De-crypting another user's FileVault on Snow Leopard (Mac OS 10.6)Fri 29 June 2012
I also use FileVault for user home directory encryption. From time to time I need to access files in the admin's home directory. Or, if i'm logged in as the admin user, access files in my user home directory.
To do this you must first su - to the user's account.
matt@mbp $ su - admin Password:
Next use hdiutil to mount the encrypted sparsebundle.
admin@mbp $ hdiutil mount /Users/admin/admin.sparsebundle /dev/disk4 Apple_partition_scheme /dev/disk4s1 Apple_partition_map /dev/disk4s2 Apple_HFS /Volumes/admin admin@mbp $ ls /Volumes/admin/Downloads/ About Downloads.pdf brxInkX6_410.dmg brxtwain_340-228b.dmg
Copy files that you need to /tmp/, or a shared directory. Now unmount the admin user home directory.
admin@mbp $ hdiutil unmount /Volumes/admin/ "/Volumes/admin/" unmounted successfully.
And that, is how you access another encrypted filevault home directory. If you are an administrator and don't know the password of the user accounts encrypted home/sparsebundle, you can reset the keychain using the security command along with the various 'keychain' verbs.