Page 1 of 1

Howto not allow root

PostPosted: Sat May 30, 2015 1:24 pm
by umu
how can a user effectively restrict root access to the mounted truecrypt volume?
Best would be if user can fully control whom he grants access (and that should be on a user-base only, not via group membership).

In my case I use file-volumes (not device volumes) and only the owner of the truecrypt-volume
shall be able to access the contents of the mounted volume. Root and other users shall have no access to the mounted data.

Is that possible in the current version?
If that's not possible yet, then I propose that it should be implemented in the new version.

Rationale behind this paranoia: one cannot trust root.


Re: Howto not allow root

PostPosted: Sat May 30, 2015 7:16 pm
by GigabyteProductions
It needs to be understood that there's no way to prevent root from gaining access to anything on the computer. The definition of root as a user basically means access to everything. Root is not just a mere user that can be added to an ACL with the value of deny; root is the privilege that even the kernel itself runs under, that even your FUSE implementation runs under. Root is supposed to do anything and everything to a system. You can not block root from doing anything. Not trusting root means you can't trust the entire system. Don't open your TrueCrypt/CipherShed volumes on a computer that you don't trust/administer yourself.