[PC-BSD Testing] should /home be in default partitioning
kris at pcbsd.org
Tue Mar 22 06:17:48 PDT 2011
On Tue 22/03/11 7:35 AM , Gour <gour at atmarama.net> wrote:
> On Mon, 21 Mar 2011 23:14:01 +0000
> Dru Lavigne wrote:
> > Currently, the encryption page of the PC-BSD Handbook suggests that
> > one should not encrypt /usr as most of its contents are known and
> > that could provide too much data for a cryptographic attack (this was
> > the result of a suggestion by cpercival last year). Yet, the
> > installer by default offers to encrypt /usr. Further, the default
> > partitioning scheme does not make /home which is probably what users
> > are interested in encrypting anyways.
> Moreover, I can say that out if the 4 combinations which I tried to
> install under vbox, whenever I tried with separate & encrypted /home,
> installer fails.
> The other failing combo is trying to setup mirror mode, while the only
> combination which works is: auto-setup partitioning, ZFS.eli.
> > 1. the default partitioning scheme separates /usr and /home
> > 2. the default encryption option offers to encrypt /home instead
> > of /usr
While I'm in agreement in wanting to see /home be encrypted separately, there are still some issues that need to be resolved before this is feasible.
Applications / Software are installed to /usr, while user-data is located in /home, so a problem arises, in how much space do we allocate to each? Right now with /home being a sym-link to /usr/home, its not a problem, but when we create a separate /home partition, then we have a difficult choice to make, which needs more space? The problem is, no matter how we slice it, somebody is going to get short-changed by doing this. I can see the forum posts now: "I still have 300GB of free space in /home, why can't I install any more applications??"
Using ZFS lets us get past this, but then as you pointed out, there isn't a "zfs encrypt" command available for selectively encrypting a specific mount-point, so we are back to the same problem.
Does anybody see any ways around this prickly issue?
Aside from that, I have made a note to look at and fix the installer bugs when using /home partitions, and ZFS with mirroring. Might get a chance to do that later this week, thanks for the logfile Gour!
PC-BSD / iXsystems
Message sent via Atmail Open - http://atmail.org/
More information about the Testing