[CentOS] Need help in securing maildir so that root usershould not able to read anyother user's mail

Styma, Robert E (Robert) stymar at alcatel-lucent.com
Mon Mar 19 20:54:52 UTC 2007


 
> Subject: Re: [CentOS] Need help in securing maildir so that 
> root usershould not able to read anyother user's mail
> 
I can only think of one mechanism that might work in the
correct environment.  Put the mail server on it's own machine
which does nothing else but server the mail.  Get everything
running, disallow NFS mounts, and scramble the root password
so effectively there is no root account.  Now root can not
access other peoples mailboxes because there is no root.

When you have to do system maintenance, you will have to
boot from CD, fix the root account, reboot and do the 
maintenance.  The sysadmin will do the maintenance from
a checklist while a large Marine guard with and M16 follows
along.  When done, scramble the root password.

This would only work in a physically secure environment.
The idea being that there has to be several people watching
while root does any work.

There are secure ways of setting up Linux where there is
no real root.  

Bob Styma



More information about the CentOS mailing list