Date: Thu, 02 Nov 2023 19:44:42 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 263234] Add support for OpenZFS encryption to adduser Message-ID: <bug-263234-227-diGyBYJxS5@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-263234-227@https.bugs.freebsd.org/bugzilla/> References: <bug-263234-227@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D263234 --- Comment #4 from John Grafton <john.grafton@runbox.com> --- (In reply to Xin LI from comment #3) The PR has been updated to your specification from comment #3. For the encryption option, my thought is to default to using a passphrase that's asked for at the end of the question list in interactive mode. In b= atch mode, the user would need to provide a file with the key? Haven't decided = on the best way to handle this scenario. Opinions welcome! These sound like sane defaults to me keeping in mind that the key can alway= s be changed later on with 'zfs change-key'. Interactive session w/ encryption enabled example: root@freebsd:/usr/src/usr.sbin/adduser # sh adduser.sh Username: bob Full name: bob mcbob Uid [1009]: Login group [bob]: Login group is bob. Invite bob into other groups? []: Login class [default]: Shell (sh csh tcsh git-shell nologin) [sh]: Home directory [/home/bob]: Home directory permissions (Leave empty for default): Encrypt ZFS home dataset? [no]: yes Use password-based authentication? [no]: Lock out the account after creation? [no]: Username : bob Password : <disabled> Full Name : bob mcbob Uid : 1009 ZFS dataset : zroot/home/bob Encrypted : yes Class : Groups : bob Home : /home/bob Home Mode : Shell : /bin/sh Locked : no OK? (yes/no) [yes]: yes Encryption passphrase for dataset (must be at least 8 characters) Enter new passphrase: Re-enter new passphrase: adduser.sh: INFO: Successfully created ZFS dataset (zroot/home/bob). adduser.sh: INFO: Successfully added (bob) to the user database. Add another user? (yes/no) [no]: Goodbye! --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-263234-227-diGyBYJxS5>