[CentOS] Need help in securing maildir so that root user should not able to read anyother user's mail

Sun Mar 18 15:41:03 UTC 2007
John R Pierce <pierce at hogranch.com>

Morten Torstensen wrote:
> ankush grover wrote:
>> c) Security of Maildir means even root user should not be able to read
>> any user's mail.
> You can do that with SElinux... you would have to limit filesystem 
> access AND user access so that root just not su to a user and access 
> it from there.
> But someone who have physical access to the server will be able to get 
> access. Administrative routines need access too, for stuff like backup 
> and restore.
> So for c) I would limit what I can and then have audit routines to map 
> usage.

and limit root so he can't disable selinux?

ummmmmm.   right.

and, as Morten points out, backup needs access to maildir (and of 
course, anyone with physical access to the backup media will have access 
to the mail on them too)

Only thing I can think of... setup the administrators 'normal' accounts 
to have specific SUDO's for _all_ 'normal' administrative activities, 
and put the real root password on a slip of paper in a sealed envelope 
in the key escrow safe that requires 3 people's combinations to open.   
and hope nothing goes wrong.