On Tue, Oct 26, 2010 at 16:56:41 +0200, nodata <lsof@xxxxxxxxxxxx> wrote: > On 26/10/10 16:00, Bruno Wolff III wrote: > > On Tue, Oct 26, 2010 at 12:07:56 +0200, > > nodata<lsof@xxxxxxxxxxxx> wrote: > >> > >> Now imagine if you could read all of _my_ files and I could read all of > >> yours. That makes no sense. You _can_ configure that if you want, but by > >> default we go for security. > > > > Once upon a time that was the default for systems. > > > >> This is the same. You connect your encrypted hard disk to the system and > >> you can look at the files on it because you know the passphrase. > > > > That is muddy thinking. The OS needs the password, you can't directly look > > at the disk using the password in your head. The OS needs to manage access > > to the encrypted device. > > I don't really understand what you're trying to say here. > > A person who knows the passphrase and nobody else (apart from super > users, the kernel, etc) should be the only one who can access the > unencrypted device. How do you expect this to happen? The user is going to supply the password to the OS and it is going to access the volume. At that point the OS is protecting the data from unauthorized use by other users, not a password. So you need to use normal OS controls on this. The feature you seem to be looking for is that when an encrypted device is mounted, that there be different defaults than when automounting unencrypted devices. That might be reasonable (depending on what the defaults are). If the device has an ext* file system on it, normal uid usage should be good enough if you just use it on one system or accross a set where you have the same uid. You can also use /etc/fstab to automatically control how the device is mounted. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel