[46] in The Cryptographic File System users list
Protection against superuser?
daemon@ATHENA.MIT.EDU (Manuel Panea)
Thu Apr 23 06:17:58 1998
From owner-cfs-users@research.att.com Thu Apr 23 10:17:58 1998
Return-Path: <owner-cfs-users@research.att.com>
Delivered-To: cfs-mtg@bloom-picayune.mit.edu
Received: (qmail 9342 invoked from network); 23 Apr 1998 10:17:57 -0000
Received: from unknown (HELO rumor.research.att.com) (192.20.225.9)
by bloom-picayune.mit.edu with SMTP; 23 Apr 1998 10:17:57 -0000
Received: from research.att.com ([135.207.30.100]) by rumor; Thu Apr 23 06:13:41 EDT 1998
Received: from amontillado.research.att.com ([135.207.24.32]) by research-clone; Thu Apr 23 06:15:54 EDT 1998
Received: from nsa.research.att.com (majordomo@nsa.research.att.com [135.207.24.155])
by amontillado.research.att.com (8.8.7/8.8.7) with ESMTP id GAA24284;
Thu, 23 Apr 1998 06:15:46 -0400 (EDT)
Received: (from majordomo@localhost) by nsa.research.att.com (8.7.3/8.7.3) id GAA08716 for cfs-users-list; Thu, 23 Apr 1998 06:13:01 -0400 (EDT)
X-Authentication-Warning: nsa.research.att.com: majordomo set sender to owner-cfs-users@nsa.research.att.com using -f
Received: from research.att.com (research-clone.research.att.com [135.207.30.100]) by nsa.research.att.com (8.7.3/8.7.3) with SMTP id GAA08712 for <cfs-users@nsa.research.att.com>; Thu, 23 Apr 1998 06:12:58 -0400 (EDT)
Received: from sat.ipp-garching.mpg.de ([130.183.1.21]) by research-clone; Thu Apr 23 06:14:55 EDT 1998
Received: from netadm.ipp-garching.mpg.de (netadm.ipp-garching.mpg.de [130.183.1.37]) by sat.ipp-garching.mpg.de (8.6.10/8.6.10) with SMTP id MAA22524 for <cfs-users@research.att.com>; Thu, 23 Apr 1998 12:14:37 +0200
Date: Thu, 23 Apr 1998 12:14:37 +0200 (METDST)
From: Manuel Panea <mpd@rzg.mpg.de>
X-Sender: mpd@netadm.ipp-garching.mpg.de
To: cfs-users@research.att.com
Subject: Protection against superuser?
Message-ID: <Pine.HPP.3.96.980423120219.4843G-100000@netadm.ipp-garching.mpg.de>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Sender: owner-cfs-users@research.att.com
Precedence: bulk
Hi all,
sometime ago I downloaded and installed cfs on my workstation. After
testing it, I still don't get the point of cfs:
In a normal Unix environment, if I want to avoid that other users read my
files I just have to set the file-access permissions accordingly and
that's it. Only "root" can still read my files, so I can encrypt (e.g.
with the "crypt" command) any files I do not want "root" to read. cfs
makes it a little more comfortable because I do not have to type a
password for every file I want to encrypt or decrypt, but then the
protection against "root" is lost because "root" can anytime go to my
mounted cfs-filesystem and read everything anyway.
So, am I missing something here? What's the point of cfs? How are you
people using it?
---------------------------------------------------------------------------
Manuel Panea <mpd@rzg.mpg.de> http://www.rzg.mpg.de/~mpd
Rechenzentrum Garching, Germany
---------------------------------------------------------------------------
