PDA

View Full Version : 10.7 Lion Filevault - guest account & multi-user systems




ozaz
Feb 27, 2011, 02:26 PM
So Lion will offer whole-disk-encryption through filevault. That will be a welcome addition for many.

However, based on some screenshots (http://www.dropbox.com/gallery/132528/1/110226%20OSX%20Lion%20Developer%20Preview%20%28Build%2011A390%29?h=97e752), it seems like there is no additional option to do home-folder-only encryption (i.e. carry on with the current implementation). I would be disappointed if this were the case.

I like home-folder encryption because it means I can give my computer to guests to use (via the guest account) without having to give them a password which effectively opens up access to the disk.

So I'd be very interested to know how multi-user scenarios and guest accounts are being handled in Lion when the new filevault is enabled.



awsumth
Feb 27, 2011, 08:16 PM
Does it really encrypt the entire disk? When you boot the computer, do you need to enter the password? Perhaps it doesn't encrypt the boot files, so guests will be able to boot your computer and only be able to access that account. You could try leaving the computer on sleep if you anticipate guests using your computer.

Can you encrypt Time Machine backups that are currently unencrypted?

ozaz
Feb 28, 2011, 06:30 AM
Does it really encrypt the entire disk? When you boot the computer, do you need to enter the password?

I don't know, but that's what I am assuming. Just to clarify, I don't have access to the dev preview of Lion. The screenshots I refer to in my original post were not taken by me. I just saw a link to these screenshots elsewhere on this forum.

You could try leaving the computer on sleep if you anticipate guests using your computer.

Yes, I suppose so. However, If this were the only way to allow someone to use the guest account (when filevault is enabled) it would not be ideal. I'm sure many guest users would shut down rather than log out after their session. I wonder if they would then be locked out of using the machine until I was around to enter a password to get back to the user account login screen.