How to securely store passwords in a configuration file on Linux?











up vote
0
down vote

favorite
1












I have a file in my Linux system that's called ".fetchmailrc" and it's used to configure the email address that fetchmail will get the mails from. Hence, I have to type my password and email address in plain text.



Here is how the .fetchmailrc file looks like:



set daemon 1
set logfile /home/user/.fetchmail.log
set no bouncemail
poll pop.gmail.com proto POP3 auth password no dns user "MY_EMAIL" password "MY_PASSWORD" is user keep ssl

mda "/usr/bin/procmail -d %T"


I believe there must be a better way to do this, since if a hacker get access to my server, he can easily read the file and get my credentials.



I heard that in Linux systems there is PAM (Pluggable Authentication Modules) but I don't know if that is related to what I'm trying to do.










share|improve this question


























    up vote
    0
    down vote

    favorite
    1












    I have a file in my Linux system that's called ".fetchmailrc" and it's used to configure the email address that fetchmail will get the mails from. Hence, I have to type my password and email address in plain text.



    Here is how the .fetchmailrc file looks like:



    set daemon 1
    set logfile /home/user/.fetchmail.log
    set no bouncemail
    poll pop.gmail.com proto POP3 auth password no dns user "MY_EMAIL" password "MY_PASSWORD" is user keep ssl

    mda "/usr/bin/procmail -d %T"


    I believe there must be a better way to do this, since if a hacker get access to my server, he can easily read the file and get my credentials.



    I heard that in Linux systems there is PAM (Pluggable Authentication Modules) but I don't know if that is related to what I'm trying to do.










    share|improve this question
























      up vote
      0
      down vote

      favorite
      1









      up vote
      0
      down vote

      favorite
      1






      1





      I have a file in my Linux system that's called ".fetchmailrc" and it's used to configure the email address that fetchmail will get the mails from. Hence, I have to type my password and email address in plain text.



      Here is how the .fetchmailrc file looks like:



      set daemon 1
      set logfile /home/user/.fetchmail.log
      set no bouncemail
      poll pop.gmail.com proto POP3 auth password no dns user "MY_EMAIL" password "MY_PASSWORD" is user keep ssl

      mda "/usr/bin/procmail -d %T"


      I believe there must be a better way to do this, since if a hacker get access to my server, he can easily read the file and get my credentials.



      I heard that in Linux systems there is PAM (Pluggable Authentication Modules) but I don't know if that is related to what I'm trying to do.










      share|improve this question













      I have a file in my Linux system that's called ".fetchmailrc" and it's used to configure the email address that fetchmail will get the mails from. Hence, I have to type my password and email address in plain text.



      Here is how the .fetchmailrc file looks like:



      set daemon 1
      set logfile /home/user/.fetchmail.log
      set no bouncemail
      poll pop.gmail.com proto POP3 auth password no dns user "MY_EMAIL" password "MY_PASSWORD" is user keep ssl

      mda "/usr/bin/procmail -d %T"


      I believe there must be a better way to do this, since if a hacker get access to my server, he can easily read the file and get my credentials.



      I heard that in Linux systems there is PAM (Pluggable Authentication Modules) but I don't know if that is related to what I'm trying to do.







      linux credentials






      share|improve this question













      share|improve this question











      share|improve this question




      share|improve this question










      asked Dec 5 at 2:38









      William Tang

      114




      114






















          2 Answers
          2






          active

          oldest

          votes

















          up vote
          2
          down vote



          accepted










          No matter how you store your passwords, when running a program that doesn't prompt for your passwords, the program has to decrypt the stored password with information available on the server. A "hacker" gaining access to your server can use all information stored on the server. So he can also decrypt the password in the same way the program decrypts it.



          If the scheme you use to encrypt and store your password is a bit more involved, it may take the "hacker" a bit longer.



          So there's no way to do what you want: No matter how you store your password, you can't make it "hacker safe". The hacker just has to do whatever the program does (or maybe even just execute the program, and sniff the network traffic).



          PAM modules have nothing to do with that. They are not for storing passwords, but provide ways to configure authentication methods for existing Linux services. A program wishing to use PAM has to be written for it.






          share|improve this answer




























            up vote
            1
            down vote













            Use the Kernel Key Retention Service



            If you're worried about someone getting repeated root access to your system, then there's virtually nothing you can do after that. (But that's a nightmare, follow best practices & keep good backups).



