Deny root access to a given file
 

Hello all,

I would like to know if it is possible to deny the access to a file for root? Would ACL's be a possibility? I have "googled" around but haven't found anything interesting (except SELinux).

I should secure a password file to an important database.

Thanks in advance

Cheers
phru

It is not possible using normal file permissions.

The only thing that I can think of would be to encrypt the file and not tell "root" the password. However root could still delete the file.

root can always take ownership and change permissions so it wouldn't work.
It's the same on Windows for administrators and I guess it's like that on any OS and always will be.

Right - encryption sort of solves this problem.

I say "sort of" because root could always infect your shell or your encryption binaries / scripts / kernel modules / etc. If he's able to capture your key that way, it's game over.

Might want to look into the "chattr" program in this guide. It wont prevent root from reading files; but it just might make it harder for them to modify or delete them.

Don't know how it exactly works in Linux under Windows for example, if you use encryption for a user account the administrator cannot access that account anymore because the account is encrypted with the users password and if the administrator would reset the users password it would make the user user unreadable and broken.
Personaly I never had to use account encryption.

If a root user was to 'infect' your shell or encryption binaries then you have a more serious security problem ... why did a user with such sick ideas get root access!

Thank you all for your replies!