If you have enough memory you can avoid the /tmp problem by moving it
into RAM:
fstab:
swap /tmp mfs rw,async,nodev,nosuid,-s=2000000 0 0
This will also speed up some things that write to /tmp.
But keep in mind that in case of a crash the content is lost (if this is
relevant for you).
regards,
Robert
Joachim Schipper wrote:
On Fri, Oct 30, 2009 at 07:57:08PM -0400, Brad Tilley wrote:
I wrote some notes on how I normally encrypt /home on OpenBSD laptops.
I was hoping misc could read it and bash it around some. I'd like to
know if I'm doing something wrong. No jokes about Beck's ass please :)
http://16systems.com/openbsd_laptop_encryption.txt
Encrypting just /home is dangerous. Do you know where vi(1) keeps its
backup files? Are you *sure* that's the only application that works like
that? And that nothing ever uses /tmp?
Realistically, / cannot be encrypted since you need some files to boot,
and /usr can probably reasonably be kept unencrypted. Everything else -
/home, /tmp, /var - needs encryption (or not, but in that case nothing
does). You should also be careful to note that /root is not encrypted
under this scheme.
Joachim
