From owner-freebsd-questions@FreeBSD.ORG  Fri Mar 24 08:45:11 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 7DC7D16A41F
	for <freebsd-questions@freebsd.org>;
	Fri, 24 Mar 2006 08:45:11 +0000 (UTC)
	(envelope-from norgaard@locolomo.org)
Received: from strange.daemonsecurity.com
	(59.Red-81-33-11.staticIP.rima-tde.net [81.33.11.59])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 079C843D46
	for <freebsd-questions@freebsd.org>;
	Fri, 24 Mar 2006 08:45:11 +0000 (GMT)
	(envelope-from norgaard@locolomo.org)
Received: from [172.24.8.84] (generic.atosorigin.es [212.170.156.200])
	by strange.daemonsecurity.com (Postfix) with ESMTP id E442C2E041;
	Fri, 24 Mar 2006 09:45:16 +0100 (CET)
Message-ID: <4423B193.5080804@locolomo.org>
Date: Fri, 24 Mar 2006 09:45:07 +0100
From: Erik Norgaard <norgaard@locolomo.org>
User-Agent: Thunderbird 1.5 (X11/20060118)
MIME-Version: 1.0
To: Igor Robul <igorr@speechpro.com>
References: <44210DFC.6000308@locolomo.org>	<13d4d6bb0603220051x49fdb302v32bc501a81cb9a99@mail.gmail.com>	<44211578.8050600@locolomo.org>
	<20060324083919.GE26401@sysadm.stc>
In-Reply-To: <20060324083919.GE26401@sysadm.stc>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: encrypted drives
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 24 Mar 2006 08:45:11 -0000

Igor Robul wrote:
> On Wed, Mar 22, 2006 at 10:14:32AM +0100, Erik Norgaard wrote:
>> home partition which is fine for single user laptops, but on multiuser 
>> systems, each home directory should be distinct encrypted partitions in 
>> order not to disclose data to other users.
> Maybe I'm wrong, but what happened with file system permissions? :-)
> 
> You can encrypt /home and then set 0700 permissions on user home
> directories.

It is not that file permissions doesn't work but having data that is not 
yours unencrypted lowers the barrier for trespassing. Evil admins - even 
if only temporarily evil - can access data they shouldn't.

On any system I share I would prefer to know that when I'm not there not 
even the sysadmin can access them. And I believe that anyone would 
prefer that.

Cheers, Erik

-- 
Ph: +34.666334818                                  web: www.locolomo.org
S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt
Subject ID:  9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72
Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9