Encrypted home partition accessible by administrator
Liam Proven
lproven at gmail.com
Wed Apr 24 11:58:48 UTC 2019
On Wed, 24 Apr 2019 at 13:25, Colin Law <clanlaw at gmail.com> wrote:
>
> Even when the user whose home is encrypted is not logged in? I had
> assumed that the users password was part of the key to unlocking the
> encryption.
As I said, I have only done this on the whole-partition level. As such, yes.
This is why Unix sysadmins have joke T-shirts that say:
I CAN READ YOUR EMAIL
Root can do anything it wants.
Windows NT is a bit further down the line and has the concept of
permission levels for admin accounts. E.g. in a prior role I was a
domain admin but I only had permissions to install apps locally on
workstations, not on servers, and I could not create, delete or alter
user accounts on servers.
I do not know of any Unix system that does stuff like this yet, but
it's not my area of expertise. It is probably something that is
possible with enterprise Unixes using groups, and as such, admins
wouldn't be root -- because normally, root can do anything and
everything.
--
Liam Proven - Profile: https://about.me/liamproven
Email: lproven at cix.co.uk - Google Mail/Hangouts/Plus: lproven at gmail.com
Twitter/Facebook/Flickr: lproven - Skype/LinkedIn: liamproven
UK: +44 7939-087884 - ČR (+ WhatsApp/Telegram/Signal): +420 702 829 053
More information about the ubuntu-users
mailing list