[Mac_crypto] How FileVault Should Work (Re: TidBITS#719/01-Mar-04)

Nicko van Someren mac_crypto@vmeng.com
Wed, 3 Mar 2004 17:01:50 +0000

On 3 Mar 2004, at 12:57, Arnold G. Reinhold wrote:

> If someone has sensitive activities that are well segregated from most 
> of what they do, they can simply create a separate account that is 
> secured by FileVault (and a strong passphrase). With 10.3's fast user 
> switching, it is relatively painless to change contexts, say to grab a 
> file from the unsecured account. Or group permissions might be used to 
> allow the secure account to access the unsecured account, preferably 
> read only. (I haven't tried this.) The small hassle factor is probably 
> helpful in keeping sensitive data separate from ordinary files.

In fact it's easier than this.  What you can do (and I know a number of 
people who do this) is to get someone with admin privileges to make a 
new directory in the root of the hard drive called something like 
"Users (cleartext)" and put properly owned subdirectories in there for 
each user.  Users who want to enable File Vault can drag their Music, 
Movies, Pictures or other large directories of non-sensitive data into 
their cleartext directory and then put a soft link or alias back in 
place of the original.  iTunes and iPhoto both cope with this perfectly