On Wed, Apr 08, 2009 at 10:48:31AM -0700, new_guy wrote:
> Roland Smith wrote:
> > 
> > My advice would be to put /home (where _your_ data resides) on a
> > seperate partition and encrypt only that partition, with a password.
> Thanks to everyone for the advice. I really do appreciate it. I like this
> tip a lot. Since the default FreeBSD installer puts /home as a link to
> /usr/home... could I just encrypt /usr and get the same result? I'm thinking
> this would be the best way.

You could do that. But since enabling encryption effectively destroys
the data on the old partition, you might as well split the old /usr into
/usr and /home while you're at it. On my workstation /usr fills about
5GB. So reserving 5-8GB for /usr should be plenty. An encrypted /usr
can be a PITA if you have to boot into single user mode for
maintenance. You'd have to attach and mount the geli device by hand,
instead of having the rc scripts automate it.

A word of warning: make sure you have good recent backups before
enabling encryption, in case it becomes FUBAR.

R.F.Smith                                   http://www.xs4all.nl/~rsmith/
[plain text _non-HTML_ PGP/GnuPG encrypted/signed email much appreciated]
pgp: 1A2B 477F 9970 BA3C 2914  B7CE 1277 EFB0 C321 A725 (KeyID: C321A725)

Attachment: pgpuCHJW02kGa.pgp
Description: PGP signature

Reply via email to