Deny root access to a given file
Hello all,
I would like to know if it is possible to deny the access to a file for root? Would ACL's be a possibility? I have "googled" around but haven't found anything interesting (except SELinux). I should secure a password file to an important database. Thanks in advance Cheers phru |
It is not possible using normal file permissions.
The only thing that I can think of would be to encrypt the file and not tell "root" the password. However root could still delete the file. |
root can always take ownership and change permissions so it wouldn't work.
It's the same on Windows for administrators and I guess it's like that on any OS and always will be. |
Right - encryption sort of solves this problem.
I say "sort of" because root could always infect your shell or your encryption binaries / scripts / kernel modules / etc. If he's able to capture your key that way, it's game over. |
Might want to look into the "chattr" program in this guide. It wont prevent root from reading files; but it just might make it harder for them to modify or delete them.
|
Quote:
Personaly I never had to use account encryption. If a root user was to 'infect' your shell or encryption binaries then you have a more serious security problem ... why did a user with such sick ideas get root access! |
Thank you all for your replies!
|
All times are GMT -5. The time now is 12:04 AM. |