help, root overpowered ?

Dear all,

I am a newbie. I play with linux CLI now (using chmod and chown).
It seems to me that if I am using su -as root- I can use all directories
and files that I -by my own setting- not allowed. For instance I have
set chown 700 to some files and folder as a normal user. I think it will
prevent anyone else using it (even root). But when as root I can still
read the content of thet file.
My question is, is that a normal in *nix world ? I imagine how powerfull
an computer administrator of a company will be. He can read *all
sensitive data* that beyond his level. Please tell me, and point me
where my understanding of this matter that was wrong. Sorry for the
unproper English.

Thank you very much in advance.

-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: help, root overpowered ?

Franklin Chua wrote:
> Hello,
>
> I think there is nothing wrong with it. If you really need to keep
> the "superuser"
> from reading your sensitive data, you might have to find other ways of
> protecting
> your files, like data encryption.
>
> Regards,
>
> sn00born wrote:
>
>> Dear all,
>>
>> I am a newbie. I play with linux CLI now (using chmod and chown).
>> It seems to me that if I am using su -as root- I can use all
>> directories and files that I -by my own setting- not allowed. For
>> instance I have set chown 700 to some files and folder as a normal
>> user. I think it will prevent anyone else using it (even root). But
>> when as root I can still read the content of thet file.
>> My question is, is that a normal in *nix world ? I imagine how
>> powerfull an computer administrator of a company will be. He can read
>> *all sensitive data* that beyond his level. Please tell me, and point
>> me where my understanding of this matter that was wrong. Sorry for the
>> unproper English.
>>
>> Thank you very much in advance.
>>

Ok thanks to reply,

Now I come to this point. I want to know the daily practice in the
coorporation about this matter, I mean up until these days. Is the
encryption is what they they use to solve this problem (i.e to keep the
CEO data save)? I imagine the *common non technical user* of the company
boxes, are there any automatic mechanism to keep every common user from
headache setting the encryption.

Thank you so much


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: help, root overpowered ?

Hello,

I think there is nothing wrong with it. If you really need to keep
the "superuser"
from reading your sensitive data, you might have to find other ways of
protecting
your files, like data encryption.

Regards,

sn00born wrote:

> Dear all,
>
> I am a newbie. I play with linux CLI now (using chmod and chown).
> It seems to me that if I am using su -as root- I can use all
> directories and files that I -by my own setting- not allowed. For
> instance I have set chown 700 to some files and folder as a normal
> user. I think it will prevent anyone else using it (even root). But
> when as root I can still read the content of thet file.
> My question is, is that a normal in *nix world ? I imagine how
> powerfull an computer administrator of a company will be. He can read
> *all sensitive data* that beyond his level. Please tell me, and point
> me where my understanding of this matter that was wrong. Sorry for the
> unproper English.
>
> Thank you very much in advance.
>
> -
> To unsubscribe from this list: send the line "unsubscribe
> linux-newbie" in
> the body of a message to majordomo@vger.kernel.org
> More majordomo info at http://vger.kernel.org/majordomo-info.html
> Please read the FAQ at http://www.linux-learn.org/faqs
>
>


-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs

Re: help, root overpowered ?

sn00born wrote:
> Dear all,
>
> I am a newbie. I play with linux CLI now (using chmod and chown).
> It seems to me that if I am using su -as root- I can use all directories
> and files that I -by my own setting- not allowed. For instance I have
> set chown 700 to some files and folder as a normal user. I think it will
> prevent anyone else using it (even root). But when as root I can still
> read the content of thet file.
> My question is, is that a normal in *nix world ? I imagine how powerfull
> an computer administrator of a company will be. He can read *all
> sensitive data* that beyond his level. Please tell me, and point me
> where my understanding of this matter that was wrong. Sorry for the
> unproper English.
>
> Thank you very much in advance.

The answer to your question is YES. In a Unix setting, the root user
cannot in practice be restricted from accessing anything on the system.
This is not particularly a Unix/Linux thing; my understandling of
Windows, for example, is that the Admin user there has the same sort of
privlieged access.

The workaround is to give untrusted administrators more restriected
privileges than root access. Some-root-level activities can be made
available to a less-privileged "admin" account, either by using
permissions or sudo settings or maybe other things I am not thinking of
right now.
-
To unsubscribe from this list: send the line "unsubscribe linux-newbie" in
the body of a message to majordomo@vger.kernel.org
More majordomo info at http://vger.kernel.org/majordomo-info.html
Please read the FAQ at http://www.linux-learn.org/faqs