Ubuntu Security :: Recovering Ecryptfs Partition From RAID Arrary ?
Jun 3, 2010
After a disastrous upgrade to 10.04 I am at my wits end trying to recover my /home partition from my unbootable system. The /home partition is part of a RAID5 array across 4 disks and I've been trying to use some disk imaging tools from Ultimate Boot CD to recover it with, but none of the utilities seem to recognize or will let me work with my multi-disk device.
Currently I've been booting up with a Live CD in attempts to mount the encrypted partition then copy all the files to an external device I bought, but the mounting process has presented me with some problems. The partition in encrypted with ecryptfs and I have both the disk's passphrase as well as an FNEK signature to work with. Attempting the following:
Another small issue is the cipher I used. I don't remember which kind of encryption the disk is encrypted with (80% sure it's aes though). I assume figuring out which cipher I used will be more like a guessing game through the ecryptfs mount prompt, but I'm wondering if this would affect the error message I get.
I have recently recovered from an HDD failure on my Drobo. One of the disks died and corrupted the entire array (which is not supposed to happen). I have since managed to copy the data off onto smaller disks and after replacing the failed drive, have copied everything back.
Now that im up and running again, i was wondering how this situation would play out on encrypted disks, or in the case of a drobo a large encrypted partition (as you cannot encrypt the entire array).
Would i still be able to recover the data if i were to encrypt it? It is a 4.2TB array, and i assume that I would need to copy the data in its entirety to recover it, so using multiple smaller disks would be out of the question right?
I recently had to install ubuntu 10.10 through wubi because my olde ubuntu broke after a failed upgrade. Now I am quite happy with everything in 10.10 except I can't get to the files in my olde home folder because I chose the home folder encryption option in the installation process. How can I recover my home folder? They all seemed to be recovering from another user not another partition.
On a fresh karmic install, I have a user account with ecryptfs enabled home directory. I want that directory to be secured when I log out.
I have two administrator accounts, user1 and user2. I log in as user1 (with ssh, will test regular logins tomorrow), /home/user1/.Private gets mounted to /home/user1, everything is fine. I log out.
I log in as user2, and /home/user1/.Private is indeed unmounted. But I can do
Code: sudo su - user1 which will ask me for the password of user2, and then I am logged in as user1, /home/user1/.Private is again mounted, without ever typing the password of user1. On the other hand if I invoke Code: ecryptfs-umount-private
I'm getting "Low Disk Space" warnings in Ubuntu 10.04, because of eCryptfs, which somehow manages to eat up twice as much disk space as an unencrypted partition normally would.When I click "Examine" this is the picture that I see:(the blurred out part is my username of course)Why is this happening?And most importantly, what can I do about it?Does Ubuntu expect me to buy twice as much disk space just to encrypt it?!
I have an ecryptfs partition on a usb drive, system runs Debian squeezeWhat I'd like to have is that when I connect the drive it will be auto. mounted and I'lleither have to enter the passphrase or it will already be in the keyring (even better).It seems ecryptfs can auto-mount a directory but I want to auto-mount an entire encryptd partition. Is this possible?.Also, can I have another encrypted directory, say ~/Private, at the same time or can ecryptfs handle only one at a time?
So I've pulled two hard drives out of my busted windows xp system (dead mb) and I'm trying to get some data off of them. The drives are in raid 0, so my friend told me that I might be able to do something if I use linux. Some late night searching on the internet directed me to a few resources, one of which was this forum. I've tried 2 methods, neither of which have worked.
ubuntu@ubuntu:~$ sudo mdadm --detail /dev/sdb mdadm: /dev/sdb does not appear to be an md device
ubuntu@ubuntu:~$ sudo dmraid -s /dev/sdb: "sil" and "hpt45x" formats discovered (using hpt45x)! ERROR: sil: wrong # of devices in RAID set "sil_agafdhcebccj" [1/2] on /dev/sda ERROR: removing inconsistent RAID set "sil_agafdhcebccj"
I've got some files for work that I'd really like to get off there. I've played with unix a bit in college and I've ran ubuntu before, but usually using the GUI, so a lot of this stuff is over my head. But from what I gather, my system thinks that one of the drives isn't a raid drive?
if it's possible to use a white or blacklist to control which folders are ecryptfs encrypted when you're using the "encrypted home folder" option.
Of course I can always create an extra folder outside of my ~ and then symlink what I don't want encrypted into it, but I'd rather that it's possible to create like, ~/.ecryptsfs/excludelist with a list of paths that shouldn't be encrypted.
I'm testing my ability to recover a failed disk on a three disk software RAID 5 setup.
I have used a 10.04 alternate install disk to setup a three disk RAID 5 array according to this: [URL]. This is for a RAID1 setup. I followed it exactly except that I performed the steps on three drives rather than two and selected RAID5 instead of RAID1. Each disk is 500GB and has a 26 GB swap partition and the remaining space on each disk set as / with the boot flag on.
I installed the OS on my array and everything boots without a problem. After I booted up I started a terminal and ransudo dpkg-reconfigure mdadm to set the boot degraded to true and rebooted.
