Protecting message files acess even from root

Sven Schwedas sven.schwedas at tao.at
Sat Feb 1 04:38:43 EST 2014


Given that a physical root can bypass any and every ACL, encrypting
messages (upon receiving, e.g.) is the only remotely plausible way to
prevent access.

And even then the admin could sniff all SMTP traffic and copy messages
before encryption, so you'd need to monitor him anyway.



Why again does someone you trust so little have root access to anything
more sensitive than a calculator? ;-)

On 2014-01-31 17:47, Fabio S. Schmidt wrote:
> Hi Dan ! Thanks for the answer !
> 
> I'm trying to prevent local access from a physical administrator. Even
> if looged as root should be impossible to read the messages on the Cyrus
> partitions. Other emails stores that I have dealt with also stores the
> messages in files.
> 
> Blackman and Goetz, Thanks for the reply, but my problem is that not all
> messages will be encrypted at the source. AND EVEN if the message is
> encrypted we want to prevent the access from a physical administrator.
> 
> 
> 
> ----
> Cyrus Home Page: http://www.cyrusimap.org/
> List Archives/Info: http://lists.andrew.cmu.edu/pipermail/info-cyrus/
> To Unsubscribe:
> https://lists.andrew.cmu.edu/mailman/listinfo/info-cyrus
> 

-- 
Mit freundlichen Grüßen, / Best Regards,
Sven Schwedas
Systemadministrator
TAO Beratungs- und Management GmbH | Lendplatz 45 | A - 8020 Graz
Mail/XMPP: sven.schwedas at tao.at | +43 (0)680 301 7167
http://software.tao.at

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 665 bytes
Desc: OpenPGP digital signature
Url : http://lists.andrew.cmu.edu/pipermail/info-cyrus/attachments/20140201/0b5649d3/attachment.bin 


More information about the Info-cyrus mailing list