[CentOS] Need help in securing maildir so that root user should not able to read anyother user's mail

Sun Mar 18 22:31:18 UTC 2007
Paul <subsolar at subsolar.com>

On Sun, 2007-03-18 at 22:09 +0100, Andreas Rogge wrote:
> Am Montag, den 19.03.2007, 05:40 +0900 schrieb John Summerfield:
> > You can authenticate against AD.
> > 
> > In principal you could use standard LDAP tools to extract the info and 
> > insert it into openldap, but I don't know about passwords, and probably 
> > you will want to keep AD anyway.
> > 
> 
> AD is more or less LDAP + Kerberos 5
> you can always use nss_winbindd or nss_ldap (which requires MSSFU schema
> extensions in the AD) + pam_krb5 or even a kerberized mailserver to do
> authentication.
> In fact you can even forget the nss-stuff if you use a mailserver that
> doesn't require users to have a system account (e.g. cyrus-imapd)
> 
> You *cannot* forbid root to do anything. And if you could you woudln't
> want to do it.
> The only way I could think of is enctypting the mailstore with the users
> password, but if a user forgets his password you're lost.

This is what some commercial e-mail systems do ... though the mail
server it self has access to the key and so it's possible. For a
resourceful administrators to read the mail anyways.

Even if you could keep root from accessing the files unencrypted, if you
are authenticating against OpenLDAP it would be possible for the
administrator to save off the current password, change it to something
they know, read the mail and then set it back.

I can think of a work-around to root reading the mail unless it arrives
at the server PGP encrypted with a private key and decrypted at the
client. So the only way you could pull it off is to configure clients to
only send messages PGP encrypted internally, a bit of work.

Regards,
Paul Berger