Next, I shut down the computer, disconnected the power on drive 1 (sdb) and then tried to boot. I get this (not verbatim):
mdadm: CREATE user root not found mdadm: CREATE group disk not found raid5: raid level 5 set md0 active with 2 out of 3 devices, algorithm 2 mdadm: /dev/md0 has been started with 2 drives (out of 3)
*then a list of common problems and then:
ALERT! /dev/disk/by-uuid/bunchanumbersnad letters does not exist. Dropping to a shell
Then it dumps me to initramfs. MD0 is the swap partition. At this point I don't know what the heck to do. I'm skating on the edge of noobidity and this is pretty much over my head.
I want to use this server as a virtual machine server and the desired behavior would be that, if a hard drive should fail, the server would alert me via email and continue to run in a degraded state.
Is it even possible to install the OS on the array and run it degraded? Given the desired behavior, should I be looking at something other than RAID5? My client is broke so I'm trying to avoid a hardware RAID if I can do it.
I recognize that this isn't the typical question, but I have a problem with my OpenSUSE webserver, and I thought I would prevail on the community for some guidance. I have this webserver with an important MySQL db on it. The RAID array seems to have died while I was moving. (did someone drop it? dunno) Now it can't find any boot device. It has 4 old SCSI drives.
So, I know how to mount a IDE or SATA drive as a slave, in a Linux environment to read data off of it (to copy the MySQL files off of it.) But, how do I do that with a SCSI drive? Also, I have an additional (identical) server to the crippled one. What will happen if I just slide one of the scsi drives into the operating server? Is this second identical server going to help me at all? I don't even know what is on it. Can I reconfigure the RAID, so it's not using a drive, and then slide in a disk from the crippled server, and copy the data off of it?
I had a RAID1 'device' build on two physical partitions on two drives. One of the disk controllers died and software RAID did the job - now I am working on the degraded array.
Now I want to put the old disk (sdb) back, and I am not sure what will happen. Both disks have 'raid auto' partitions. And sdb file structure from before of the failure. The raid code will find inconsistency between both partitions. What will it decide? Will it start coping from the currently running system (sda) all the data to the old one (sdb) at the boot time, as I wish?
I don't want to it to write from the old one to the new one, as some months passed and lots of changes happened to the data.
I recently installed 32bit maverick and wanted to make it login automatically. I tried enabling auto login from Admin > Login but that didnt work and I was still prompted for my password. Then I went to Users & Groups and changed the password option to Do Not ask for password at login now after I reboot, the user list is shown (only 1 user) and it doesnt ask for password after I click on my username.
However, then it gives a few errors (as i vaguely recall):
1. cannot load .ICE directory in my home directory 2. some error 256 about a gconf-sanity-2 file 3. nautilus cannot load my home directory etc
and then it gets stuck without loading anything (blank wallpaper). i ve tried navigating to my home directory using Alt F2, gksudo nautilus and my home dir contents are encrypted by the ecryptfs (there is a readme.txt file and a shortcut). i have tried to decrypt but it doesnt work... i ve also tried to start/stop gdm, and startx but nothing works. if i stop gdm, then the prompt doesnt recognize my password and keeps on rejecting the commands i enter... I think this has something to do with the home dir not being decrypted due to the dont ask for paswd option... how can i disable the dont ask for pwd without the gui (i can access my / by booting through an external usb).
I have a 64-bit HP G60 Notebook and I installed Ubuntu 10 The problem is that if i want to recover Windows 7 from the Partition I can i pressed Esc and selected Recovery but it said wrong filesystem then when booting Ubuntu i wend down to Windows Vista Loader and it opened HP Recovery but said there was a problem. I want to get Windows 7 back with all HP Factory software installed
I'm using a friend's wireless connection. Unfortunately, she can't remember what the security key is. I've used it before on vista and that is how I can access the internet now, but I would rather be using ubuntu. Is there a way to read the key from windows, so I can put it into ubuntu? When I open the security tab of the connection's properties dialogue, the key is obscured and the "show characters" option greyed out. Even opening the admin account doesn't change this.
After realizing 10.04 Final doesn't support Intel 855 graphics card the hard way (upgrading to 10.04 from 9.10), I did some very silly things and now cannot even choose past kernals or go into failsafe graphics mode (which had worked prior to this).Long story short I screwed up GRUB. Because I am an amateur end user.I still have the 10.04 live cd. Can I reinstall this to put GRUB back to the original state?
I just installed kubuntu 10.10, replacing an older installation. I have three hard drives one of which had all of the data I wanted to save, about 500gb. I repartitioned and formatted the other two drives and made sure that the data drive would be mounted but not formatted. When I booted into my new installation, the data drive was blank. I'm not sure if it's relevant, but I had just upgraded the file system from ext2 to ext4 before starting the installation.
I've been trying to recover my lost partition with testdisk. The website has instructions for recovering a formatted partition. It looks like it's working until the instructions tell me to choose Boot and RebuildBS, which I don't see as options. Can anyone give me any advice on how to recover? How did this even happen? Has anyone had a similar issue with installation?
