| Eric at Lucii.org on 10 Jan 2011 17:33:29 -0800 |
[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]
| Re: [PLUG] Alternate /home (new topic) |
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On 01/10/2011 06:43 PM, Art Alexion wrote: > On Mon, Jan 10, 2011 at 1:29 PM, K.S. Bhaskar <bhaskar@bhaskars.com> wrote: >> 2011/1/10 Art Alexion <art.alexion@gmail.com>: >>> On Sun, Jan 9, 2011 at 2:09 PM, K.S. Bhaskar <bhaskar@bhaskars.com> wrote: >>>> I always set up a system with two alternate root partitions. >>>> >>>> Once I set up the initial root partition, I copy it over to another >>>> partition mounted as /spare. Getting it to mount requires some minor >>>> editing of /etc/fstab and grub setup. Each mounts the other as >>>> /spare. I confirm that I can boot both. Then I boot the alternate >>>> root only occasionally, just to verify that it's still sound. Now, if >>>> I have some software updates go awry, or a version upgrade that fails, >>>> I just switch to the alternate root (and as likely as not make it my >>>> main root and recreate the original root from it). >>>> >>>> I always set up an encrypted /home. But I configure my PC so that I >>>> can login without /home mounted. When I cross an international border >>>> with my laptop, I always cross it with the laptop powered down. Then >>>> if I am asked to boot it, I boot it, and can login - but it will be an >>>> innocuous /home, not my real /home (not that I have ever been asked to >>>> boot my laptop - just a sensible precaution, IMHO). To mount the >>>> encrypted /home, I login as root and run a shell script: >>> >>>> In these days of monster disks, I usually have the fourth partition >>>> mounted as /extra from both roots. I use this for anything that I am >>>> working on that doesn't need to be encrypted (e.g., since the software >>>> I work with, GT.M, is FOSS, I don't need an encrypted development >>>> environment for it. >>> >>> I really like this idea. I understand that your shell script switches >>> between homes, but how did you set it up in the first place? >> >> [KSB] Art, I don't quite understand the question. Are you asking how >> I initially create a /home? Or how I mount /home when I boot the >> laptop? > > I guess I am trying to understand the setup. Is is simply a matter of > multiple homes associated with multiple users, one innocuous, and the > important one encrypted, or is it more than that? I'm not sure about KSB's setup but I know that if you have a separate partition for /home and you don't mount it then when you log in you end up with a /home/user directory on the main disk. I would: 1 Create your user without the partition mounted. 2. Mount your encrypted /home partition somewhere else temporarily. (/mnt/home comes to mind.) 3. Copy the user's files to that encrypted partition. 4. Unmount that encrypted partition and mount it again at /home. Now, it masks the "dummy" (unencrypted) user with the real user. That's how I'd do it. A smart forensic person would probably notice that you logged in yesterday but the files in /home/user have dates that are at least 6 months old. Eric - -- # Eric Lucas # # "Oh, I have slipped the surly bond of earth # And danced the skies on laughter-silvered wings... # -- John Gillespie Magee Jr -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.10 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/ iEYEARECAAYFAk0rs1IACgkQ2sGpvXQrZ/44rACg8Yos7njdzMOydgUJLe2c9ulS MtwAnieYTVriHCF3S8Hdz7hRpbthjlB4 =UpXt -----END PGP SIGNATURE----- ___________________________________________________________________________ Philadelphia Linux Users Group -- http://www.phillylinux.org Announcements - http://lists.phillylinux.org/mailman/listinfo/plug-announce General Discussion -- http://lists.phillylinux.org/mailman/listinfo/plug