[Scotto]

Hi All..

I am looking for a way to password protect one of my internal HDD's in my Power Mac. I am aware that FileVault can do this in the home directory, i need a solution for a seperate Hard Disk.

[wadesworld]

Create an encrypted disk image as the only thing on the HD.

Wade

[Scotto]

Originally posted by wadesworld:
Create an encrypted disk image as the only thing on the HD.

Wade

Yeah, I thought of doing that, is that the only way?

[Mr. Blur]

perhaps have a look at SubRosa CipherDisk - it looks like it does what you want (but costs money)

[megasad]

Originally posted by Scotto:
Yeah, I thought of doing that, is that the only way?

I think I know of another way and so here are some instructions I just made up:

1 - Open the Accounts Preference Pane. Create a new user account with the name SecureHD, the short name securehd and the password secure. Make this user an administrator. In the Login Options, do not have automatic login enabled and display the login window as a name and password.
2 - Open NetInfo Manager, go to /users/securehd, and change the uid and gid to 499 and the home from /Users/securehd to /Volumes/Safe (where Safe is the name of the hard drive you want to password protect). Save and Quit.
3 - Log out of your regular account and then in to the SecureHD account. You will see that a Desktop and Library folder have been created and that the entire Safe volume is now considered the home of the SecureHD user.
4 - The default priviliges may be a bit messed up, but to fix them, and then do something further, simply go to the Computer window, select Safe and Get Info on it. Make sure that securehd is the owner (if it is not, change it so that it is). Make the group admin. Make securehd have read/write privileges and make group and others have no access at all. Hell, so that it looks like this:

5 - Log out of SecureHD and back in to your regular account. Try and have a look at what's on the Safe hard drive. What's that? You can't? A litle window popped up saying you don't have sufficient privileges? Damn right.

Using the drive: Whenever you want to access the secure drive's content, simply go to the Computer window, Get Info on the drive and check the box that says to "Ignore ownership on this volume." When you're finished with the drive? Uncheck that box. You can delete the Desktop and Library folder created earlier as you won't need to log in as the securehd user any more. That's why its UID and GID were changed to 499; so that it wouldn't show up in the list view login screen, or in the fast user switching menu item. You can also delete the securehd folder that was created in the users folder earlier.

Caveats: So long as you're the only administrator on your computer, this will work. Anyone who is not an administrator who tries to unlock the secure hard drive in the same way as you (using the get info window) will be prompted to enter an admin user name and password. So long as they don't have that, your stuff is safe. Stir another admin into the mix, however, and the above method is completely useless; they can still access the drive. Similarly, leaving yourself logged in means anyone can access your stuff, just using the Get Info window.

Why create another user rather than just modify the disk permissions whilst logged into your own account, so that you're the only one with access?
Because that'd be the easy way of accomplishing pretty much exactly the same thing I just showed you a really round about way of doing.

[Scotto]

THATS FANTASTIC....

Exactly what I am lookin' for

[megasad]

Damn, seriously? Which way? The long-winded one, or the simple modify-permissions way?

Unfortunately, both have got all kinds of problems. For example, if someone FireWire Target Disk modes your machine, they'll still be able to access all your stuff. The encrypted disk image, on the other hand, would protect your data in such an instance. But I guess it's pretty good, especially if you're only dealing with non-admin local users. And I guess you can do the open firmware block thing to slightly reduce the chances of someone firewiring the stuff.