Eric at Lucii.org on 10 Jan 2011 17:33:29 -0800


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Alternate /home (new topic)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 01/10/2011 06:43 PM, Art Alexion wrote:
> On Mon, Jan 10, 2011 at 1:29 PM, K.S. Bhaskar <bhaskar@bhaskars.com> wrote:
>> 2011/1/10 Art Alexion <art.alexion@gmail.com>:
>>> On Sun, Jan 9, 2011 at 2:09 PM, K.S. Bhaskar <bhaskar@bhaskars.com> wrote:
>>>> I always set up a system with two alternate root partitions.
>>>>
>>>> Once I set up the initial root partition, I copy it over to another
>>>> partition mounted as /spare.  Getting it to mount requires some minor
>>>> editing of /etc/fstab and grub setup.  Each mounts the other as
>>>> /spare.  I confirm that I can boot both.  Then I boot the alternate
>>>> root only occasionally, just to verify that it's still sound.  Now, if
>>>> I have some software updates go awry, or a version upgrade that fails,
>>>> I just switch to the alternate root (and as likely as not make it my
>>>> main root and recreate the original root from it).
>>>>
>>>> I always set up an encrypted /home.  But I configure my PC so that I
>>>> can login without /home mounted.  When I cross an international border
>>>> with my laptop, I always cross it with the laptop powered down.  Then
>>>> if I am asked to boot it, I boot it, and can login - but it will be an
>>>> innocuous /home, not my real /home (not that I have ever been asked to
>>>> boot my laptop - just a sensible precaution, IMHO).  To mount the
>>>> encrypted /home, I login as root and run a shell script:
>>>
>>>> In these days of monster disks, I usually have the fourth partition
>>>> mounted as /extra from both roots.  I use this for anything that I am
>>>> working on that doesn't need to be encrypted (e.g., since the software
>>>> I work with, GT.M, is FOSS, I don't need an encrypted development
>>>> environment for it.
>>>
>>> I really like this idea.  I understand that your shell script switches
>>> between homes, but how did you set it up in the first place?
>>
>> [KSB] Art, I don't quite understand the question.  Are you asking how
>> I initially create a /home?  Or how I mount /home when I boot the
>> laptop?
> 
> I guess I am trying to understand the setup.  Is is simply a matter of
> multiple homes associated with multiple users, one innocuous, and the
> important one encrypted, or is it more than that?

I'm not sure about KSB's setup but I know that if you have a separate partition
for /home and you don't mount it then when you log in you end up with a
/home/user directory on the main disk.

I would:

1 Create your user without the partition mounted.

2. Mount your encrypted /home partition somewhere else temporarily.
   (/mnt/home comes to mind.)

3. Copy the user's files to that encrypted partition.

4. Unmount that encrypted partition and mount it again at /home.

Now, it masks the "dummy" (unencrypted) user with the real user.

That's how I'd do it.

A smart forensic person would probably notice that you logged in yesterday but
the files in /home/user have dates that are at least 6 months old.

Eric
- -- 
#  Eric Lucas
#
#                "Oh, I have slipped the surly bond of earth
#                 And danced the skies on laughter-silvered wings...
#                                        -- John Gillespie Magee Jr
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk0rs1IACgkQ2sGpvXQrZ/44rACg8Yos7njdzMOydgUJLe2c9ulS
MtwAnieYTVriHCF3S8Hdz7hRpbthjlB4
=UpXt
-----END PGP SIGNATURE-----
___________________________________________________________________________
Philadelphia Linux Users Group         --        http://www.phillylinux.org
Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce
General Discussion  --   http://lists.phillylinux.org/mailman/listinfo/plug