            However, if everything's still secure, then you could do much better than leaving a password in a plain text file (anyone finding your running or shutdown system drive can read it). Do things like:




            • Encrypt your home, so the text file (in $HOME) is encrypted at least when you're not logged in.

            • Encrypt your entire drive, similar to above.

            • Don't keep the password in a file, only type it in yourself when needed

            • If you have to store typed passwords, type them at login then put them:


              • in a variable (in ram, though they could land in swap)

              • in the kernel's key retention service (keyring in ram, more safely). See https://www.kernel.org/doc/Documentation/security/keys.txt and man keyctl, man keyrings, perhaps some practical examples & notes from Anthony Thyssen








            share|improve this answer























            • getting fetchmail to use the kernel keyring might be a bit of work, though.
              – dirkt
              Dec 5 at 12:15










            • It should accept a password some other way than as a command line argument (those are visible to everyone through ps). Accepting through a pipe / stdin is very common.
              – Xen2050
              Dec 5 at 12:20













            Your Answer








            StackExchange.ready(function() {
            var channelOptions = {
            tags: "".split(" "),
            id: "3"
            };
            initTagRenderer("".split(" "), "".split(" "), channelOptions);

            StackExchange.using("externalEditor", function() {
            // Have to fire editor after snippets, if snippets enabled
            if (StackExchange.settings.snippets.snippetsEnabled) {
            StackExchange.using("snippets", function() {
            createEditor();
            });
            }
            else {
            createEditor();
            }
            });

            function createEditor() {
            StackExchange.prepareEditor({
            heartbeatType: 'answer',
            convertImagesToLinks: true,
            noModals: true,
            showLowRepImageUploadWarning: true,
            reputationToPostImages: 10,
            bindNavPrevention: true,
            postfix: "",
            imageUploader: {
            brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
            contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
            allowUrls: true
            },
            onDemand: true,
            discardSelector: ".discard-answer"
            ,immediatelyShowMarkdownHelp:true
            });


            }
            });














            draft saved

            draft discarded


















            StackExchange.ready(
            function () {
            StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1380879%2fhow-to-securely-store-passwords-in-a-configuration-file-on-linux%23new-answer', 'question_page');
            }
            );

            Post as a guest















            Required, but never shown

























            2 Answers
            2






            active

            oldest

            votes








            2 Answers
            2






            active

            oldest

            votes









            active

            oldest

            votes






            active

            oldest

            votes








            up vote
            2
            down vote



            accepted










            No matter how you store your passwords, when running a program that doesn't prompt for your passwords, the program has to decrypt the stored password with information available on the server. A "hacker" gaining access to your server can use all information stored on the server. So he can also decrypt the password in the same way the program decrypts it.



            If the scheme you use to encrypt and store your password is a bit more involved, it may take the "hacker" a bit longer.



            So there's no way to do what you want: No matter how you store your password, you can't make it "hacker safe". The hacker just has to do whatever the program does (or maybe even just execute the program, and sniff the network traffic).



            PAM modules have nothing to do with that. They are not for storing passwords, but provide ways to configure authentication methods for existing Linux services. A program wishing to use PAM has to be written for it.






            share|improve this answer

























              up vote
              2
              down vote



              accepted










              No matter how you store your passwords, when running a program that doesn't prompt for your passwords, the program has to decrypt the stored password with information available on the server. A "hacker" gaining access to your server can use all information stored on the server. So he can also decrypt the password in the same way the program decrypts it.



              If the scheme you use to encrypt and store your password is a bit more involved, it may take the "hacker" a bit longer.



              So there's no way to do what you want: No matter how you store your password, you can't make it "hacker safe". The hacker just has to do whatever the program does (or maybe even just execute the program, and sniff the network traffic).



              PAM modules have nothing to do with that. They are not for storing passwords, but provide ways to configure authentication methods for existing Linux services. A program wishing to use PAM has to be written for it.






              share|improve this answer























                up vote
                2
                down vote



                accepted







                up vote
                2
                down vote



                accepted






                No matter how you store your passwords, when running a program that doesn't prompt for your passwords, the program has to decrypt the stored password with information available on the server. A "hacker" gaining access to your server can use all information stored on the server. So he can also decrypt the password in the same way the program decrypts it.



                If the scheme you use to encrypt and store your password is a bit more involved, it may take the "hacker" a bit longer.



                So there's no way to do what you want: No matter how you store your password, you can't make it "hacker safe". The hacker just has to do whatever the program does (or maybe even just execute the program, and sniff the network traffic).



                PAM modules have nothing to do with that. They are not for storing passwords, but provide ways to configure authentication methods for existing Linux services. A program wishing to use PAM has to be written for it.






                share|improve this answer












                No matter how you store your passwords, when running a program that doesn't prompt for your passwords, the program has to decrypt the stored password with information available on the server. A "hacker" gaining access to your server can use all information stored on the server. So he can also decrypt the password in the same way the program decrypts it.



                If the scheme you use to encrypt and store your password is a bit more involved, it may take the "hacker" a bit longer.



                So there's no way to do what you want: No matter how you store your password, you can't make it "hacker safe". The hacker just has to do whatever the program does (or maybe even just execute the program, and sniff the network traffic).



                PAM modules have nothing to do with that. They are not for storing passwords, but provide ways to configure authentication methods for existing Linux services. A program wishing to use PAM has to be written for it.







                share|improve this answer












                share|improve this answer



                share|improve this answer










                answered Dec 5 at 7:11









                dirkt

                8,94231121




                8,94231121
























                    up vote
                    1
                    down vote













                    Use the Kernel Key Retention Service



                    If you're worried about someone getting repeated root access to your system, then there's virtually nothing you can do after that. (But that's a nightmare, follow best practices & keep good backups).



                    However, if everything's still secure, then you could do much better than leaving a password in a plain text file (anyone finding your running or shutdown system drive can read it). Do things like:




                    • Encrypt your home, so the text file (in $HOME) is encrypted at least when you're not logged in.

                    • Encrypt your entire drive, similar to above.

                    • Don't keep the password in a file, only type it in yourself when needed

                    • If you have to store typed passwords, type them at login then put them:


                      • in a variable (in ram, though they could land in swap)

                      • in the kernel's key retention service (keyring in ram, more safely). See https://www.kernel.org/doc/Documentation/security/keys.txt and man keyctl, man keyrings, perhaps some practical examples & notes from Anthony Thyssen








                    share|improve this answer























                    • getting fetchmail to use the kernel keyring might be a bit of work, though.
                      – dirkt
                      Dec 5 at 12:15










                    • It should accept a password some other way than as a command line argument (those are visible to everyone through ps). Accepting through a pipe / stdin is very common.
                      – Xen2050
                      Dec 5 at 12:20

















                    up vote
                    1
                    down vote













                    Use the Kernel Key Retention Service



                    If you're worried about someone getting repeated root access to your system, then there's virtually nothing you can do after that. (But that's a nightmare, follow best practices & keep good backups).



                    However, if everything's still secure, then you could do much better than leaving a password in a plain text file (anyone finding your running or shutdown system drive can read it). Do things like:




                    • Encrypt your home, so the text file (in $HOME) is encrypted at least when you're not logged in.

                    • Encrypt your entire drive, similar to above.

                    • Don't keep the password in a file, only type it in yourself when needed

                    • If you have to store typed passwords, type them at login then put them:


                      • in a variable (in ram, though they could land in swap)

                      • in the kernel's key retention service (keyring in ram, more safely). See https://www.kernel.org/doc/Documentation/security/keys.txt and man keyctl, man keyrings, perhaps some practical examples & notes from Anthony Thyssen








                    share|improve this answer























                    • getting fetchmail to use the kernel keyring might be a bit of work, though.
                      – dirkt
                      Dec 5 at 12:15










                    • It should accept a password some other way than as a command line argument (those are visible to everyone through ps). Accepting through a pipe / stdin is very common.
                      – Xen2050
                      Dec 5 at 12:20















                    up vote
                    1
                    down vote










                    up vote
                    1
                    down vote









                    Use the Kernel Key Retention Service



                    If you're worried about someone getting repeated root access to your system, then there's virtually nothing you can do after that. (But that's a nightmare, follow best practices & keep good backups).



