Skip site navigation (1)Skip section navigation (2) 
Date:      Thu, 02 Nov 2023 19:44:42 +0000
From:      bugzilla-noreply@freebsd.org
To:        bugs@FreeBSD.org
Subject:   [Bug 263234] Add support for OpenZFS encryption to adduser
Message-ID:  <bug-263234-227-diGyBYJxS5@https.bugs.freebsd.org/bugzilla/>
In-Reply-To: <bug-263234-227@https.bugs.freebsd.org/bugzilla/>
References:  <bug-263234-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help 
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D263234

--- Comment #4 from John Grafton <john.grafton@runbox.com> ---
(In reply to Xin LI from comment #3)
The PR has been updated to your specification from comment #3.

For the encryption option, my thought is to default to using a passphrase
that's asked for at the end of the question list in interactive mode.  In b=
atch
mode, the user would need to provide a file with the key?  Haven't decided =
on
the best way to handle this scenario.  Opinions welcome!

These sound like sane defaults to me keeping in mind that the key can alway=
s be
changed later on with 'zfs change-key'.


Interactive session w/ encryption enabled example:

root@freebsd:/usr/src/usr.sbin/adduser # sh adduser.sh
Username: bob
Full name: bob mcbob
Uid [1009]:
Login group [bob]:
Login group is bob. Invite bob into other groups? []:
Login class [default]:
Shell (sh csh tcsh git-shell nologin) [sh]:
Home directory [/home/bob]:
Home directory permissions (Leave empty for default):
Encrypt ZFS home dataset? [no]: yes
Use password-based authentication? [no]:
Lock out the account after creation? [no]:
Username    : bob
Password    : <disabled>
Full Name   : bob mcbob
Uid         : 1009
ZFS dataset : zroot/home/bob
Encrypted   : yes
Class       :
Groups      : bob
Home        : /home/bob
Home Mode   :
Shell       : /bin/sh
Locked      : no
OK? (yes/no) [yes]: yes
Encryption passphrase for dataset (must be at least 8 characters)
Enter new passphrase:
Re-enter new passphrase:
adduser.sh: INFO: Successfully created ZFS dataset (zroot/home/bob).
adduser.sh: INFO: Successfully added (bob) to the user database.
Add another user? (yes/no) [no]:
Goodbye!

--=20
You are receiving this mail because:
You are the assignee for the bug.=

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-263234-227-diGyBYJxS5>