Mounting an encrypted volume presents the volume to all users on a machine
Eric Sandeen
sandeen at redhat.com
Tue Oct 26 02:19:02 UTC 2010
nodata wrote:
> Hi,
>
> I'm concerned about the default behaviour of mounting encrypted volumes.
>
> The default behaviour is that a user must know and supply a passphrase
> in order to mount an encrypted volume. This is good: know the
> passphrase, you get to mount the volume.
>
> What I am concerned about is that the volume is mounted for _every_ user
> on the system to see.
>
> I've filed a bug about this, and it got closed:
> https://bugzilla.redhat.com/show_bug.cgi?id=646085
>
> I'm quite in favour of secure by default. In the worst case, the
> mountpoint would have permissions set to read access to all if you tick
> a box.
>
> Thoughts?
>
If you want something closer to per-file encryption, try out ecryptfs.
http://ecryptfs.sourceforge.net/ecryptfs-faq.html#compare
-Eric
More information about the devel
mailing list