PHWinfo - Afficher un message

24/08/2006, 16h48

In article <qfGdneaD8449KHDZnZ2dnUVZ_tmdnZ2d@comcast.com>,
Jon LaBadie <jxlabadie@axcxmx.org> wrote:

> ph wrote:
> > hello
> >
> > i want to learn how to protect some files so that others,even root,
> > cannot open or modify the files like source codes etc. is that possible
> > on unix ?
> >
> > thank you in advance.
> >
>
> Some systems support "extended attributes", i.e. beyond just rwx.
> For these, "immutable" may be an attribute that can be applied
> to the files and directory they are in. If set, root can't
> modify the file. Of course, root can probably reset the attribute.
>
> Can they be stored on a NFS server where a remote root has no
> special privilege?

Unix runs with the assumption that root has total access to everything
in the filesystem. Once someone has root on a system, they have that
access. The only way to protect against this is to either

1) store the file on the system encrypted with one of the various
encryption programs (research for that is left to the reader)

2) don't store it on the system except when you're using it (e.g. buy a
thumb drive)

--
DeeDee, don't press that button! DeeDee! NO! Dee...

24/08/2006, 16h48	#4
Michael Vilain Messages: n/a Hébergeur:	Re: secure files In article <qfGdneaD8449KHDZnZ2dnUVZ_tmdnZ2d@comcast.com>, Jon LaBadie <jxlabadie@axcxmx.org> wrote: > ph wrote: > > hello > > > > i want to learn how to protect some files so that others,even root, > > cannot open or modify the files like source codes etc. is that possible > > on unix ? > > > > thank you in advance. > > > > Some systems support "extended attributes", i.e. beyond just rwx. > For these, "immutable" may be an attribute that can be applied > to the files and directory they are in. If set, root can't > modify the file. Of course, root can probably reset the attribute. > > Can they be stored on a NFS server where a remote root has no > special privilege? Unix runs with the assumption that root has total access to everything in the filesystem. Once someone has root on a system, they have that access. The only way to protect against this is to either 1) store the file on the system encrypted with one of the various encryption programs (research for that is left to the reader) 2) don't store it on the system except when you're using it (e.g. buy a thumb drive) -- DeeDee, don't press that button! DeeDee! NO! Dee...