From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RhlP2-0005Ek-NM for garchives@archives.gentoo.org; Mon, 02 Jan 2012 17:10:28 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 74E2821C220; Mon, 2 Jan 2012 17:09:35 +0000 (UTC) Received: from mail.digimed.co.uk (82-69-83-178.dsl.in-addr.zen.co.uk [82.69.83.178]) by pigeon.gentoo.org (Postfix) with ESMTP id BA6B021C33B for ; Mon, 2 Jan 2012 17:06:50 +0000 (UTC) Received: from hactar.digimed.co.uk (hactar.digimed.co.uk [192.168.1.3]) by mail.digimed.co.uk (Postfix) with ESMTPSA id 9737C8000A for ; Mon, 2 Jan 2012 17:06:48 +0000 (GMT) Date: Mon, 2 Jan 2012 17:06:48 +0000 From: Neil Bothwick To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] crypt my home repository Message-ID: <20120102170648.13824f89@hactar.digimed.co.uk> In-Reply-To: <4F01BE82.1010601@binarywings.net> References: <201201020907.55698.stephane@22decembre.eu> <4F01A4F8.50209@binarywings.net> <20120102125803.686b65eb@digimed.co.uk> <201201021412.31844.stephane@22decembre.eu> <20120102132931.36bbfd6f@digimed.co.uk> <4F01BE82.1010601@binarywings.net> Organization: Digital Media Production X-Mailer: Claws Mail 3.8.0cvs8 (GTK+ 2.24.8; x86_64-pc-linux-gnu) X-GPG-Fingerprint: 7260 0F33 97EC 2F1E 7667 FE37 BA6E 1A97 4375 1903 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org Mime-Version: 1.0 Content-Type: multipart/signed; micalg=PGP-SHA1; boundary="Sig_/+I/pYezFb9DXQ2Xxa01k=eS"; protocol="application/pgp-signature" X-Archives-Salt: 8604924a-a472-4b8d-84be-ecce01713394 X-Archives-Hash: f3e52700f988a6bbe916a1d094d459a5 --Sig_/+I/pYezFb9DXQ2Xxa01k=eS Content-Type: text/plain; charset=US-ASCII Content-Transfer-Encoding: quoted-printable On Mon, 02 Jan 2012 15:26:10 +0100, Florian Philipp wrote: > > In that case, you probably want to use encfs to encrypt each home > > directory separately. dmcrypt works on block devices, so a single home > > partition would have a single password. > dmcrypt supports multiple simultaneous passwords (I think 4 or something > like that). Of course, then every user can unlock every home directory Which is why I recommended ecryptfs (I've only just noticed that the previous posts mentioned encfs, that's a FUSE filesystem that is unnecessary now the kernel have ecryptfs included). It's not the multiple passwords, it's separately locking each user's data. --=20 Neil Bothwick Guillotine operator wanted. Chance to get ahead. --Sig_/+I/pYezFb9DXQ2Xxa01k=eS Content-Type: application/pgp-signature; name=signature.asc Content-Disposition: attachment; filename=signature.asc -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.18 (GNU/Linux) iEYEARECAAYFAk8B5CgACgkQum4al0N1GQPO/ACgoSIrgEnG/3z7M7FSkHimUxY5 sxoAoJJn+1MsqYtlxiGSQwNQEfwpY3i4 =sj1d -----END PGP SIGNATURE----- --Sig_/+I/pYezFb9DXQ2Xxa01k=eS--