Mounting encrypted ZFS datasets/GELI for users?
Eric McCorkle
eric at metricspace.net
Mon Oct 5 15:40:10 UTC 2020
On 10/5/20 11:12 AM, Alan Somers wrote:
> First of all, what kind of thread are you concerned with? Disk
> encryption does not protect against an attacker with access to a live
> machine; it only protects against an attacker with access to an off
> machine, or to the bare HDDs. Per-user encryption would presumably
> protect one user from another user who has physical access to the off
> server. Is that what you're worried about? If not, then you shouldn't
> bother with per-user encryption. Just encrypt all of /home or all of
> the pool with a single key.
>
> -Alan
I am evaluating options for domains where use of per-user encryption is
mandated, often as a means of protecting against insider threats.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 228 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-hackers/attachments/20201005/c9dbd916/attachment.sig>
More information about the freebsd-hackers
mailing list