Encrypting different directories

[Louis E Garcia II]

I am concerned about third parties getting their hand on the hard drive.

Is there any documentation on this process? Where would this password be
stored? And would this be invisible to users? 


On Mon, 2006-03-13 at 14:41 -0600, Bruno Wolff III wrote:
> On Mon, Mar 13, 2006 at 15:19:27 -0500,
>   Louis E Garcia II <louisg00 at bellsouth.net> wrote:
> > Is it possible to encrypt users home directories separately instead of
> > just one partition? 
> > 
> > I was thinking if every user had their own cypher key, there home
> > directories could be encrypted and there login password could be the
> > cypher key?
> > 
> > This would not require the /home partition be encrypted but every users
> > home directory. 
> > 
> > Is this possible with fedora?
> 
> I believe you can functionally achieve that using loopback mounts of a file
> for each person and mounting each of these file systems in /home. This would
> require fixing the amount of space each person has available. The users
> would need to supply a password at some point after the system was rebooted,
> but you can make some way for them to do this before their home directory
> is available.
> 
> You might be better off stepping back and doing a threat analysis though.
> What are you actually trying to stop?
> For example the system administrator will be able to access all of these
> files if he records the password used when mounting the encrypted file systems.
> 
> If you are trying to protect users from third parties who steal the hardware,
> then having one password for the partition /home is on should be good enough.
> 
> Users can protect files from each other using normal unix access modes. In FC5,
> SELinux will give a way for the system administrator to enforce this more
> rigorously using multicategory security (if the number of users isn't too
> large).