On Thu, 11 Apr 2019 20:56:04 -0700 David Christensen <dpchr...@holgerdanske.com> wrote:
... > If I remember encfs correctly, encfs is designed to provide exclusive > access to the user who mounts an encrypted folder -- no other user, > including root, can see the plaintext. My understanding is that while this is technically correct, it must be understood that any protection against a malicious root user is nevertheless mostly illusory, since root can simply do 'su username' (not to mention run a password sniffer, or directly examine kernel data structures, bypassing the filesystem): https://unix.stackexchange.com/questions/94170/use-encfs-to-encrypt-files-so-that-a-particular-user-or-process-can-access-them https://unix.stackexchange.com/questions/47018/encfs-with-expect-access-denied https://www.linuxquestions.org/questions/linux-security-4/can-i-protect-against-root-592947/ https://askubuntu.com/questions/316197/password-protect-files-folders-using-cli Celejar
