From owner-freebsd-questions Mon Jun 14 12:13:42 1999 Delivered-To: freebsd-questions@freebsd.org Received: from corinth.bossig.com (corinth.bossig.com [208.26.239.66]) by hub.freebsd.org (Postfix) with ESMTP id 9CA2715228; Mon, 14 Jun 1999 12:10:07 -0700 (PDT) (envelope-from kstewart@3-cities.com) Received: from revolution.3-cities.com (revolution.3-cities.com [204.203.224.155]) by corinth.bossig.com (Rockliffe SMTPRA 3.3.1) with ESMTP id ; Mon, 14 Jun 1999 12:11:59 -0700 Received: from 3-cities.com (kenn1181.bossig.com [208.26.241.181]) by revolution.3-cities.com (8.9.3/8.9.3) with ESMTP id MAA21917; Mon, 14 Jun 1999 12:09:51 -0700 (PDT) Message-ID: <3765537B.6D0BC801@3-cities.com> Date: Mon, 14 Jun 1999 12:09:47 -0700 From: Kent Stewart Reply-To: kstewart@3-cities.com Organization: Columbia Basin Virtual Community Project X-Mailer: Mozilla 4.51 [en] (Win98; U) X-Accept-Language: en MIME-Version: 1.0 To: Zhihui Zhang Cc: Ilia Chipitsine , "Jason L. Schwab" , freebsd-questions@freebsd.org, freebsd-security@freebsd.org Subject: Re: reading files. References: Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Zhihui Zhang wrote: > > On Mon, 14 Jun 1999, Ilia Chipitsine wrote: > > > > Unless you are root or has somehow gotten the root password. Or you may > > > steal the hard drive and examine it elsewhere. BTW, I know Windows-NT has > > > a feature that does not allow the Administrator (known as root in Unix) to > > > access the file of a normal user. I wonder if this feature can be added > > > to FreeBSD easily. > > > > it can be added easily, use PGP, that was the how i prevented my > > account at my school to be examined by root. > > > > Pretty Good Privacy? Can you show me how to do it in FreeBSD or give me > any pointers? I think something like PGP is the only way. The way I remember administrator priviledges with NT is that you can't keep me from accessing a file. I just have to take ownership of the user's directories and then change the ownership of the file I want to look at. When I get through, I would have to change the ownership of everything I changed back to the user. I also think this would leave many tracks behind, which isn't a quiet way like su'ing to the user from root. As a backup operator, I think I could backup your files and restore them on a different system. Then you wouldn't know I have accessed your files. I've never backed up a user's files on one system and restored them to another system but I have never seen anything that would prevent me from doing that. I may have to add the user to that system but then I would know the password and it would be trivial. The problem with PGP is that by the time you have a pretty good key it will be easy to forget and then you have lost access to your file. Kent > > Thanks. > > -Zhihui > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- Kent Stewart Richland, WA mailto:kstewart@3-cities.com http://www.3-cities.com/~kstewart/index.html To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message