a zfs thank you :)
- Reply: Jan Bramkamp : "Re: a zfs thank you :)"
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Wed, 31 Jul 2024 15:02:52 UTC
Hi,
I was pleasantly surprised when I installed a new [1] zfs-on-root -current
to rpi4 that when adduser was invoked, I was given the option to encrypt
the homedir. This is a great feature for my context [2].
It doesn't automount on boot but I think this is more of a feature
rather than a bug. One can have a different password to the GELI one used
to boot up the whole system.
I have not tested yet whether one can have the user, once logged in, mount
their homedir with doas(1). Right now, I mount the homedir like so:
zfs load-key -a (prompts for password)
zfs mount -a
as root.
I could I guess make a doas line for the user for zfs load-key -r zfsfile/system.
Can anyone suggest any better ideas please?
[1] n271321-9ae91f59c500
[2] machine and disk are not in a "secure" area. My concern is for data-at-rest.
homedirs will have things like cached passwords user creds etc and it's to prevent
someone just walking off with the disk and grabbing user creds for example.
--