FreeBSD Mail Archives

Date:      Fri, 03 Apr 2015 15:45:30 +0300
From:      Lev Serebryakov <lev@FreeBSD.org>
To:        freebsd-security@freebsd.org
Subject:   =?UTF-8?B?RW5jcnlwdGVkIHVzZXIgaG9tZSBkaXJzIHdpdGggTkZTL1NNQi9sb2M=?= =?UTF-8?B?YWwgKHNzaCBhbmQgdHJ1ZSBsb2NhbCkgYWNjZXNzIHdpdGhvdXQgYWRkaXRpb24=?= =?UTF-8?B?YWwgcGFzc3dvcmRzIOKAlCBpcyBpdCBwb3NzaWJsZT8=?=
Message-ID:  <551E8B6A.5030203@FreeBSD.org>

next in thread | raw e-mail | index | archive | help

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512


 I want to encrypt home dirs on multiuser server.

 Some users use it with "ssh", other users mount home dirs to Windows
with samba (3.x, but I could migrate to 4.x) and never login with
ssh/locally, some home dirs are mounted to other FreeBSD system via NFS.

 So, overlay FS with per-file encryption is not a solution, as
SMB-only users could not call "mount" and enter password.

 full-disk encryption is not a solution too, as "root" could read all
files in such case, as here is no encryption at all.

 Is it possible at all?

- -- 
// Lev Serebryakov
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (MingW32)

iQJ8BAEBCgBmBQJVHotfXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w
ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXRGOTZEMUNBMEI1RjQzMThCNjc0QjMzMEFF
QUIwM0M1OEJGREM0NzhGAAoJEOqwPFi/3EePV9wP/0eEehQ9LlL/IyB3zFRrE5/T
VzMLCKDTxTj7yHWf0dr0ljrE1MMYHXCFKP/G71JZcOpqwF3lnl4P4Xl8hcqomVs5
UKlWDNwJyj8B+FviSJ8bJ8bY6CDB0NaVDIiMg4JQu+Biaap/ha7mq6XkDYCXNiS8
MqQnhRQz1rDGnTYeDDlN1LNKi6oWpi3c0Bdl9CWQQFWJd/duL2ezJZMvU1dtQZ7S
27JNYa0QqvmWurxi0wjOpR65armEMiA5a9sgGqe6Qx2qXOCni9N2S8gcmp51SwxT
clL75lfJQpMUvTUaDCETmznxvrRmRlEFhjhd7ZF7WNuU94bvg8pXzsuk3sndOW7q
thTxKMnFhIqIHAaghmj7NHabyLCgtJcYB2b8JboWTeoQjQBuq3Cq1/ncfjvlbwwL
PAEIrgrY23OV8okwD+MiMWDjtVc4ozyX9lHKU2B+zf1f8vKyjLnJ+qnSL4XZjmNw
80OzkyTu90sAAHRceWgZ5ICs2uPooS7fQsiaZ696hr5QsImGTTC3kyTLhqS/vDhz
plISUy8QnKUI8uI7w0UDnN5DSgWbXiJj6BzwJFmvryO0drjrNqBu4uaeP6aQEsZR
ar6TyDtMFaBc3HB0+qf5+N+jGlFW6pjmg7p4WGyRyuvqp/rDneKWtVM9Lo0Pzy94
+AML8GtBVXMF5tinVDW6
=b6oL
-----END PGP SIGNATURE-----

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?551E8B6A.5030203>

Header And Logo

Peripheral Links

Site Navigation

Header And Logo

Peripheral Links

Search

Site Navigation