PDA

View Full Version : Applications -> System Tools -> Setup Your Encrypted...



susecmail
13-Apr-2015, 11:38
So, I noticed the link, "Setup Your Encrypted Private Directory" and thought, GREAT! This is exactly what I wanted; however, before I did the security update, when I clicked on this, it did nothing. After the update, I clicked on it again and it pulled up a terminal and had me pick out my super secret encrypted private directory passcode, which I did. Then it flashed a message and close within half a second, or faster, I did not have time to read what it said. So, thinking I might have an encrypted private directory, I rebooted and... nothing. Did I do something wrong or is there another step? And, what did that message state that I did not have time to even read the first word? Does anybody have experience with this?

mikewillis
13-Apr-2015, 22:13
So, I noticed the link, "Setup Your Encrypted Private Directory" and thought, GREAT!

Where did you notice this link?




This is exactly what I wanted; however, before I did the security update, when I clicked on this, it did nothing.

You mention 'the security update' in another post. What is 'the security update'? It seems like you think it has some significance but you provide no detail of what it is. There are many security updates.




After the update, I clicked on it again and it pulled up a terminal and had me pick out my super secret encrypted private directory passcode, which I did. Then it flashed a message and close within half a second, or faster, I did not have time to read what it said. So, thinking I might have an encrypted private directory, I rebooted and... nothing. Did I do something wrong or is there another step? And, what did that message state that I did not have time to even read the first word? Does anybody have experience with this?
What does "rebooted and... nothing" mean? You rebooted and nothing happened, like your machine no longer boots? You rebooted and can no longer log in as the user who's home directory you encrypted? You rebooted and didn't notice anything different? Other?


Encrypted home directories can be set up for new and existing users in YaST as described at

https://www.suse.com/documentation/sled-12/book_security/data/sec_security_cryptofs_y2_homes.html

https://www.suse.com/documentation/sled-12/book_sle_deployment/data/sec_y2_userman_adv.html#sec_y2_userman_adv_crypto

I've never tried it myself. Personally I wouldn't try enabling it for my own pre-existing home directory without a backup of the home directory and having tried it on a disposable user first.

mikewillis
14-Apr-2015, 09:00
Where did you notice this link?

I just realised the answer to that is probably the subject of your post: Applications -> System Tools -> Setup Your Encrypted...
However that doesn't exist on the machines I'm looking at.


I just tried encrypting a user's home directory. It seems to have worked OK, even though I was logged in as the user at the time. I didn't see any messages that flashed up and closed before I had chance to read them.

There's now a .img file in /home


$ ls -lh /home
total 215M
drwxr-xr-x 1 root root 832 Apr 14 08:37 mike
-rw------- 1 mike root 1001M Apr 14 08:46 mike.img
-rw------- 1 mike root 288 Apr 14 08:42 mike.key
$
/home/mike still contains all my files. So encrypting home directory has left behind the original unencrypted version. I guess that's good and bad. Good because it hasn't trashed the original so if the encryption went wrong you've not lost anything (though you should have backup anyway of course), bad because there's unencrypted versions of your files still on disk.

If I log in as mike then run mount I see

$ mount | grep mike
/dev/mapper/_dev_loop0 on /home/mike type ext3 (rw,relatime,data=ordered)
$
Everything that was in /home/mike has been copied to this new home directory. I was careful to specify a size for the encrypted home directory large enough to accommodate all the files in /home/mike, I don't know what happens if you specify a size smaller than the current content of the user's home directory.

If I create a new file HELLOWORLD in my home directory, then reboot, log in as root and look in /home/mike the HELLOWORLD file isn't there. If I log in as mike the HELLOWORLD file is there. Thus demonstrating that the encrypted version of mike's home directory is being used when mike logs in.

Your didn't specify SLED version but I've assumed SLED 12 since your other recent posts refer to SLED 12.