Limit access to folder from all, even root
 

Hiya! I have this little problem, I manage a small Linux-based fileserver, with a couple of different users. One of the users is going to use the server to store very confidential information that the other users never can get access too. The problem is that one of the other users (me) has to have the root-account for configuration.. So, my question is, is it possible to limit the access to this user's folders even from the root-account?

perhaps he can use encryption?

Encryption seems to be to be the best method in this case. But then you'd need to set up a policy for password storage in case he leaves the company. But then *someone else* would also have access to the password.

Outside of encryption, the thing about root is that even if root removes access from themselves to a resource, they can reinstate it. So I don't see how that would work out.

What about removable storage? Maybe a hotswappable hard drive that is stored in a safe? But that's about the same as the password issue, I suppose, as there would be a backup key, or the combination would be recorded elsewhere.

Yeah I was afraid that encryption would be the best option.. That I would have the ability to change the password isn't really much of a problem..

The problem, if using encryption, would be this: The person who uses this "private" folder doesn't really know anything about Linux and how to SSH to the server etc, we have to use Windows on our workcomputers, and we connect to the fileserver that has Samba on it. Is it possible to encrypt/decrypt on the fly like that if the user connects in that way, or will you have to do it the complicated way?

the best way is for him to use some encryption tool on his Windows workstation and then save the files already encrypted onto the Linux fileserver.

Next to encryption, AFAIK that kind of compartmentalization is what SE Linux MLS is all about. You'll have to wait for people like Unixfool or Farslayer to drop by for help though. I haven't yet found the time to mess with a near-EAL4+ MLS running server.

You cannot exclude root. Perhaps the data could be stored on a removable drive.

If the information is a government-grade "confidential" or "secret," then you should refer to the appropriate guidelines for the handling of such information, as issued by your government.

If the user with the confidential information doesn't even trust the companies own system administrator, then the only reasonable option among the easy choices is to avoid storing such data on the Linux fileserver.

A somewhat more complicated solution would be to program an application for the user's Windows system, that manages the confidential informations or files and does the encryption and data transfer behind the scenes. This way the data would be stored on the fileserver, but due to the encryption no one would be able to use/misuse it. The user will have to keep his own Windows PC safe from attacks and has to maintain his passwords, but the system administrator would be free of any responsibility.

Arch Linux

I think some encryption programs (TrueCrypt) are compatible with both windows and linux. Maybe this would work...

Thanks everyone for all the replies! Well, the thing is that I'm not a system administrator, I'm just an "agent" with somewhat more computer knowledge than the rest, so I was asked to do this sort of as a small project. But we decided that I could be trusted to not look at the confidential information that was to be stored on the disk. (And no, this is not government-grade confidential, but still.. Wouldn't be good if the information would get out)

Anyways.. Everything worked out fine, and I didn't have to go and install and configure a lot of other stuff, lyckily! Thanks again for the help! :o)