Date: Mon, 5 Oct 2020 09:12:47 -0600 From: Alan Somers <asomers@freebsd.org> To: Eric McCorkle <eric@metricspace.net> Cc: FreeBSD Hackers <freebsd-hackers@freebsd.org> Subject: Re: Mounting encrypted ZFS datasets/GELI for users? Message-ID: <CAOtMX2hbt-2MBryLUJLU9CLgvZO29vNzMwtSrR1YXvknHFaGjA@mail.gmail.com> In-Reply-To: <8d467e98-237f-c6a2-72de-94c0195ec964@metricspace.net> References: <8d467e98-237f-c6a2-72de-94c0195ec964@metricspace.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Mon, Oct 5, 2020 at 7:46 AM Eric McCorkle <eric@metricspace.net> wrote: > I'm presently looking into options presented by ZFS encryption. One > idea I had was something like this (I'm going to go with ZFS for now, > but you could presumably do something like this with GELI, with more > effort). > > You could have your users' home directories on separate ZFS datasets, > with a separate encryption key generated from their passphrase (you > could also generalize this to a session key generated from some other > form of authentication). When a user logs in, their authentication > materials are used to recover the ZFS key, which is then used to mount > the home directory. When they log out, their home directory is unmounted. > > The tricky part seems to be that you need their authentication > materials. I think you could maybe accomplish something like this with > a custom PAM module that would load the key when the user logs in. I'm > less sure how to unload the key when they log out, though. If you could > manage that, then I think standard automounter stuff should be able to > handle mounting and unmounting the actual filesystem as needed. > > Does anyone know of a better way to go about doing this? > First of all, what kind of thread are you concerned with? Disk encryption does not protect against an attacker with access to a live machine; it only protects against an attacker with access to an off machine, or to the bare HDDs. Per-user encryption would presumably protect one user from another user who has physical access to the off server. Is that what you're worried about? If not, then you shouldn't bother with per-user encryption. Just encrypt all of /home or all of the pool with a single key. -Alan
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?CAOtMX2hbt-2MBryLUJLU9CLgvZO29vNzMwtSrR1YXvknHFaGjA>