Submit Hint Search The Forums LinksStatsPollsHeadlinesRSS
14,000 hints and counting!


Click here to return to the 're: encryption of home directories' hint
The following comments are owned by whoever posted them. This site is not responsible for what they say.
re: encryption of home directories
Authored by: lincd on Apr 02, '03 07:53:45PM

The mount point of the disk image is the user's home directory. That's all there is to it. When the image is mounted, the existing node in the filesystem is replaced by the root of the HFS partition on the image.

There's no point in using another account to mount the image. It's still a double login. My way, the user logs in to his own account and mounts the image himself if he so desires, or he can cancel out and use his unencrypted home directory. The second login is necessary in order for the Login Items to work properly. If there are no Login Items, the second login is not strictly necessary, but the Finder and Dock would have to be relaunched.

The whole point is to avoid unmounting the disk image when the user logs out, so he doesn't have to enter the passphrase again, and can log in remotely. There is no security to be gained by unmounting the image while the system is running. Any user who has sufficient privileges to read your files can do so even when not logged in locally. The benefit of encryption is that someone who bypasses file permissions by rebooting the machine or removing the hard drive can't read your files.



[ Reply to This | # ]
re: encryption of home directories
Authored by: geekguy on Apr 04, '03 03:30:53PM

Great concept, unfortunately it fails on the mount command for me. Is the mount command trying to mount the image at the current directory "." , which I assume is the home directory?

Here is the relevant part of the script:

hdid -nomount "/Users/Shared/Disk Images/${USER}.dmg" > DevFile || exit 0
Dev=`cat DevFile`; rm DevFile
mount -t hfs $Dev . || exit 1

I tried adding -a to the mount command, no luck. Any ideas?



[ Reply to This | # ]