I am sudo user of our server (Ubuntu). There is also another sudo user in our server, so both of us have access to other directories as root. I have some private files that I do not want to share with the other sudo user. Is there any way to do that?
Asked
Active
Viewed 557 times
3
-
2Have you tried an encrypted container, i.e. https://en.wikipedia.org/wiki/Dm-crypt or "LUKS Container Setup mini-HOWTO" at https://gitlab.com/cryptsetup/cryptsetup/blob/master/FAQ ? – Jun 17 '18 at 11:39
-
You can not just set permissions or ACLs on your folders accordingly, because root (or anybody with sudo access) can revert these. So the only possible option is to encrypt your folders. See e.g. https://askubuntu.com/questions/104542/how-to-encrypt-individual-folders for some suggestions. However, while your folders are decrypted, the content could still be accessed by other users. It just protects during the time when the folders are not decrypted. – Byte Commander Jun 17 '18 at 11:56
-
When a user is given root privileges it means that the user is trusted with all the data on the system. If it is your system and you don't trust the other user then revoke their root privileges. If it is not your system then do not store private data on it. – AlexP Jun 17 '18 at 13:20
2 Answers
3
I have some private files that I do not want to share with the other sudo user. Is there any way to do that?
There is only 1 way: do not store those files on that system.
If it is your server and you do not trust that other user remove his sudo access. Otherwise private data should not be stored on that machine. In case you are in the European Union: The new privacy law does not allow you to store private data on a machine you do not own without notifying, and getting written consent from, the owner of that machine.
- a sudo user with no restrictions can do and undo whatever you can undo and do.
- Encryption of the files or a directory with the files will only give you a false sense of security.
- The same goes for accessing it from a remote system where you need a password (like an USB drive with encryption or a password to mount, gdrive, or a ssh connection).
It is pretty easy to activate a watchdog that copies files to another location. And you yourself will never notice it happening. And it is even easier to install a key logger to catch any password you type.
Rinzwind
- 299,756
-
Do you mean "the owner of that data" instead of "the owner of that machine"? Why would an encrypted LUKS container (with a strong password) give "a false sense of security"? – Jun 17 '18 at 14:04
-
Nope. It is HIS personal data. But the owner of the machine needs to provide proof who did what with that data if the person who that data is about wants to know that. And yes, we all know how idiotic that reads ;-) regarding the 2nd: as soon as the data is decrypted the admin of the machine can get to it. All he needs is a keylogger (there is one in the default repositories ;) ) – Rinzwind Jun 17 '18 at 15:31
-
1luks containers: do read this https://access.redhat.com/solutions/1543373 works for Ubuntu too. – Rinzwind Jun 17 '18 at 15:40
1
You can not hide files from the other sudo user, but you can encrypt your private files before (!) you upload them to the server. To work with your private files (i.e. do en edit), you need to download and then decrypt. After you have finished your work, you must encrypt and upload again.
The sequence matters and it's probably not the most convenient way, but it works: you can store your private (encrypted) files on your server and prevent the other sudo user from reading your private content.
Important: You must do each encryption/decryption process only offline (to be precise: not on your server). If you do it on your server, the other sudo user can record the process and in the end gain access to your files.
Different encryption methods have various pros and cons and to keep my answer short, I'd like to suggest only two tools:
GPG offers file encryption with a symmetric cipher using a passphrase (and much more) and is pretty straightforward.
cryptsetup allows you to create a password protected LUKS container and use it like a common loop-device. Be advised: you never want to unlock a LUKS container online (to be precise: on your server), else the other sudo user can extract the LUKS master key and use it to add a new key (thanks to @Rinzwind for the URL).
Needless to say it's always good to choose strong passwords and of course the other sudo user can download your encrypted file and try to decrypt using brute force.
-
1And of course you would want to make sure the encrypted file was not altered, so you would want to store a cryptographic checksum of the file offline as well. – jrw32982 Jun 21 '18 at 20:13