[CentOS] Need help in securing maildir so that root user should not able to read anyother user's mail

Sun Mar 18 17:20:00 UTC 2007
Robert <kerplop at sbcglobal.net>

John R Pierce wrote:
> Morten Torstensen wrote:
>> ankush grover wrote:
>>> c) Security of Maildir means even root user should not be able to read
>>> any user's mail.
>>
>> You can do that with SElinux... you would have to limit filesystem 
>> access AND user access so that root just not su to a user and access 
>> it from there.
>>
>> But someone who have physical access to the server will be able to 
>> get access. Administrative routines need access too, for stuff like 
>> backup and restore.
>>
>> So for c) I would limit what I can and then have audit routines to 
>> map usage.
>>
>
> and limit root so he can't disable selinux?
>
>
> ummmmmm.   right.
>
> and, as Morten points out, backup needs access to maildir (and of 
> course, anyone with physical access to the backup media will have 
> access to the mail on them too)
>
>
> Only thing I can think of... setup the administrators 'normal' 
> accounts to have specific SUDO's for _all_ 'normal' administrative 
> activities, and put the real root password on a slip of paper in a 
> sealed envelope in the key escrow safe that requires 3 people's 
> combinations to open.   and hope nothing goes wrong.

Isn't all this just a little bit like expecting the doctor to address 
one's hemorrhoids without dropping one's skivvies?
"Lord, deliver me from idiots in high places. Amen".

Clearly, if management can't trust the Admin, then both have a problem.