[CentOS] Need help in securing maildir so that rootusershouldnot able to read anyother user's mail

Styma, Robert E (Robert) stymar at alcatel-lucent.com
Tue Mar 20 17:44:05 UTC 2007

 > On Tuesday 20 March 2007 06:45 am, Styma, Robert E (Robert) wrote:
> > You cannot just go to single user mode because going
> > to single user normally requires you to enter the root password.
> I can't test now; I don't have a local CentOS system, but I don't 
> remember ever needing a password to get into single mode on any Linux 
> system.  Am I right, or is my brain falling apart?

I could be confused.  I jump back and forth between Linux, Solaris,
and HP/UX.

> > Of course if access to the machine is not secure, you have to
> > talk about encrypting the contents with passwords only the
> > users have.
> I can't speak for the OP but our machines are secure; to get 
> to them you 
> need my my access card, my lock combination, and my hand <smile>. But 
> if the machines aren't physically secure it's quite easy to get into 
> them without a password.

That is an important consideration.  One of the basic assumptions on
Unix systems (other than the rootless ones) is that the person with
root access is to be trusted.  When you change that assumption, you
have to fall back to other mechanism to secure whatever it is you
need to secure.  If you are just trying to stop a bored sysadmin, 
there ae things that can be done.  If you are trying to stop the
NSA or CIA, you have your work cut out for you.

Requiring several people to be present tends to keep people honest.

More information about the CentOS mailing list