0

I would like to be able to encrypt the /etc directory so that it can't be accessed without a password. How would I go about doing that? I want my Ubuntu Server to be able to access everything in that directory so that it can use all the packages without any problems but if somebody tries to access that directory to look at the configurations they will need a password. Will encryption stop Ubuntu from being able to run the packages on boot?

Thompson Dawes
  • 695
  • 1
  • 6
  • 20
Elliot.P
  • 11
  • 1
    You really can't block users read access to /etc. Too many tools need to look up things there. – Soren A Jan 19 '17 at 13:02
  • 2
    Please explain what in /etc/ would be a problem for users to read? Let's assume my.cnf If there is a username and password in there you really need to move it to another location. /root/.my,cnf would be unreadable by others than root. (mind the 1st dot) and you can store anything in there. – Rinzwind Jan 19 '17 at 13:16
  • We don't want users to see our packages and configurations as they could recreate it for themselves. – Elliot.P Jan 19 '17 at 14:21
  • 2
    Then set permissions to those 'special' dir, make them unavailable to read. But why would anyone restrict access to /etc?You can easily mess up system if you don't know what you are doing. – fugitive Jan 19 '17 at 14:39

1 Answers1

0

One choice would be to use an overlay filesystem for the /etc directory. More exactly:

Assuming you want to encrypt the /etc folder only when the disk is accessed offline (because online you would definitely need it):

  • one choice would be to have another partition for the /etc folder;
  • then, encrypt/decrypt this entire partition using LUKS.

If you want more, you can encrypt the whole filesystem using LUKS or TPM.

If you want to prevent also changing the content inside the /etc folder:

Here's some Ubuntu tutorial for this (adapt it to your situation): https://help.ubuntu.com/community/Full_Disk_Encryption_Howto_2019

success!...

BeastOfCaerbannog
  • 14,585
Andrei Caba
  • 11
  • 2