George Toft wrote: > Requirements: > 2. Files owned by vpopmail:vchkpw can only be read by said user:group - > this includes root. We need to lock root (and every other user) out of > the messages. > > #2 sounds like a job for SELinux. Alternatives are welcome :) > You mean keep out junior sysadmins who have root access, or really keep root out? I don't know of any way to really keep root out. Root has access to everything. Period. Crypto can't solve it, unless the system only has access to the cyphertext (if you encrypt/decrypt locally then root can read the plaintext from memory, and/or get the key and read everything). Different schemes have been proposed and implemented so that root can't do this or that but none that I know of really work against a sophisticated attacker, because in *nix "root == the system." If you (wisely) take it as a given that root can compromise your box, then your problem becomes locking down root access. There are pretty effective, well known ways to do that. -- Darrin Chandler | Phoenix BSD Users Group dwchandler@stilyagin.com | http://bsd.phoenix.az.us/ http://www.stilyagin.com/ | --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change you mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss