encrypted drives

Erik Norgaard norgaard at locolomo.org
Wed Mar 22 09:14:37 UTC 2006

Kenyon Ralph wrote:
> On 3/22/06, Erik Norgaard <norgaard at locolomo.org> wrote:
>> 2) One thing is to create an entire encrypted device for /home. But that
>> have the unfortunate consequence that other user's data is unencrypted
>> once the system is up.
>> What would be more appropriate is a solution where each home-dir is an
>> encrypted mfs which is decrypted and mounted when the user log in, is
>> this possible?
> I think this is exactly what Mac OS X does with its FileVault feature.

I was just reading this column by Kelly Martin


when I wrote this, but the FreeBSD solution may not be so simple as the 
OSX. Now, the FileVault according to the article encrypts the entire 
home partition which is fine for single user laptops, but on multiuser 
systems, each home directory should be distinct encrypted partitions in 
order not to disclose data to other users.

In this case, you would also like the ability to dynamically grow the 
filesystem when more space is needed, unless ofcourse you simply say, 
that's the hard quota limit.

Cheers, Erik

Ph: +34.666334818                                  web: www.locolomo.org
S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt
Subject ID:  9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72
Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9

More information about the freebsd-questions mailing list