| View previous topic :: View next topic |
| Author |
Message |
c8a7w
n00b
Joined: 06 Oct 2005
Posts: 62
|
 Posted: Sat Aug 07, 2010 1:14 am Post subject: Restricting roots access to files on file server |
 |
|
we have recently setup a file server in the office. its running and everything is good ... except for one request made of me by the MD.
he is not "comfortable" with members of the system administrators team (myself and 3 or 4 others) can access HR files and other confidential files. so looking for a way to restrict access to these without limiting the administrators power. i had thought about sudo but I cant picture in my head how the configuration would work without getting in the way of normal backups and other admin tasks.
one thought i had was encyption. True crypt would allow me to install the decryption on there individual machines and then they would be able to access it. we would be able to move the (encrypted) files around and perform backups etc and the MD can be happy that we cannot access the confidential data.
any ideas or better suggestions? |
|
| Back to top |
|
 |
phajdan.jr
Retired Dev
Joined: 23 Mar 2006
Posts: 1777
Location: Poland
|
| Posted: Sat Aug 07, 2010 2:47 am Post subject: |
|
|
I think it's going to be complicated. With encryption you still probably want to keep some way to recover the keys if HR or somebody else loses their keys.
sudo is one way you can consider, provided that you only need to run a limited set of commands.
If you need a more complex solution, you may want to try SELinux or some other kind of Mandatory Access Control.
_________________
http://phajdan-jr.blogspot.com/ |
|
| Back to top |
|
|
|
Networking & Security
