Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

10.3: Use FileVault to protect just one folder System
One of the new features in Panther (OS X 10.3.X) is FileVault. When FileVault is enabled for a user account, that user's home directory is encrypted. It is unlocked when the user logs on. There have been several discussions on the web about the utility, problems and work arounds for FileVault. Here's my contribution.

I wanted to use file encryption to create a FileVault secured folder, but I did not want to encrypt my entire home directory. After some reading and fiddling, here's my solution.

  1. Create a new user (I used "Secure" with a short name of "Secure"). I gave it the same password as my normal login account (the account where I want the secure "folder" to reside.). This is probably unnecessary, since I believe the final "folder" uses the global FileVault password for access.

  2. Logout of the account you are in (actually log out of all accounts) and log into to the new account.

  3. Under System Preferences -> Accounts, select the Security tab, provide a global FileVault password (I use my login password) and enable FileVault on the new "Secure" account. Since this is a new account, the encryption will be almost instantaneous.

  4. Log out of the "Secure" account and back into your normal (has admin privileges) account. Now go to System Preferences -> Accounts and delete the "Secure" account. You will be given a choice to delete the account immediately (new and nice feature under 10.3) or to move all of the user's files into a folder called Deleted Users. Select the option to keep the user files. This will create a disk image in the /Users/Deleted Users folder called "Secure.sparseimage." This is a drive image file and it is protected by FileVault. If you try and open it you will get a challenge dialog box. Entering the global FileVault password will mount the drive image.

  5. Now, change file permissions on the mounted image and enclosed folders/files to allow your account to be owner and have R/W access and no access to any other users or groups. I also choose to hide the file extension.

  6. Now delete any (all) folder inside the image (I left the Documents folder but there's no reason to do so).

  7. Unmount the image and drag it from the /Users/Deleted Users folder into your home directory. Now, you should have a drive image called "Secure" (if you named it as I did and removed the file extension) in your home directory.

  8. Mount the image (double-click on it). You should be challenged for the FileVault password. Once you authenticate, the "Secure" volume will decrypt and mount.

  9. Copy any files or folders you want to secure into the mounted drive image. When you unmount, the contents of the drive image will be encrypted.
Now you have a secure "folder" in which to place protected documents and files courtesy of Panther and FileVault.

[robg adds: I haven't tested this one, but the logic makes sense :).]
  • Currently 2.25 / 5
  You rated: 4 / 5 (8 votes cast)

10.3: Use FileVault to protect just one folder | 18 comments | Create New Account
Click here to return to the '10.3: Use FileVault to protect just one folder' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
10.3: Use FileVault to protect just one folder
Authored by: dgarcia42 on Jan 12, '04 10:48:59AM

Why not just create a sparse, encrypted disk image in Disk Utility? Same effect, less runaround...

(BTW, for the record, you can also directly mount filevault disks by going into the secure'd user's directory, double clicking on their 'file vault' file, and entering their user password : )

[ Reply to This | # ]
10.3: Use FileVault to protect just one folder
Authored by: adrianm on Jan 12, '04 02:10:24PM
Once you've got your sparse image, you might find this applescript handy for making it shrink...

tell application "Finder"
	set sl to selection
	if number of items in sl is not 1 then
		display dialog "Please select a single sparse image"
		set i to item 1 in sl as alias
		if kind of i is not "sparse disk image" then
			display dialog "Selection is not a sparse disk image"
		end if
		set the_url to URL of i
		set the_result to ""
		set before_size to size of i
			with timeout of 60 seconds
				set the_result to do shell script "/usr/bin/hdiutil compact " & the quoted form of the_url
			end timeout
			if length of the_result > 0 then
				display dialog "Compact completed with this message:" & return & the_result
				set one_kb to 1024
				set one_mb to 1024 * 1024
				set saving to before_size - (size of i)
				if saving = 0 then
					set saving_msg to "saving nothing"
				else if saving < one_mb then
					set saving_msg to "saving " & saving / one_kb & "kb"
					set saving_msg to "saving " & saving / one_mb & "mb"
				end if
				display dialog "Compact complete, " & saving_msg
			end if
		on error the error_message number the error_number
			display dialog "Compact failed with this message:" & return & error_message
		end try
	end if
end tell
I have this script on my script menu. I select the image, then run it.

[ Reply to This | # ]
10.3: Link to a folder inside an unmounted encrypted sparse image
Authored by: ajoakland on Jan 14, '04 12:43:07AM

will ask your for the password to mount it. I use iPhoto buddy to switch between the G-rated photo album, and the photo album password protected in the encrypted disk image. If the disk image isn't mounted, and I launch iPhoto Buddy, it attempts to mount the image and ask for the password. I can choose to not give the password and open any of the albums in regular directories.

[ Reply to This | # ]
10.3: Use FileVault to protect just one folder
Authored by: chabig on Jan 12, '04 10:57:28AM

I don't see why this isn't just a much more difficult way of creating an encrypted disk image. It would be a lot easier to just do it using Disk Utility.


[ Reply to This | # ]
10.3: Use FileVault to protect just one folder
Authored by: VEGx on Jan 12, '04 11:54:19AM

Yeah, well, you could do all that... but then again... why make things more difficult than what they are?

