I was thinking on setting up a FTP server
and have the partition (not the system) holding all files
to be encrypted using crypt-setup or the like.

Now, I was only wondering if this is a good idea?
why I want to do this is because, we have already had a break in.
where computers/Servers where stolen.

I am woundering on the preformance if it
gonna be VERY noticed ( on the fly encryption ), or just a "small" degree
in performance.

I would imagine that once the file is decrypted and read it'll be kept in the page cache decrypted, so the performance shouldn't be terrible. But I would expect a noticable hit if you're doing a lot of I/O on that disk.

Also, I've never used the dm-crypt stuff so I could be completely wrong about the decrypted in memory thing too. Your best bet is to just grab a box (or VMWare session) and try it out. It'll give you a chance to get more comfortable with the software too since it can be really easy to lose data once you encrypt it.

I might be wrong, but isn't the partition decrypted when you mount it?

And you would need to keep it mounted so that you can serve files with your FTP. So you wouldn't gain much from encrypting it. At least that was was how losetup worked. Although I never tried to access it with another user.

You can however encrypt the files that you are serving and only authorized people have the key to decrypt it.

You are wrong. The data is decrypted as it is read, and encrypted as it is written. The on-disk data is always encrypted. (I don't think the cache is encrypted, but since no program or thief can access it, it is not a problem.)
This is another option, though it achieves different goals.

You can always use encrypted loopback devices and test performance...
For FTP, it could be similar to SSH's scp and sftp, I don't know.

Making encrypted backups of these partitions has never been been easier... You could also encrypt /var/log

There are many flaws with this setup:
1- You must trust all these users.
2- You must trust the computers they're connecting from.
3- If you change a password, you must notify these users.
4- Serving encrypted files over a plain-text protocol is dangerous because users may type the file's password at the login prompt. (Not to mention that their account passwords on your system may be sniffed as well, making your cryptography setup useless).


You must find the best option anyway, because it all depends on too much factors: the data being encrypted, etc...

I think it will be better.

I agree, but I would say that it is slightly more secure, especially if you use sftp or ftps, instead of ftp. However, this setup is NOT the same as the one you want, and it has a different purpose.