On 10/25/2010 04:40 PM, nodata wrote: >> Wouldn't they be restricted based on the contents of the encrypted volume? > > Yes. Once the volume is mounted it will be treated with normal UNIX > permissions. So you would have to create a sub-directory on the volume > where the permissions were strict and create files under that. > > My point is that if the disk is encrypted, and the user knows the > passphrase to access files on the device, then it doesn't make sense to > let everyone else see what's on the device as well: it only make sense > to decrypt the device to the user who knows the passphrase. > > There's an argument that other people will want to see what's on the > device too. That's fine: the user can opt-in to that. But secure by > default should be what we're aiming at. I encrypt /home... So for my use case it doesn't make much sense. I guess I can see the case where you have some random storage that is encrypted, however I'm not sure how common this is, and file permissions keeps them at bay once mounted anyway. I guess if they could get root, once you decrypt they have access, but if they have root... you've got other problems. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
