.e. won't even though s/he can) or
you decide it's ok any of them can access your content at any time.
Let's assume you each have partitions or images. They are all encrypted. At this point no one can access it.
Now you know the password (no one else does). You use the password to unlock it. At this point anyone can now mount the drive (with root permissions, mind you) or access the one you mounted and copy, delete, or modify the info.
If you want privacy, the people who are not permitted to access other's data must not be root.
Well... I would believe you're wrong but your post is 100% convincing...
Thank you for your clear explanation, i'm disappointed but grateful ;-)
Kind regards
Why do the others need root? To install/remove programs? Modify system files?
If you are using sudo to gain root powers, sudo can be modified by using visudo.
It may be possible to modify sudo so that the other users can have as much power as they need without permitting them to access or modify files they do not have permission to.
However, bear in mind that that the owner of the machine (you) can always access everything (provided someone has decrypted it if encrypted) due to you likely knowing the password to the actual root account. This is true for all computers, regardless of operating system. You must trust the owner of the computer pretty much exclusively.
On another note - it makes uploading files to the "cloud" a little less appealing, doesn't it?
There are however, complicated alternatives. For example, if you store encrypted files and they access it remotely using local keys that are never sent to your server (eg. Mega & SpiderOak), then you can never actually see the decrypted data. I'm not aware of any software you can use that does this.
On the other hand, violating trust by accessing files you're allowed to see is a big no-no. If you trust them to have root access to where you store the files, then you should also trust them to not blatently invade your privacy, regardless of whether they can or not.
root can access anything anytime regardless of permissions.
I agree these users privileges interfere with what they want to achieve and while one should not rely on this feature alone, unless one sets FUSE mount options "allow_other" or "allow_root", EncFS mount points can not be accessed by root. (I am pretty certain EncFS is not accessible from phones but that's besides the point.)
Well... I would believe you're wrong but your post is 100% convincing...
Thank you for your clear explanation, i'm disappointed but grateful ;-)
Kind regards
Don't give up too easily. Ubuntu has offerred ecryptfs for quite a while - you could have private directories for anyone that want them, protected by a passphrase only the owner knows. Once a file is copied to the mount point it is encrypted automatically.
On the other hand, violating trust by accessing files you're allowed to see is a big no-no. If you trust them to have root access to where you store the files, then you should also trust them to not blatently invade your privacy, regardless of whether they can or not.
It's a real pleasure reading your replies, you're very clear (despite a foreign language)
Root access is for a simple reason: we rented all together the VPS so privileges are equally divided.
Your argumentation about sudo is really efficient but in this case, considering that we are in two who want private storage, there will be always someone with "to much power"... I'm not neither interested or able to control what others are storing in their space, but won't put my files there knowing what you told me!
I agree these users privileges interfere with what they want to achieve and while one should not rely on this feature alone, unless one sets FUSE mount options "allow_other" or "allow_root", EncFS mount points can not be accessed by root. (I am pretty certain EncFS is not accessible from phones but that's besides the point.)
Sorry but you're writing of things i read for the first time, my fault.
But I hope to be justified considering we are in the "Newbie" section ;-)
Don't give up too easily. Ubuntu has offerred ecryptfs for quite a while - you could have private directories for anyone that want them, protected by a passphrase only the owner knows. Once a file is copied to the mount point it is encrypted automatically.
Edit: too slow typing again I see ...
Thank you for your contribution too.
But as I said, i was looking for a shield against root privileges. I could be the only admin but it wouldn't be fair for the other friend that should simply trust on me...
I agree these users privileges interfere with what they want to achieve and while one should not rely on this feature alone, unless one sets FUSE mount options "allow_other" or "allow_root", EncFS mount points can not be accessed by root. (I am pretty certain EncFS is not accessible from phones but that's besides the point.)
I didn't know this. Although looking around to see how reliable it is, it seems that it might be trivial to get around.
However, violating privacy like this is a good reason to kick them from the VPS
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.