wish to encrypt after boot

Jean Louis bugs at gnu.support
Thu Oct 29 15:32:11 PDT 2020


I have been using for years the system where:

- one account
- one HOME directory defined
- one /home/my-account is fake directory (not fake, but not real one)
- there are other fake accounts
- /dev/mapper/my-account is encrypted partition
- thus anybody can start the computer and use his/her account
- I can also access computer through SSH if computer does not prompt me for password
- I can use my fake account for browsing for example
- I can mount as root or other user with root privileges my encrypted partition

Then if I am in country where encryption is disabled or for other
legal reasons, I can just say that I do not know nothing as I use only
my account, not other accounts.

Now I have on Dragonfly BSD prompt asking me to decrypt
partition. That is not convenient for me.

It would be best to retain the /etc/crypttab and just disable
decryption at boot.

Normally I do not even keep crypttab and I use SD card from which I
launch script to decrypt it.

In my opinion I should disable /etc/rc.d/cryptdisks at boot by
changing /etc/rc.conf to have this line:
cryptdisks_enable="NO"

I have tried that, and is not working, so I am prompted for password.

What is best or standard way to disable decryption at boot?

-- 
Jean Louis



More information about the Users mailing list