0

I'm trying to set up a shared drive for my team using Centos. The team might have root privileges through sudo on this system.

The over all goal is under /home/ have each member dir be encrypted so no member can view anyone data, be able to map the drive in windows for easy access.

What I was able to find is encFS but that seems like it would only work for them login in to the linux system not having it mapped.

krizzo
  • 387
  • 2
  • 5
  • 16
  • 2
    Your two requirements (root) access and prevent people from seeing data they don't own really are mutually exclusive. If you don't trust people to not poke around, then you probably shouldn't trust them as root on that system. – Zoredache Dec 12 '11 at 22:40
  • It's not that they aren't trusted, I wasn't sure why my manager wanted this, he said it's not a big deal they could always encrypt the files before storing them. I just though it would be better to have the server automatically encrypt them. The team uses a shared password safe, I think he was thinking if they also had a personal password safe it would add an extra layer. – krizzo Dec 13 '11 at 00:28

2 Answers2

1

So, if I understand what you're saying, you will want to do the decryption of the home directories on the Windows clients (so what's visible by root on the Linux box will only be ciphertext), as well as a shared directory that's plaintext.

You will need to look at Windows EncFS clients. I haven't tried these products, but you can look at this: https://superuser.com/questions/179150/is-anyone-working-on-an-encfs-client-for-windows

So, you'd do something like mount the home directory on Windows, and then run "encfs cryptdir plaindir", where the cryptdir is what's coming from the Linux box, and plaindir is what's on the Windows box. Decryption will happen on the Windows box, so the root user on the Linux box can't see what the files are. You will not do any decryption on the Linux box; it will just be serving the EncFS ciphertext directory as a samba share.

You can possibly use more proven technology like TrueCrypt. In this case, each user's home directory on Linux would contain the TrueCrypt volume, which would be decrypted on Windows and mounted there.

Mind you, this may not be the best way to do this. You might consider a couple different servers, one for the home directories with restricted access, etc.

Community
  • 1
cjc
  • 24,916
  • 3
  • 51
  • 70
-1

The over all goal is under /home/ have each member dir be encrypted so no member can view anyone data, be able to map the drive in windows for easy access.

Looks like you want to permission the home dirs correctly which should be done by default.

As for accessing as a drive via Windows, check out web drive

www.webdrive.com

ckliborn
  • 2,778
  • 4
  • 25
  • 37
  • Why the down vote with no comment? – ckliborn Dec 12 '11 at 23:12
  • I didn't downvote, but it might have been because of the webdrive.com recommendation. Why do you suggest that? Why should that be required? I think I have an idea why you are suggesting that, but it would make your answer a lot better if you were a lot more verbose about why that would help. – Zoredache Dec 12 '11 at 23:18
  • WebDrive allows you to map a linux folder (via SFTP) as a drive under Windows. – ckliborn Dec 12 '11 at 23:27