[CLUE-Tech] Sys Admin security and user directory security

Tue Jan 1 11:09:54 MST 2002

On Tue, Dec 18, 2001 at 05:53:00PM -0700, Jeremiah Stanley wrote:
> > I've got a question that I have not been able to answer: How can you
> > provide system security and directory security at the same time with
> > different people?  For example, I'd like to let the sysadmin handle
> > all of the upgrades, updates, etc for the computer security but NOT
> > allow the sysadmin to view the financials in /home/kevin directory.
> > I'm assuming this is possible, but how does one go about it?
> 
> This to me sounds like an ethics issue. The administrator is always going 
> to have access to everything. You just have to trust/pay them enough that 
> they won't. Have them sign privacy statements and user agreements if that 
> is your legal bag. 
> 
> One simple way, encrypt the data (PGP/GPG come to mind). And the admin 
> will not know the passphrase for the key. I think that both of these 
> follow the KISS principal pretty well.

It is an ethics issue.  However the point that Kevin has which is felt by
many companies with "secure" and "sensitive" data, it shouldnt' be seen
by folks that shouldn't see it.  These companies aren't willing to take
the risk of an "unethical" person.  They want it to be computerized so 
the huan factor is either removed or limited.

ACLs are the way to go.  How those ACLs are implemented is one of a zillion
different ways.  It all depends on how much you want to deal with.  Most if
not all of the ACL systems I have worked with are pretty easy to work with
once they are setup for your envirnoment.  

AFS is a really good one if you have LOTS of disk space with lots of 
different permissions needed by different groups.  The problem is this
one is still in the same problem as root.  Root is god.  

SE Linux works on the idea that if your doing things related to security
you only are allowed to do those things.  You can modify these /etc files
but can't view anything else in the system.  If your a sysadmin you can
run backup but you can't view any files in subdirectories off of /home
If you need to remove a .login file from a /home what usually is setup
is (a) security guy is there, (b) sysadmin is there, (c) both have to
enter their passwords at the same time to do something that steps over
"boundries" of systems.  

C2 security concepts for those who just don't have enough people involved
in managing a system.  

Just two options in how to go forward.

ian