[CentOS] Q. LUKS or ecryptfs-utils ?
Fran Garcia
franchu.garcia at gmail.comWed Oct 22 22:31:15 UTC 2014
- Previous message: [CentOS] Q. LUKS or ecryptfs-utils ?
- Next message: [CentOS] Q. LUKS or ecryptfs-utils ?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
On Wed, Oct 22, 2014 at 9:32 PM, James B. Byrne <byrnejb> wrote: > I am now investigating encrypting our IMAP user spool files. Does anyone have > experience with handling encrypted data stores using either or both of the > subject methods and would care tio share their observations? Which is the > preferred method (I know: it depends, but on what?)? What administrative > pain does each cause? I guess you first need to decide what/who are you protecting your email from. If we are speaking about somebody entering into the datacenter and stealing/cloning a disk containing your users' emails, the luks solution described by Digimer should work fine. If you want to protect sensitive users of your organization (HR director, CFO, etc) from your own IT admins, things get complicated easy :-) . ecryptfs can do a per-user file-based encryption but it doesn't really handle multi-user environments. If your /home/user1 is mounted from a ecrypfs filesystem, nothing prevents root / sudo'd processes from picking files from a certain user. For the latter I'd suggest using PGP -- although instructing users to handle the complexity of client-based encryption is another huge task. My 0.02€
- Previous message: [CentOS] Q. LUKS or ecryptfs-utils ?
- Next message: [CentOS] Q. LUKS or ecryptfs-utils ?
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
More information about the CentOS mailing list