This content has been marked as final. Show 6 replies
Keep in mind that you encrypt file systems and not disks. However, you can basically
encrypt all data on a disk by creating an encrypted top-level file system, like this:
1. Create the pool:
# zpool create tank mirror c0t5000C500335F4C7Fd0 c0t5000C500335FC6F3d0
2. Create the encrypted top-level file system.
# zfs create -o encryption=on tank/home
Enter passphrase for 'tank/home': xxxxxxx
Enter again: xxxxxxx
3. Create descendent file systems.
# zfs get encryption tank/home/amy
NAME PROPERTY VALUE SOURCE
tank/home/amy encryption on inherited from tank/home
You can also change the encryption methods for specific file systems.
See this doc as well:
Yes, just enable the encryption property on the home directory datasets and not any others.
Since what you want to protect is a users home directory you probably also want to use the pam_zfs_key module so that when you login it will automatically mount up the encrypted dataset using the same (or different) passphrase as your login password.
See the examples in the pam_zfs_key(5) man page for how to configure it.
Edited by: rukbat on Dec 6, 2012 7:18 AM
I edited the URL to the man page link, for better readability.
(If you wish yo see how it's done, go "edit" your own reply and examine the text. Then exit the edit session to leave it be.)