[CentOS] Need help in securing maildir so that root usershouldnot able to read anyother user's mail

Tue Mar 20 13:45:00 UTC 2007
Styma, Robert E (Robert) <stymar at alcatel-lucent.com>

 
> Subject: Re: [CentOS] Need help in securing maildir so that 
> root usershouldnot able to read anyother user's mail
> 
> 
> > When you have to do system maintenance, you will have to
> > boot from CD, fix the root account, reboot and do the 
> > maintenance.  The sysadmin will do the maintenance from
> > a checklist while a large Marine guard with and M16 follows
> > along.  When done, scramble the root password.
> 
> Boot from CD?!?! Linux single is all you need.
> 
> A large Marine guard? Man, this must be a joke post right? 
> Where is the 
> smiley? Bring along a clueless Marine armed with a M16?

True, there was humor mixed in with the suggestion.  The
Marine part comes from tales some friends of mine told who
worked with nuclear weapons while they were in the service.
Whenever maintenance was being applied, two soldiers with
M16's were watching them and had copies of the checklist.
The idea was to avoid any funny business.

Assuming you do now wish to used a secure "rootless" system,
disabling root except when doing system maintenance and having
someone observing the system admin is a way to get the job
done.  You cannot just go to single user mode because going
to single user normally requires you to enter the root password.
With the root account disabled or having a scrambled password,
you will not be able to do this.  Thus the suggestion of using
the boot CD.

Of course if access to the machine is not secure, you have to
talk about encrypting the contents with passwords only the
users have.

Bob Styma