diff options
| author | ebiggers <ebiggers@google.com> | 2019-09-24 04:04:02 -0700 |
|---|---|---|
| committer | Joseph Richey <joerichey@google.com> | 2019-09-24 04:04:02 -0700 |
| commit | 61464729e79d4b27a878718a92e4e3b70f7ad317 (patch) | |
| tree | 76f97a88a1ea561121435d256595faa13480a1b0 /README.md | |
| parent | 672cce613a8b3acf66e0f288206b1fcbff7d41cd (diff) | |
cmd/fscrypt: make 'fscrypt setup' create /.fscrypt (#149)
Make the global setup command also create the metadata directory at
/.fscrypt, since that's where login protectors are placed, even when the
actual encrypted directories are on a different filesystem.
Resolves https://github.com/google/fscrypt/issues/129
Diffstat (limited to 'README.md')
| -rw-r--r-- | README.md | 12 |
1 files changed, 4 insertions, 8 deletions
@@ -86,8 +86,8 @@ policy can also be changed. This allows a user to change how a directory is protected without needing to reencrypt the directory's contents. Concretely, fscrypt contains the following functionality: -* `fscrypt setup` - Initializes the `fscrypt.conf` file - * This is the only functionality which requires root privileges +* `fscrypt setup` - Creates `/etc/fscrypt.conf` and the `/.fscrypt` directory + * This is the only functionality which always requires root privileges * `fscrypt setup MOUNTPOINT` - Gets a filesystem ready for use with fscrypt * `fscrypt encrypt DIRECTORY` - Encrypts an empty directory * `fscrypt unlock DIRECTORY` - Unlocks an encrypted directory @@ -241,16 +241,16 @@ MOUNTPOINT DEVICE FILESYSTEM STATUS / /dev/sda1 ext4 encryption not enabled /mnt/disk /dev/sdb ext4 not setup with fscrypt -# Create the global configuration file. Nothing else needs root. +# Create the global configuration file. Nothing else necessarily needs root. >>>>> sudo fscrypt setup Create "/etc/fscrypt.conf"? [Y/n] y Customizing passphrase hashing difficulty for this system... Created global config file at "/etc/fscrypt.conf". +Metadata directories created at "/.fscrypt". # Start using fscrypt with our filesystem >>>>> fscrypt setup /mnt/disk Metadata directories created at "/mnt/disk/.fscrypt". -Filesystem "/mnt/disk" (/dev/sdb) ready for use with ext4 encryption. # Initialize encryption on a new empty directory >>>>> mkdir /mnt/disk/dir1 @@ -359,10 +359,6 @@ login passphrase, you may have to do additional work when you change your system passphrase. ```bash -# Login passphrases also require that fscrypt is setup on the root directory ->>>>> sudo fscrypt setup / -Filesystem "/" (/dev/dm-1) ready for use with ext4 encryption. - # Select your login passphrase as the desired source. >>>>> mkdir /mnt/disk/dir2 >>>>> fscrypt encrypt /mnt/disk/dir2 |