Focus on Linux
administrator permissions mail server Feb 06 2007 12:51PM
Step0ut (step0ut yahoo gr) (7 replies)
Re: administrator permissions mail server Feb 07 2007 06:17PM
Cristóbal Palmer (cristobalpalmer gmail com)
Re: administrator permissions mail server Feb 07 2007 04:57PM
Richard Cox (khabi pixelatedninja com)
Re: administrator permissions mail server Feb 07 2007 10:08AM
Alexander Klimov (alserkli inbox ru)
Re: administrator permissions mail server Feb 06 2007 09:27PM
Greg Metcalfe (metcalfegreg qwest net)
On Tuesday 06 February 2007 04:51, Step0ut wrote:
> Hi everyone,
>
> I am sorry if this is not the exact forum to post this question but seemed
> the most relevant.
> I am working in a network with 40/50 PC's managed by 3 people with
> administrator passwords.
> The OS used is GNU/Linux.
> There is also a webmail service provided by the same server, which is also
> maintained
> by the same people.
> My question is the following:
> Since the administrator has of course access to all user files, does this
> mean that
> one with administrator privileges can read everybody's emails?
>
> Cheers,
> step0ut
Short answer is yes. You may want to research SELinux, but be advised that you
would have to go beyond protecting files/directories. You probably have to
deal with lots of scope for network sniffers, etc., as well.

Protecting an internal network against it's own administrators is going to be
extremely difficult. Even if you build some sort of uber-bastion host that
checks everything on other servers, client machines, etc., at the end of the
day you have to trust at least one admin.

It *might* be possible to at least set up an audit system that's likely to
catch bad actors. But I wouldn't bet on it, unless your budget allows for
defense mechanisms commonly found in financial institutions, highly secure
military systems, etc.

As always, it comes down to the value of what you're trying to protect, the
likely threats, and the cost tradeoffs.

--
Greg Metcalfe

[ reply ]
Re: administrator permissions mail server Feb 06 2007 07:15PM
druid stonedcoder org
Re: administrator permissions mail server Feb 06 2007 04:44PM
Klaas Schaafsma (klaas xs4all nl)
Re: administrator permissions mail server Feb 06 2007 04:28PM
Stephen Hauskins (stephen acg ucsc edu)


 

Privacy Statement
Copyright 2010, SecurityFocus