Art Alexion on 2 Oct 2008 09:48:16 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] eeePC partitioning suggestions

On Thursday 02 October 2008 11:43:15 am LeRoy Cressy wrote:
> Art Alexion wrote:
> >> You are encrypting /home, I hope?
> >
> > I hadn't thought about it, but it's a good idea.  We've had people break
> > LCDs and lose chargers, but have been lucky so far about losing the
> > laptop itself. We don't have much in terms of trade secrets, but some
> > people have a lot of HIPPA protected stuff.
> >
> > These are not technical users.  Encryption suggestions that won't freak
> > them out?
> I would encrypt both the swap and the home partition.  On system boot
> the system will prompt for a password for each.  Since these are non
> tech type people, I would make the passwords the same for both and also
> something easy for your non tech people.
> When I encrypted my laptop the /etc/fstab changed to:
> #/dev/hda5       /home          ext3    defaults        0       2
> /dev/mapper/home /home          ext3    defaults        0       3
> #/dev/hda2       none            swap    sw              0       0
> /dev/mapper/swap none           swap    sw              0       0
> One of the tools that you might consider is cryptmount
> Here is the Debian description:
> Description: Management and user-mode mounting of encrypted file systems
>  cryptmount is a utility for creating encrypted filesystems & swap
> partitions
>  and which allows an ordinary user to mount/unmount filing systems
>  without requiring superuser privileges.
>  .
>  It offers the following features (for 2.6-series Linux kernels):
>     * easy and safe on-demand access to filesystems without su/sudo;
>     * access passwords can be changed easily without involving the
> sys-admin;
>     * filesystems can reside on raw disk partitions or ordinary files;
>     * multiple filesystems can be stored in a single disk partition;
>     * includes support for encrypted swap partitions;
>     * temporary filesystems can be setup via command-line,
>       for use in shell-scripts;
>     * encrypted filesystems can be initialized at boot-up or on demand;
>     * transparent configuration of dm-crypt & loopback devices during
> mounting;
>     * encrypted access keys are compatible with OpenSSL and can be
>       stored separately on removable media (e.g. USB flash disks).
> Tag: admin::filesystem, role::program, scope::application,
> security::cryptography, security::privacy, works-with::file

Alright, I am going to give this a try.  Thanks for the encryption suggestions 
and the detailed help.

Does anyone have any thoughts about a partition scheme between the 8 & 32 GB 
devices?  Both SSD, the 8 GB is supposed to be faster.  

We encourage people not to save stuff locally, but on a usb stick, as they are 
sharing a user home with all people who borrow these, and they are not 
guaranteed that the stuff they save locally will be there if they ever get 
the same machine back.

Attachment: signature.asc
Description: This is a digitally signed message part.

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --