From owner-freebsd-questions@FreeBSD.ORG  Sat May 22 17:01:06 2004
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 1AE2416A4CE
	for <freebsd-questions@freebsd.org>;
	Sat, 22 May 2004 17:01:06 -0700 (PDT)
Received: from msr45.hinet.net (msr45.hinet.net [168.95.4.145])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 2D96843D2D
	for <freebsd-questions@freebsd.org>;
	Sat, 22 May 2004 17:01:05 -0700 (PDT)
	(envelope-from y2kbug@ms25.hinet.net)
Received: from sonic.utopia.com (61-227-219-87.dynamic.hinet.net
	[61.227.219.87])
	by msr45.hinet.net (8.9.3/8.9.3) with SMTP id IAA16533
	for <freebsd-questions@freebsd.org>;
	Sun, 23 May 2004 08:00:29 +0800 (CST)
Date: Sun, 23 May 2004 07:56:58 +0800
From: Robert Storey <y2kbug@ms25.hinet.net>
To: freebsd-questions@freebsd.org
Message-Id: <20040523075658.76ffaaa4.y2kbug@ms25.hinet.net>
In-Reply-To: <200405221254.34138.platanthera@web.de>
References: <200405211749.15890.platanthera@web.de>
	<200405221254.34138.platanthera@web.de>
X-Mailer: Sylpheed version 0.9.7 (GTK+ 1.2.10; i386-portbld-freebsd5.2)
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Subject: Re: home on a gbde encrypted partion
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.1
Precedence: list
Reply-To: y2kbug@ms25.hinet.net
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>,
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Sun, 23 May 2004 00:01:06 -0000



On Sat, 22 May 2004 12:54:29 +0200
platanthera <platanthera@web.de> wrote:

> On Friday 21 May 2004 17:49, platanthera wrote:
> > hi all,
> >
> > I want to move my home directory to a gbde encrypted partition.
> > I plan to have only the default dotfiles in /home/xxx (before
> > mounting the encrypted partition), log in as usual, attach and fsck
> > the encrypted partion and then mount it 'over' /home/xxx.
> > Is there anything wrong with this approach?
> 
> hmm... obviously there is something wrong. I can't unmount my current 
> home directory later. Not really surprising..

Interesting question. File /etc/passwd is where the system determines where a
user's data files will
be located. For example, user "robert" on my system:

root@sonic:~> cat /etc/passwd | grep robert
robert:*:1005:1006:User &:/home/robert:/usr/local/bin/bash

So just create a special user (using sysinstall), perhaps user "secure". Instead
of putting his login directory at /home/secure, put it on /secure (a directory
you manually create) and (as root) mount /secure on an encrypted partition.
After /secure is mounted, login as user secure. You'll have to tweak permissions
of course so that user secure can read/write files on this partition.

regards,
Robert