10.3: Use FileVault to protect just one folder
Jan 12, '04 09:39:00AM
Contributed by: Anonymous
One of the new features in Panther (OS X 10.3.X) is FileVault. When FileVault is enabled for a user account, that user's home directory is encrypted. It is unlocked when the user logs on. There have been several discussions on the web about the utility, problems and work arounds for FileVault. Here's my contribution.
I wanted to use file encryption to create a FileVault secured folder, but I did not want to encrypt my entire home directory. After some reading and fiddling, here's my solution.
Instructions:
- Create a new user (I used "Secure" with a short name of "Secure"). I gave it the same password as my normal login account (the account where I want the secure "folder" to reside.). This is probably unnecessary, since I believe the final "folder" uses the global FileVault password for access.
- Logout of the account you are in (actually log out of all accounts) and log into to the new account.
- Under System Preferences -> Accounts, select the Security tab, provide a global FileVault password (I use my login password) and enable FileVault on the new "Secure" account. Since this is a new account, the encryption will be almost instantaneous.
- Log out of the "Secure" account and back into your normal (has admin privileges) account. Now go to System Preferences -> Accounts and delete the "Secure" account. You will be given a choice to delete the account immediately (new and nice feature under 10.3) or to move all of the user's files into a folder called Deleted Users. Select the option to keep the user files. This will create a disk image in the /Users/Deleted Users folder called "Secure.sparseimage." This is a drive image file and it is protected by FileVault. If you try and open it you will get a challenge dialog box. Entering the global FileVault password will mount the drive image.
- Now, change file permissions on the mounted image and enclosed folders/files to allow your account to be owner and have R/W access and no access to any other users or groups. I also choose to hide the file extension.
- Now delete any (all) folder inside the image (I left the Documents folder but there's no reason to do so).
- Unmount the image and drag it from the /Users/Deleted Users folder into your home directory. Now, you should have a drive image called "Secure" (if you named it as I did and removed the file extension) in your home directory.
- Mount the image (double-click on it). You should be challenged for the FileVault password. Once you authenticate, the "Secure" volume will decrypt and mount.
- Copy any files or folders you want to secure into the mounted drive image. When you unmount, the contents of the drive image will be encrypted.
Now you have a secure "folder" in which to place protected documents and files courtesy of Panther and FileVault.
[robg adds: I haven't tested this one, but the logic makes sense :).]
Comments (18)
Mac OS X Hints
http://hints.macworld.com/article.php?story=20031218190202169