[ Reply to This | # ]
This tip is BAD
Authored by: Lectrick on Jan 12, '04 12:17:46PM

Mac OS X hints REALLY needs a rating system. This is an extremely poor way of just doing the following:

1) Open Disk Utility
2) Select Images > New > Blank Image...
3) pick a name, location, a starting size (it will expand though, being a sparseimage), AES-128 encryption, and format: Sparse Disk Image
4) voila!

In /dev/null, no one can hear you scream

[ Reply to This | # ]
This tip is BAD
Authored by: JohnnyMnemonic on Jan 12, '04 12:52:33PM
This is a pretty bad hint--encrypted disk images have been around since 10.2 at least.

What I was expecting was that it would auto-mount the protected folder on login with a password stored in one's keychain.

Although this hint didn't supply that, can you do that with a regular protected disk image?

[ Reply to This | # ]
This tip is BAD
Authored by: n.amadori on Jan 12, '04 07:43:52PM

Very simple: when you create the disk image make sure to check the box "store password in keychain". The drag'n drop the image (the file .sparseimage, not the virtual drive) in your Startup Items in the Account pane of the System Preferences.

The encripted image will mount automatically at every login.

[ Reply to This | # ]
Correction on sparseimage remark
Authored by: Lectrick on Jan 13, '04 12:02:42PM

The sparseimage size you pick is the MAXIMUM size it will expand to, not the size it starts out as. Sorry about the error...

In /dev/null, no one can hear you scream

[ Reply to This | # ]
Sparseimage may not work in every version of apples diskutility
Authored by: novalies on May 27, '04 09:20:36AM

I have tryed to create a sparse disk image with my version of the disk utility with Versionnumber: 10.4 (145) and OS X 10.3.2 and it is not possible! Small images dosnĀ“t grow and if you create a image with 700 MB it has the size of 700 MB on the Harddrive.
Maybe Apple has disabled this feature in DiskImage again or my version is to old. Now I try the Terminal command.

[ Reply to This | # ]
sparse images fragment
Authored by: djarsky on Jan 13, '04 10:03:10PM

One reason not to use sparse images is that they heavily fragment on your drive as they need to 'grow'. This isn't the case with Panther's file-vaulted home directories because when a user logs out the OS can automatically defragment and claim unused space in the file-vaulted image. I doubt this would happen if you follow this tip.

For a disk image that's constantly being written to, it's much better to create a large read/write image, than a growable sparse image. Sparse images are great for one time 'write', like backing up a whole bunch of files and burning the image.

[ Reply to This | # ]
sparse images fragment
Authored by: Bookman on Jun 05, '04 03:55:58AM

Is this true? Why wouldn't Mac OS X clean up the fragmented image once it was dismounted, like it will any other file?

I thought our days of worrying about file fragmentation and disk optimization were past.


[ Reply to This | # ]
sparse images fragment
Authored by: beeble on Jun 16, '04 10:36:56PM

defrag only works in Panther on files < 20MB in size. The idea is that a file of 20MB or less is probably going to fit into an available continuous block of space so the whole thing gets rewritten. Computers and drives are fast enough now that most people won't see the overhead from the extra work.

The problem with sparse images is that they are greater than 20MB so they don't get defragmented. As they expand, they create lots of little segments over the hard drive and end up very fragmented. They are designed for the purpose of dumping files in of an unknown total size, copying the image to some other drive or device and then deleting the image.

For almost any other circumstance, a regular image will serve you better.


[ Reply to This | # ]
Sparse image doesn't grow (?)
Authored by: dafdaf on Jan 12, '04 01:03:34PM

Creating a sparse disk image using Disk Utility, as suggested by several other posters didn't work for me. I've tried it using Panther (10.3.2) but the resulting disk image will never grow bigger than it's max size.
But what *does* work is to create a sparse disk image with a custom size of, say, 50GB. - It will just use a couple of MB's when initially created but will grow up to the size of 50GB (or whatever you entered at creation time).

[ Reply to This | # ]
Sparse image doesn't grow (?)
Authored by: QJB on Jan 12, '04 02:56:21PM

It is the other way around. You have to create a disk sparse image with a size of for example 10GB. This will be the maximum size, the image will start being only 40MB and grow when needed.

Good luck.

[ Reply to This | # ]
Bad? I don't think so...
Authored by: terceiro on Jan 12, '04 09:14:44PM

C'mon people. This hint isn't any worse than lots of other hints on this site, and most of them don't have such nastiness in the comments. The difference between those hints and this one is that the subject line leads us to believe we're going to read something exciting, something we're looking for -- and instead we get a convoluted work-around.

It's not a bad hint, it just didn't meet our expectations. What we really want is for Apple to build single-folder encryption into FileVault. Until then, this hint is at least valid.

[ Reply to This | # ]
Authored by: Gabhlan on Jan 13, '04 06:14:31AM

Assuming he didn't know about creating a .sparseimage in disk utility, you've got to admire his logic in figuring out how to do it via this means. The answer he found to his own question may not be the easiest or most direct, but at least he found a way of answering it. Don't assume everyone knows every feature in every application and utility.....


[ Reply to This | # ]
Authored by: Anidel on Jan 18, '04 08:58:37PM

The calm after the storm :)


[ Reply to This | # ]