FileVault and deleting .AppleSetupDone

[emice]

I was using my friend's Macbook Pro while he is away for a week and needed to install some software, so I deleted .AppleSetupDone to create a second administrator account with a different name.

I now realize he was using FileVault. I don't know his password but I am very concerned about if this can cause any accessibility problems for his files. His account is still there under System Preferences and I have been using the new account. He knows his login/password so FileVault should unlock fine when he signs in with that, right?

If someone here doesn't know I'd also like to know for sure if there another forum where I might be able to get a more definitive answer. This is going to really bother me until I find out for sure. Thanks!

 

[emice]

I checked /Library/Keychains and found these files:

-rw------- 1 root admin 562 Feb 9 19:04 FileVaultMaster.cer
-rw-r--r-- 1 root admin 25124 Feb 9 19:04 FileVaultMaster.keychain
-rw-r--r-- 1 root admin 31172 Apr 15 12:25 System.keychain
-rw-r--r-- 1 root admin 36660 Jan 14 13:36 System.keychain.2009-01-28.12:52:25

Hope that helps.

 

[emice]

One more question, is setting a FileVault master password required when turning it on? Does it ask or strongly recommend it when enabling filevault? If it was suggested I'm pretty sure my friend would have done it. Would the FileVaultMaster.??? files be there if he didn't set the master password? Thanks.

 

[madog]

He should be able to access his files fine as long as he knows the password.

If the password is lost or the harddrive crashes, the files are extremely difficult to recover if not impossible for most people.

While it can be good in that sense if you want protection against a stolen computer, I would suggest disabling FV otherwise.

 

[emice]

Whew, that is a relief. Will he simply be able to login and it will all be there? Or will he need the FileVault master password as well, since System.keychain was overwritten?

He should have both passwords but I am just wondering. Thanks a bunch for the help, I can stop most of the freaking out now!

I googled around for info quite a bit without any definitive answers so hopefully others will find this thread in the future.

 

[madog]

The "master password" is associated with the "FileVaultMaster.keychain" and "FileVaultMaster.cer" in the computer's main "/Library/Keychains" folder, by default, "Macintosh HD/Library/Keychains/".

If these files are removed, the system will think that a "master password" has not been set, so it would be a good idea to back these up.

From FV in the preferences, "WARNING: Your files will be encrypted using your login password. If you forget your login password and you don't know the master password, your data will be lost."

So basically, the Master Password is a safety net password. If you don't know one, you have another chance. If you forget or lose both, then the data is essentially lost.

Other than the Master Password being stored there, the user password isn't stored in the keychains. Just that if you want the computer to remember the password that's where it is saved (as far as I know. I have deleted all of my keychain files before, though I never did have FV turned on). It seems different for FV in that the keychain actually stores that password in that specific file, which could be bad if it is deleted.

 

[emice]

You the man maddog! I just switched to Mac after being a PC user since the 8086 days to get into some Xcode development. Good to have solid encryption, but it is tempermental enough to make backups essential. I can only imagine what would happen if there was some disk corruption.

Thanks a bunch.