Path: utzoo!attcan!utgpu!jarvis.csri.toronto.edu!mailrus!uwm.edu!gem.mps.ohio-state.edu!ginosko!usc!bloom-beacon!think!barmar
From: barmar@think.COM (Barry Margolin)
Newsgroups: comp.unix.questions
Subject: Re: A way to monitor your files
Message-ID: <29348@news.Think.COM>
Date: 12 Sep 89 19:17:17 GMT
References: <547@chem.ucsd.EDU> <1140@virtech.UUCP> <29114@news.Think.COM> <1142@virtech.UUCP> <11022@smoke.BRL.MIL> <4113@buengc.BU.EDU> <11035@smoke.BRL.MIL> <4125@buengc.BU.EDU>
Sender: news@Think.COM
Organization: Thinking Machines Corporation, Cambridge MA, USA
Lines: 30

In article <4125@buengc.BU.EDU> bph@buengc.bu.edu (Blair P. Houghton) writes:
>I recall mentioning that at the start of this thread I wasn't a superuser
>and didn't even read it.  Thanks for the recap.  I am now a superuser,
>and am interested in all forms of security.

Here's most of the text of the original posting:

 I am really new to unix and was just wondering if there is a program/file 
 or something ( for lack of better word) that allows me to know when and
 by whom my files have been accessed. I have tried to change the mode of
 the files to limit access to only myself ( at least certain personal files)
 but this measure seems utterly useless with superusers. Encrypting is out
 of the question.

>There is _no_ way to keep the SU from looking in your files.  That
>is a feature, not a bug.
>I tell users that if they really want me not to see their stuff
>they should use encrypt(1) or move it off the machine.

Note that he didn't actually ask for a way to prevent the SU from
reading his file; he'd managed to discover on his own that it is
impossible.  He asked for a way to keep track of their snooping.  The
answer is that it is impossible in traditional Unix, and may be
possible to a limited extent in "secure" Unix systems.

Barry Margolin
Thinking Machines Corp.

barmar@think.com
{uunet,harvard}!think!barmar