-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Pixel wrote: > pplf <[EMAIL PROTECTED]> writes: > > >>During installation (using 9.1), when you create the partitions it is >>possible to choose the option "encrypted" for some partitions like /home >>or /tmp, but it is not possible to choose /var (an error says something >>like : "/var cannot be located on an encrypted partition"). >> >>Why /var cannot be on an encrypted partition ? I see no reason >>preventing to do that... > > > well, the encrypted partitions must not be be important for booting. > The boot will timeout if no password is given, and then...
And if /var isn't mounted, most server applications won't start, since they cannot write log files or access the data they need, the initscripts can't touch the files in /var/lock/subsys. It would be a very bad idea on a server, if the server is booted remotely, or by a UPS after power returns, nothing would work, and it would probably be very difficult to do anything remotely (unless via another machine and a serial cable). Maybe this is feasible if absolutely no deamons are installed (not even cron, syslog). And if this is the case, why would you want to encrypt /var? > You can say /home *is* important for booting, so maybe it's not a good > reason. /home isn't needed for booting. Only for a user to log in to X. Regards, Buchan - -- |--------------Another happy Mandrake Club member--------------| Buchan Milne Mechanical Engineer, Network Manager Cellphone * Work +27 82 472 2231 * +27 21 8828820x202 Stellenbosch Automotive Engineering http://www.cae.co.za GPG Key http://ranger.dnsalias.com/bgmilne.asc 1024D/60D204A7 2919 E232 5610 A038 87B1 72D6 AC92 BA50 60D2 04A7 -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQE/hVCErJK6UGDSBKcRAqYUAKDDRPf8ezr/lIdeSzhWxCHnGdvcxwCdHtk3 wx6jC6hA6ToLA6+fKhr4jII= =ZXiR -----END PGP SIGNATURE----- ***************************************************************** Please click on http://www.cae.co.za/disclaimer.htm to read our e-mail disclaimer or send an e-mail to [EMAIL PROTECTED] for a copy. *****************************************************************
