On Tue, Aug 21, 2007 at 12:52:29PM -0700, [EMAIL PROTECTED] wrote: > Mike - Thanks for your very quick reply. I think I follow the logic. My ideal > scenario would be for a user to log in and have the entire home directory > encrypted (mail, firefox, etc.). I am looking for a transparent user > experience, but I am still not quite sure how to accomplish this. Your > instructions assume a separate confidential folder and no pre-existing files > within that folder. > These are the steps that I see would need to happen in my case: > One time only > 1. User is logged out > 2. Root logs in and moves /home/user content to another folder > 3. Root mount -t ecryptfs /home/user /home/user > 4. Root moves content back to /home/user (encryption happens at this > time?!)
Yes. > All consecutive times - manual option > 1. User is logged out > 2. Root logs in and mount -t ecryptfs /home/user /home/user > 3. User logs in > All consecutive times - automatic option > 1. User logs in > In order for the automatic option to work, the .profile can not be > encrypted?! > I am not sure how to do this. I am also not sure how to use plaintext > passthrough mount mode. Is there anything else? It should work with the ``passthrough'' mount option in the set of options in the fstab. Just keep .bash_profile in there in unencrypted form. Create the .bash_profile in the directory while it is not eCryptfs-mounted to begin with, mount eCryptfs, and then create all other files. > I also have a questions about the mount passphrase signature/identifier > value. > It gets entered into the /etc/fstab for automount. Is this a potential > security risk, if the hard drive gets lost? No. FYI, this same value is also written to the header of every encrypted file. Mike
pgpkGKMceFOcT.pgp
Description: PGP signature
------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/
_______________________________________________ eCryptfs-users mailing list eCryptfs-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/ecryptfs-users
