10.3: Avoid FileVault use on shared access accounts
Nov 13, '03 09:10:03AM • Contributed by: magenta
After doing some exploration
of the way that FileVault is implemented in Panther, I have found that as it currently stands, it is fundamentally incompatible with account-level file sharing. Although a previous hint
shows how to re-enable file sharing for an account which is logged in (while also making the files world-readable, somewhat defeating the point to FileVault to begin with), as of OS X 10.3.0, as soon as an account logs out, its FileVault area is unmounted, meaning that the files are now inaccessible. Additionally, the way FileVault is implemented means you cannot remotely log in (via ssh
) to a FileVault account which isn't currently logged in on the console.
So, exercise caution before enabling FileVault on an account on a file server, because it might secure your files much more tightly than you expect. Hopefully these issues will be addressed in a future version of Panther.