From owner-freebsd-questions@FreeBSD.ORG  Wed Mar 22 12:56:27 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 37B2716A400
	for <freebsd-questions@freebsd.org>;
	Wed, 22 Mar 2006 12:56:27 +0000 (UTC)
	(envelope-from freebsd@meijome.net)
Received: from sigma.octantis.com.au (ns2.octantis.com.au [207.44.189.124])
	by mx1.FreeBSD.org (Postfix) with ESMTP id AB36443D49
	for <freebsd-questions@freebsd.org>;
	Wed, 22 Mar 2006 12:56:26 +0000 (GMT)
	(envelope-from freebsd@meijome.net)
Received: (qmail 5505 invoked from network); 22 Mar 2006 23:56:26 +1100
Received: from 203-217-91-227.dyn.iinet.net.au (HELO localhost)
	(203.217.91.227)
	by flutterbyedesigns.com with (DHE-RSA-AES256-SHA encrypted) SMTP;
	22 Mar 2006 23:56:25 +1100
Date: Wed, 22 Mar 2006 23:56:22 +1100
From: Norberto Meijome <freebsd@meijome.net>
To: Erik Norgaard <norgaard@locolomo.org>
Message-ID: <20060322235622.70875566@localhost>
In-Reply-To: <442124F2.3080500@locolomo.org>
References: <44210DFC.6000308@locolomo.org>
	<442124F2.3080500@locolomo.org>
X-Mailer: Sylpheed-Claws 2.0.0 (GTK+ 2.8.16; i386-portbld-freebsd6.1)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: encrypted drives
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Mar 2006 12:56:27 -0000

On Wed, 22 Mar 2006 11:20:34 +0100
Erik Norgaard <norgaard@locolomo.org> wrote:

> Using geli appears to be the same as for gbde.

Using geli here (FreeBSD 6.1-PRERELEASE #0). since this is my
(work) laptop, the only (allowed) user is me - I simply use sudo as
needed (IOW, yes, mdconfig , geli and mount require root access)

You could create wrappers for each user with the sudo option NOPASSWORD
so the users can create / mount their devices without entering their
password ( "user-friendliness" ). Or setuid the bins...(without
much time to think about it, i prefer sudo...)

How to mount the user's homedir would require some changes to how the
login process works, i guess (i.e., know that the homedir's contents
are encrypted, then  mount the disk...)...

B