Back in April, Linux Magazine ran what I considered to be an inaccurate account of the OS-level security provided by our Ubuntu Distribution. Your Distro is Insecure: Ubuntu.Frustrated with the piece, I blogged this in return: Your Article is Incorrect: Linux Magazine.
Following that post, I had a very constructive, private email conversation with Linux Magazine editor, Bryan Richard. We discussed a number of different ways that Canonical/Ubuntu might be able to respond to their previous article, which caused quite a stir on Ubuntu's public mailing lists.
I'm very pleased with Bryan's response. He invited me to author an article focusing on the security features that are available in Ubuntu. The result was published earlier today, focusing on Ubuntu's Encrypted Home Directory feature, which is rather unique among Linux distributions: Ubuntu's Encrypted Home Directory: A Canonical Approach to Data Privacy
Enjoy!
:-Dustin
Hi,
ReplyDeletegreat article. But the thing with the encrypted backup I don't understand. If I make a backup with my normal user the data is stored non-encrypted. Only as super user or special backup user it is encrypted. Right?
Steffen
Steffen:
ReplyDeleteUhm not exactly. Once you are logged in you can backup both the encrypted and unencrypted versions of files depending on which location in the filesystem you read from. Page 3 of the article covers this.
The traditional unencrypted home directory for user "foo" doesn't exist until foo logins and eCryptfs is used to make the home directory mount point. But the encrypted version of the files can always be backed up..even by user "foo" who owns the files.
-jef
Hi Jef,
ReplyDeleteYou mean a backup of ~.private? But if I backup this folder I only see encrypted file and folder names. If I only want to backup for instance my Documents/Work folder I can't select in this folder. If you have a solution please tell my. I'm only a normal user and maybe I don't see the obvious solution. Actually I am using rdiff-backup and a luks encrypted external hard drive.
By the way: I'm using an encypted home since Jaunty without having any problems. Thanks a lot!
Steffen:
ReplyDeleteI think your new comment describes a different scenario than your first comment so I'm not sure I can give you an answer that makes sense because I'm no longer sure I understand what you want to know.
-jef
Encrypted home, wonderful. Thank you for the clear and instructive article
ReplyDeleteWhere I really need encryption is on a pendrive Ubuntu installation. Home directory encryption does not work out of the box on a pendrive created with the desktop utility on the menu item "USB Startup Disk Creator" on 9.10.
Booting from the pendrive, the command "adduser –encrypt-home foo" creates a home directory which is encrypted, but the new user cannot log in. The login process hangs in some gdm "worker" routine, and the login screen reappears. The gdm process for the new user is still there when another user logs in.
Would this perhaps be different if running usb-creator from the command line and adding the option "--safe"? Can't find what the --safe implies.
Rgds, Jon Eliot