From owner-freebsd-questions@FreeBSD.ORG  Wed Mar 22 09:14:37 2006
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
X-Original-To: freebsd-questions@freebsd.org
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id A527916A400
	for <freebsd-questions@freebsd.org>;
	Wed, 22 Mar 2006 09:14:37 +0000 (UTC)
	(envelope-from norgaard@locolomo.org)
Received: from strange.daemonsecurity.com
	(59.Red-81-33-11.staticIP.rima-tde.net [81.33.11.59])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 1936543D62
	for <freebsd-questions@freebsd.org>;
	Wed, 22 Mar 2006 09:14:35 +0000 (GMT)
	(envelope-from norgaard@locolomo.org)
Received: from [172.24.8.84] (generic.atosorigin.es [212.170.156.200])
	by strange.daemonsecurity.com (Postfix) with ESMTP id 2BE9D2E041;
	Wed, 22 Mar 2006 10:14:41 +0100 (CET)
Message-ID: <44211578.8050600@locolomo.org>
Date: Wed, 22 Mar 2006 10:14:32 +0100
From: Erik Norgaard <norgaard@locolomo.org>
User-Agent: Thunderbird 1.5 (X11/20060118)
MIME-Version: 1.0
To: Kenyon Ralph <kralph@gmail.com>
References: <44210DFC.6000308@locolomo.org>
	<13d4d6bb0603220051x49fdb302v32bc501a81cb9a99@mail.gmail.com>
In-Reply-To: <13d4d6bb0603220051x49fdb302v32bc501a81cb9a99@mail.gmail.com>
Content-Type: text/plain; charset=UTF-8; format=flowed
Content-Transfer-Encoding: 7bit
Cc: freebsd-questions@freebsd.org
Subject: Re: encrypted drives
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Wed, 22 Mar 2006 09:14:37 -0000

Kenyon Ralph wrote:
> On 3/22/06, Erik Norgaard <norgaard@locolomo.org> wrote:
>> 2) One thing is to create an entire encrypted device for /home. But that
>> have the unfortunate consequence that other user's data is unencrypted
>> once the system is up.
>>
>> What would be more appropriate is a solution where each home-dir is an
>> encrypted mfs which is decrypted and mounted when the user log in, is
>> this possible?
> 
> I think this is exactly what Mac OS X does with its FileVault feature.

I was just reading this column by Kelly Martin

   http://www.securityfocus.com/columnists/393

when I wrote this, but the FreeBSD solution may not be so simple as the 
OSX. Now, the FileVault according to the article encrypts the entire 
home partition which is fine for single user laptops, but on multiuser 
systems, each home directory should be distinct encrypted partitions in 
order not to disclose data to other users.

In this case, you would also like the ability to dynamically grow the 
filesystem when more space is needed, unless ofcourse you simply say, 
that's the hard quota limit.

Cheers, Erik

-- 
Ph: +34.666334818                                  web: www.locolomo.org
S/MIME Certificate: www.daemonsecurity.com/ca/8D03551FFCE04F06.crt
Subject ID:  9E:AA:18:E6:94:7A:91:44:0A:E4:DD:87:73:7F:4E:82:E7:08:9C:72
Fingerprint: 5B:D5:1E:3E:47:E7:EC:1C:4C:C8:3A:19:CC:AE:14:F5:DF:18:0F:B9