about "I'm user A. What if user B logs in? Will my home drive be mounted?"

[tjluoma]

Let me start by saying that I'm nowhere near knowledgeable about how this works, so my apologies if this is a dumb idea, but regarding this:

The program is not aware of who is logging in and I don't know of a way to make it aware other than making it a User LaunchDaemon, which won't work. A pull request implementing this would be greatly appreciated.

What about a LoginHook? If the user logging in != the user whose $HOME is encrypted, then unmount the encrypted $HOME. Would that gain you anything?

(ISTM that the FileVault 2 must know which user has requested the unlock/login, because it's going to auto-login to that user's account, right? But I have no idea if that information is available programmatically.)

[mattpr]

Let's say you have partition "Users" that you want to have mounted under path /Users.

If filevault is encrypting/decrypting the whole partition... then it doesn't make sense to encrypt/decrypt files for only a single user. The volume gets decrypted so it can be mounted at /Users so that users can login. Protection to keep UserA from looking at UserB's files are provided by the operating system and the same as when FileVault/encryption isn't in use.