Mailinglist Archive: opensuse-security (485 mails)

< Previous Next >
Re: [suse-security] About permissions of files.....
  • From: suse@xxxxxx
  • Date: Mon, 8 Mar 2004 15:54:55 -0500
  • Message-id: <20040308155455.9qtdzfoscgw88oks@xxxxxx>
Quoting "onder.akbas@xxxxxxxxxxx" <onder.akbas@xxxxxxxxxxx>:
>
> I will change owner and permission(700) of some directories and files on my
> SuSE Linux 9.0. Owner of these directories will be root. Can anyone reach
> these directories and files if s/he does not know the root password.
>
> I wonder that :
> if someone updates(not new installation),the OS, can s/he change root
> password?
> I think SuSE Update asks the user root password, but i am not sure about
> update via CD.
>
> I dont know any secure way to hide my special files except this way. If
> anyone has better idea tell me the most secure way..
>

If someone can physically get to your server, they can own it. Period.

>From knoppix cd's to physically removing the drive, physical access is the
ultimate root hole. If this is something you're worried about, you should take
measures to physically protect the machine.

The only way in software to protect against physical attacks is encryption. On
my laptop, I keep the main data area in an encrypted partition. Thus, if the
machine is stolen, the files themselves are reasonably secure.

This, of course, has one major drawback: It's impossible to remotely boot the
machine. Each boot requires someone to be present and type in the password. I
suppose there are ways around this, if nothing in the encrypted area is
required at boot, however.

The YaST gui can help you create an encrypted partition, or you can search
around the web for a how-to on created an encrypted loop file, which wouldn't
require you to create a partition. (The latter is the preferred method, imho,
since by using 4.5 gig files, I can easily make fully encrypted backups on dvd)

< Previous Next >