Howto not allow root

A forum for help on TrueCrypt 7.1a problems. Note: the CipherShed team will not feel obligated to answer your questions. This is the community's task.
Forum rules
The original TC forums are down, so here you can ask the community for help with your TrueCrypt 7.1a installation. Note that the CipherShed team does not have the time, nor is it's purpose to answer your questions here. This is merely a new spot for the community to gather again, and for users to help eachother.

Howto not allow root

Postby umu » Sat May 30, 2015 1:24 pm

how can a user effectively restrict root access to the mounted truecrypt volume?
Best would be if user can fully control whom he grants access (and that should be on a user-base only, not via group membership).

In my case I use file-volumes (not device volumes) and only the owner of the truecrypt-volume
shall be able to access the contents of the mounted volume. Root and other users shall have no access to the mounted data.

Is that possible in the current version?
If that's not possible yet, then I propose that it should be implemented in the new version.

Rationale behind this paranoia: one cannot trust root.

Posts: 2
Joined: Sat May 30, 2015 1:06 pm

Re: Howto not allow root

Postby GigabyteProductions » Sat May 30, 2015 7:16 pm

It needs to be understood that there's no way to prevent root from gaining access to anything on the computer. The definition of root as a user basically means access to everything. Root is not just a mere user that can be added to an ACL with the value of deny; root is the privilege that even the kernel itself runs under, that even your FUSE implementation runs under. Root is supposed to do anything and everything to a system. You can not block root from doing anything. Not trusting root means you can't trust the entire system. Don't open your TrueCrypt/CipherShed volumes on a computer that you don't trust/administer yourself.
User avatar
Posts: 16
Joined: Sat Jun 07, 2014 8:00 pm
Location: USA

Return to Help

Who is online

Users browsing this forum: No registered users and 1 guest