:: Re: [DNG] some ASCII issues
Startseite
Nachricht löschen
Nachricht beantworten
Autor: Alessandro Selli
Datum:  
To: dng
Betreff: Re: [DNG] some ASCII issues
On Mon, 3 Jul at 2017 01:03:13 +0200
Arnt Karlsen <arnt@???> wrote:

> On Mon, 3 Jul 2017 00:42:52 +0200, Alessandro wrote in message
> <20170703004252.748a9c7f@ayu>:
>
>> Il giorno Wed, 28 Jun 2017 19:38:11 +0200
>> Didier Kryn <kryn@???> ha scritto:
>>
>>> Le 28/06/2017 à 15:40, Stephan Seitz a écrit :  
>>> > And today you should always encrypt your discs.     

>>>
>>>      I don't see any reason to encrypt /usr. You might like to
>>> encrypt /etc because it contains user names and (already encrypted)
>>> passwords. But definitely there is no reason to encrypt everything.  

>>
>> Valid reasons to encrypt /usr include:
>>
>> 1) /usr resides on the same partition as / and/or /home (trivial
>> case); 2) protecting its files from being tampered with when the
>> device is offline;
>> 3) making harder to someone who can access your
>> offline HD understand which partition is /, or /usr or /home, so that
>> the attacker will have to try to decrypt them all;
>> 4) you put stuff in /usr/local that might contain
>> keys/passwords/sensitive information that would better be kept
>> protected.
>
> ..if you wanna protect /usr/local, chop that off /usr and
> encrypt, mount etc them all as you damned please.


/usr/local was standardized for a reason. You might do as you like on your
personal PC, maybe you're not as free to do the same on your company's
server/workstation. You might have /opt bind-mounted on /usr/local, and have
lots of stuff there you don't want to peruse to see if any of it would better
be kept away from prying eyes (like VM images).
What specific reasons do you have *not* to encrypt /usr in a
machine that has / and /home encrypted? What do you gain by that?