On Tue, Oct 26, 2010 at 12:07:56 +0200, nodata <lsof@xxxxxxxxxxxx> wrote: > > Now imagine if you could read all of _my_ files and I could read all of > yours. That makes no sense. You _can_ configure that if you want, but by > default we go for security. Once upon a time that was the default for systems. > This is the same. You connect your encrypted hard disk to the system and > you can look at the files on it because you know the passphrase. That is muddy thinking. The OS needs the password, you can't directly look at the disk using the password in your head. The OS needs to manage access to the encrypted device. > The fix to make this work is a 750 mode on /media/VOLUME-NAME I'd surely suggest using 0700 instead of 0750 given your concerns about other people being able to access the contents. Using selinux provides a way to limit accidental leaking in some circumstances and may be a better approach if you have time to do the upfront work. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
