On 10/26/2010 09:44 AM, Matthew Garrett wrote: > On Tue, Oct 26, 2010 at 12:28:55AM +0200, nodata wrote: > >> What I am concerned about is that the volume is mounted for _every_ user >> on the system to see. > Only if the permissions are set that way. chmod 0750 /whatever and it > won't be. > I think that the concern is correct and valid - using encrypted block devices with a mount time password is quite "weak" for system security in general, it is just the easiest way to provide basic crypto. Much better suited for laptops than servers where any root user would be able to peruse the mounted volume's contents. There are a host of other ways to do this though - ecryptfs (as Eric Sandeen mentioned) does finer grained crypto (even though we are not huge fans of how its design) and you can certainly encrypt files individually. Ric -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
