Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
It is not a programming related question, but being a programmer myself i think if this question has an answer then its gotta be a programmer
Well i am faced with a situation where i want to limit root's access to a particular portion of disk.
I know it sounds crazy but i do believe that people around the world might have faced this dilemma before. However i have searched the web but to no avail.
I know by using encrypted file systems the root even cannot view the files placed on a partition that is encrypted. But still i have heard that a super user can delete that "encrypted partition"..if not view its contents.
So i need a solution that allows only the owner of a certain portion of disk (for example a partition, or a directory etc) to have complete access and not even the super user should be able to view, modify or delete its contents.
If the solution does not exists then i am willing to get into the kernel's code. So if anyone does not know the solution but can provide me a good link from where i could get help in changing the kernel's code in this area (file's ownerships, partion's access etc), i 'll be gratefull
This probably isn't the answer you are looking for but I would be inclined jsut to forget the root user and just give another user sudo access to deal with maintainance issues then just don't give this user access to the specific part of the system or let them run applications which could affect it.
thank you david...but this problem was raised from the Grid Computing research group how are doing their grid stuff on linux
We (the LUGs) gave them this solution but this will not work for them since they 'll be sending fragments of a particular job to different computers..so it is not possible to lock the root's account and force them to use some other account
Describe the application more and we can help you more.
With clients and servers, you can basically never trust the client, unless you can check that they've done the right thing. So, depending upon the application, if you are going to send off data to be processed, it's best if you can verify (to within a certain percentage probability if not absolutely) that they have done the correct thing with it. One of the easiest ways of doing this is sending the same thing to be done by several clients and when a certain number of them agree, accept that as "sure enough". Or, depending upon the application, you may be able to perform only a small portion of the computation that the client does and verify that the answer given by the client jives with the results of the small portion of computation you've done. Generally this isn't doable because of how the problem works, but it's a possibility.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.