wish to encrypt after boot
Jean Louis
bugs at gnu.support
Thu Oct 29 15:32:11 PDT 2020
I have been using for years the system where:
- one account
- one HOME directory defined
- one /home/my-account is fake directory (not fake, but not real one)
- there are other fake accounts
- /dev/mapper/my-account is encrypted partition
- thus anybody can start the computer and use his/her account
- I can also access computer through SSH if computer does not prompt me for password
- I can use my fake account for browsing for example
- I can mount as root or other user with root privileges my encrypted partition
Then if I am in country where encryption is disabled or for other
legal reasons, I can just say that I do not know nothing as I use only
my account, not other accounts.
Now I have on Dragonfly BSD prompt asking me to decrypt
partition. That is not convenient for me.
It would be best to retain the /etc/crypttab and just disable
decryption at boot.
Normally I do not even keep crypttab and I use SD card from which I
launch script to decrypt it.
In my opinion I should disable /etc/rc.d/cryptdisks at boot by
changing /etc/rc.conf to have this line:
cryptdisks_enable="NO"
I have tried that, and is not working, so I am prompted for password.
What is best or standard way to disable decryption at boot?
--
Jean Louis
More information about the Users
mailing list