                    However, if everything's still secure, then you could do much better than leaving a password in a plain text file (anyone finding your running or shutdown system drive can read it). Do things like:




                    • Encrypt your home, so the text file (in $HOME) is encrypted at least when you're not logged in.

                    • Encrypt your entire drive, similar to above.

                    • Don't keep the password in a file, only type it in yourself when needed

                    • If you have to store typed passwords, type them at login then put them:


                      • in a variable (in ram, though they could land in swap)

                      • in the kernel's key retention service (keyring in ram, more safely). See https://www.kernel.org/doc/Documentation/security/keys.txt and man keyctl, man keyrings, perhaps some practical examples & notes from Anthony Thyssen








                    share|improve this answer














                    Use the Kernel Key Retention Service



                    If you're worried about someone getting repeated root access to your system, then there's virtually nothing you can do after that. (But that's a nightmare, follow best practices & keep good backups).



                    However, if everything's still secure, then you could do much better than leaving a password in a plain text file (anyone finding your running or shutdown system drive can read it). Do things like:




                    • Encrypt your home, so the text file (in $HOME) is encrypted at least when you're not logged in.

                    • Encrypt your entire drive, similar to above.

                    • Don't keep the password in a file, only type it in yourself when needed

                    • If you have to store typed passwords, type them at login then put them:


                      • in a variable (in ram, though they could land in swap)

                      • in the kernel's key retention service (keyring in ram, more safely). See https://www.kernel.org/doc/Documentation/security/keys.txt and man keyctl, man keyrings, perhaps some practical examples & notes from Anthony Thyssen









                    share|improve this answer














                    share|improve this answer



                    share|improve this answer








                    edited Dec 5 at 11:48

























                    answered Dec 5 at 11:43









                    Xen2050

                    9,86931536




                    9,86931536












                    • getting fetchmail to use the kernel keyring might be a bit of work, though.
                      – dirkt
                      Dec 5 at 12:15










                    • It should accept a password some other way than as a command line argument (those are visible to everyone through ps). Accepting through a pipe / stdin is very common.
                      – Xen2050
                      Dec 5 at 12:20




















                    • getting fetchmail to use the kernel keyring might be a bit of work, though.
                      – dirkt
                      Dec 5 at 12:15










                    • It should accept a password some other way than as a command line argument (those are visible to everyone through ps). Accepting through a pipe / stdin is very common.
                      – Xen2050
                      Dec 5 at 12:20


















                    getting fetchmail to use the kernel keyring might be a bit of work, though.
                    – dirkt
                    Dec 5 at 12:15




                    getting fetchmail to use the kernel keyring might be a bit of work, though.
                    – dirkt
                    Dec 5 at 12:15












                    It should accept a password some other way than as a command line argument (those are visible to everyone through ps). Accepting through a pipe / stdin is very common.
                    – Xen2050
                    Dec 5 at 12:20






                    It should accept a password some other way than as a command line argument (those are visible to everyone through ps). Accepting through a pipe / stdin is very common.
                    – Xen2050
                    Dec 5 at 12:20




















                    draft saved

                    draft discarded




















































                    Thanks for contributing an answer to Super User!


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.





                    Some of your past answers have not been well-received, and you're in danger of being blocked from answering.


                    Please pay close attention to the following guidance:


                    • Please be sure to answer the question. Provide details and share your research!

                    But avoid



                    • Asking for help, clarification, or responding to other answers.

                    • Making statements based on opinion; back them up with references or personal experience.


                    To learn more, see our tips on writing great answers.




                    draft saved


                    draft discarded














                    StackExchange.ready(
                    function () {
                    StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fsuperuser.com%2fquestions%2f1380879%2fhow-to-securely-store-passwords-in-a-configuration-file-on-linux%23new-answer', 'question_page');
                    }
                    );

                    Post as a guest















                    Required, but never shown





















































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown

































                    Required, but never shown














                    Required, but never shown












                    Required, but never shown







                    Required, but never shown







                    Popular posts from this blog

                    Probability when a professor distributes a quiz and homework assignment to a class of n students.

                    Aardman Animations

                    Are they similar matrix