Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!

Securely mount FileVault images without logging in System
While I have seen much discussion about FileVault and its disk images on the internet and here on macosxhints, I was left underwhelmed by everything I saw. It is not too hard to mount a FileVault disk image, but all of the hints I saw exhibited two problems:
  • The disk image was displayed as a device in the Finder for everyone logged into that computer.
  • The disk was writable by anyone logged into the computer.
So while you had given yourself access to the disk image without logging in, you had inadvertently given everyone else access too -- including people able to log in remotely. Having set about to discover a suitable solution, and one to almost mirror the way FileVault does it, I propose the following:
hdiutil attach /Users/username.sparseimage -stdinpass -owners on \
-mountpoint /Users/username -nobrowse
The -owners on parameter means permissions on the disk image will be respected, and only the user with access to that disk image will be able to access its contents. The -nobrowse parameter means the image is not recognised by Mac OS X as a device, and is therefore not mounted in the Finder for everyone logged in. It is still usable for anyone who has the necessary permissions to view its contents.

[robg adds: I haven't tested this one.]
    •    
  • Currently 3.00 / 5
  • 1
  • 2
  • 3
  • 4
  • 5
  (2 votes cast)
 
[12,800 views]  

Securely mount FileVault images without logging in | 2 comments | Create New Account
Click here to return to the 'Securely mount FileVault images without logging in' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
Securely mount FileVault images without logging in
Authored by: bradhenry on Jan 01, '06 02:49:51PM

Tested on Panther -

Instead of "/Users/username.sparseimage" you'll need "/Users/username/username.sparseimage"

The -stdinpass will allow you to type in the password in the terminal, but you need to put a null character (control-@) after the password, then newline, then control-d
(the password will not be masked). You can leave off the -stdinpass to get a GUI panel to enter the password (with option to save in keychain).

I don't know how to properly unmount it, after mounting the disk image on a test mount point, I seem to have horqued something when I tried to unmount it. I cannot mount it again, I get this error (with -verbose flag):

...
Attaching...
Finishing...
DIHLDiskImageAttach() returned 35
<CFDictionary 0x327ba0 [0xa3b480e0]>{type = immutable, count = 0, capacity = 0, pairs = (
)}
hdiutil: attach failed - Resource temporarily unavailable

But I have no idea what I am doing, so user error/ignorance is probably the cause.



[ Reply to This | # ]
Securely mount FileVault images without logging in
Authored by: bradhenry on Jan 01, '06 02:52:30PM

Hardcore horqued, cause I can't login to that user anymore. I assume a reboot will fix. But be careful when doing this.



[ Reply to This | # ]