Date: Fri, 24 Mar 2006 09:45:07 +0100 From: Erik Norgaard <norgaard@locolomo.org> To: Igor Robul <igorr@speechpro.com> Cc: freebsd-questions@freebsd.org Subject: Re: encrypted drives Message-ID: <4423B193.5080804@locolomo.org> In-Reply-To: <20060324083919.GE26401@sysadm.stc> References: <44210DFC.6000308@locolomo.org> <13d4d6bb0603220051x49fdb302v32bc501a81cb9a99@mail.gmail.com> <44211578.8050600@locolomo.org> <20060324083919.GE26401@sysadm.stc>
next in thread | previous in thread | raw e-mail | index | archive | help
Igor Robul wrote: > On Wed, Mar 22, 2006 at 10:14:32AM +0100, Erik Norgaard wrote: >> home partition which is fine for single user laptops, but on multiuser >> systems, each home directory should be distinct encrypted partitions in >> order not to disclose data to other users. > Maybe I'm wrong, but what happened with file system permissions? :-) > > You can encrypt /home and then set 0700 permissions on user home > directories. It is not that file permissions doesn't work but having data that is not yours unencrypted lowers the barrier for trespassing. Evil admins - even if only temporarily evil - can access data they shouldn't. On any system I share I would prefer to know that when I'm not there not even the sysadmin can access them. And I believe that anyone would prefer that. Cheers, Erik -- Ph: +34.666334818 web: www.locolomo.org S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt Subject ID: 9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72 Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4423B193.5080804>