Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I would like to know if it is possible to deny the access to a file for root? Would ACL's be a possibility? I have "googled" around but haven't found anything interesting (except SELinux).
I should secure a password file to an important database.
root can always take ownership and change permissions so it wouldn't work.
It's the same on Windows for administrators and I guess it's like that on any OS and always will be.
I say "sort of" because root could always infect your shell or your encryption binaries / scripts / kernel modules / etc. If he's able to capture your key that way, it's game over.
Might want to look into the "chattr" program in this guide. It wont prevent root from reading files; but it just might make it harder for them to modify or delete them.
I say "sort of" because root could always infect your shell or your encryption binaries / scripts / kernel modules / etc. If he's able to capture your key that way, it's game over.
Don't know how it exactly works in Linux under Windows for example, if you use encryption for a user account the administrator cannot access that account anymore because the account is encrypted with the users password and if the administrator would reset the users password it would make the user user unreadable and broken.
Personaly I never had to use account encryption.
If a root user was to 'infect' your shell or encryption binaries then you have a more serious security problem ... why did a user with such sick ideas get root access!
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.