On Tue, 2010-10-26 at 00:28 +0200, nodata wrote:
Hi,
I'm concerned about the default behaviour of mounting encrypted volumes.
The default behaviour is that a user must know and supply a passphrase in order to mount an encrypted volume. This is good: know the passphrase, you get to mount the volume.
What I am concerned about is that the volume is mounted for _every_ user on the system to see.
I've filed a bug about this, and it got closed: https://bugzilla.redhat.com/show_bug.cgi?id=646085
I'm quite in favour of secure by default. In the worst case, the mountpoint would have permissions set to read access to all if you tick a box.
Thoughts?
I'd think you mixed the concept of volume encryption and permission. Once you supply the pass for the encrypted volume, it means that you grant the right to OS to mount this volume. Then the OS is in charge of permission settings. OS doesn't care about if it is encrypted or not, it only knows some volume wants to be mounted and it sets permission as the default schema.
Qiang