Date: Wed, 31 Jul 2024 16:02:52 +0100 From: void <void@f-m.fm> To: freebsd-current@freebsd.org Subject: a zfs thank you :) Message-ID: <ZqpSHAPDcSlikhnC@int21h>
index | next in thread | raw e-mail
Hi,
I was pleasantly surprised when I installed a new [1] zfs-on-root -current
to rpi4 that when adduser was invoked, I was given the option to encrypt
the homedir. This is a great feature for my context [2].
It doesn't automount on boot but I think this is more of a feature
rather than a bug. One can have a different password to the GELI one used
to boot up the whole system.
I have not tested yet whether one can have the user, once logged in, mount
their homedir with doas(1). Right now, I mount the homedir like so:
zfs load-key -a (prompts for password)
zfs mount -a
as root.
I could I guess make a doas line for the user for zfs load-key -r zfsfile/system.
Can anyone suggest any better ideas please?
[1] n271321-9ae91f59c500
[2] machine and disk are not in a "secure" area. My concern is for data-at-rest.
homedirs will have things like cached passwords user creds etc and it's to prevent
someone just walking off with the disk and grabbing user creds for example.
--
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?ZqpSHAPDcSlikhnC>