Isn't it time for the encrypted file system???
Christopher Blizzard
blizzard at redhat.com
Mon Mar 27 18:46:01 UTC 2006
Jeremy Katz wrote:
>>> * You don't want an encryption that's global across all of /home, you
>>> really want to encrypt each user's home directory separately so that
>>> they can access their own stuff without needing any sort of admin
>> Sorry, but privacy on system where someone other has root permissions
>> is illusion only. I don't understand how could be really safe system
>> where admin is able to modify kernel or some system util and steal
>> your password (or private key or whatever).
>
> No, I'm saying that Bob shouldn't need an administrator to unlock
> the /home on his laptop. But Bob and Jim should be able to both have
> accounts (or maybe it's Bob and his girlfriend)
So based on the current way that the we do encryption (block-level for
an entire parition?) sucks because it doesn't allow this kind of thing?
Sounds like we have some work to do to make it really useful.
--Chris
More information about the Fedora-maintainers
mailing list