Hi Mr. Hendrickx!
>
> You should understand what CGD protects you from and what not.  CGD will
> make it impossible for someone who steals your hard disk to read the
> contents of encrypted partitions/filesystems.  However your own kernel
> must
> know how to read it and once it's configured with the proper key (through
> cgdconfig or automatically at boot-time), operator-users can read the
> contents of the /dev/cgd0* devices as if they were ordinary disk devices,
> since those are also group-readable for the operator group.  So CGD will
> not solve this particular problem.

I see, now I get it. Thanks for the explanation :)

>
> Simply chmod(1)'ing the devices to 700 however will solve the problem.
>

Why 700? is it necessary to have an execute bit for root to use swap? Say
for example my swap is in wd0b:

brw-r-----  1 root  operator    0,      1 May  6 08:15 wd0b

Is 0500 better?


Joseph