Let's begin from the top. I have a relatively new laptop that I've been running Ubuntu on (along with a little-used Windows boot). Picked it up in November or so, installed the current "latest" version of Ubuntu at the time (9.10). I have been doing incremental upgrades, and it's been progressively breaking down more and more. Yes, this includes 10.04.
After GRUB stopped working, I decided it was time to try a reinstall from the top. I told it to leave all the other operating systems alone and do a full reinstall.
Fortunately, I had managed to stuff most of my current work in duplicate locations during this whole debacle, somehow. Don't ask me how I managed to do that when GRUB wasn't working. However, when I installed, I conscientiously said "Oh, yes, Ubuntu, encrypt my home folder! I love privacy!" As a result, about... 30 gigabytes of useful (but ultimately re-downloadable) material is rather inaccessible at the moment. When I try to boot the old system using the newly fixed GRUB, it goes into kernel panic. This seems like a no-go.
I have a saved hojillion-character long passphrase for decryption from my install back in November. Conscientiously saved in the case of just such an emergency.
I read this how-to and followed it to the letter as far as I could tell, trying to mount with ecrytfs to recover my data.
[USERNAME] here is a proxy for my actual username. Yes, the location of my old home folder may seem a little bizarre.
Code: sudo mount -t ecryptfs /media/c82ca9fe-2b15-4aca-a98d-6482b1d80a32/home/[USERNAME]/ /home/[USERNAME]/oldhome Passphrase: Select cipher: 1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
I recently accidentally corrupted my windows vista partition whilst trying to extend it via gparted under ubuntu 11.04 and then cancelling it shortly after starting. Resulting in me being unable to boot into vista (I don't have another copy of any windows OS so I'd really like not to have trashed this one )
Looking on gparted now my partition is Fat32(?) and apparently only has 36mb used =/
I recently suffered a hard disk failure, meaning I had to replace the faulty device. After attempting to mount the old faulty hard drive using and external caddy, I got the following message... Unable to mount 144 GB Filesystem Error mounting: mount: wrong fs type, bad option, bad superblock on /dev/sdb5, missing codepage or helper program, or other error In some cases useful info is found in syslog - try dmesg | tail or so
I'd like to attempt to recover what I can from my /home directory but unfortunately I use encryption (although I do actually know my pass phrase). What procedures and software can I use to try and recover data from this drive?
I have been using fedora 12 for last 6 months, recently I bought an external USB hard drive of 320 GB capacity. I made 2 partitions using the Disk Utility in Fedora. I encrypted the first partition as it was supposed to hold a lot of sensitive data, and yes it did have. Now I had to change my OS to AV linux for some audio-video editing work which wasnt being done properly on fedora due to some issue beyond my knowledge. now the problem is my encrypted partition is not accessible in my new installation. I see an empty space on my /dev/sda1. although no change to partition data has been done and the data on the second partition /dev/sda2 is easily accessible. when putting the drive on automount, is does not ask me for the password and neither does it show me the data. I have tried fdisk and sme other utilities but have failed to get my drive unencrypted.
I was trying to delete a logical drive in windows xp and the damn disk management tool in windows not only deleted my other windows partition but also my linux /data ext3 partition. Now I have a unallocated space in place of these partitions. The data is still there but the entries in the partition table have been removed. So how do I recover my partition. I was trying to use the following tutorial. [URK]
I used the sudo parted /dev/sda -- and then rescue START END command and could get back the /data partition. But it gives me the following error while mounting the partition. mount: wrong fs type, bad option, bad superblock on /dev/sda7, missing codepage or helper program or other error. In some cases useful info is found in syslog - try dmesg | tail or so.
What does this mean. How to I fix this? Also when I try to recover my windows partition using parted it scans for a while and then does nothing. It doesnot ask for writing the lost partition in the partition table. What do I do?
I had a tri boot of Win 7 /XP and Mint...I was using EasyBCD 2.0 as a boot manager...I booted Mint by configuring the NeoGrub option in Easy BCD..I wanted to uninstall Win 7 and so what I did was the following
1. Edited BCD bootloader settings ...Marked XP as my default and deleted Win 7 entry...
2. Logged out and wiped my Win 7 partition
With my fingers crossed , i rebooted but Easy BCD booted flawlessly with 2 choices XP and Mint(GRUB)...As Easy BCD is not meant for XP, I thought of restoring original NTLDR of XP so that things would be in place and thinking that this cud avoid problems of detection by other Linux OS I deleted manually the Easy BCD menu.lst file and NeoGrub.mbr in my root...That was it , after I rebooted, I got boot screen of EasyBCD but whichever option I select,I got an error message that address not Valid-NTLDR not found or something like that I booted my XP live CD and like many times before ran
1.Fixmbr 2.Fixboot 3.bootcfg /rebuild
After that , now when I reboot , I am getting "Invalid Partition Table" On booting from a linux CD , I can see the files are in place..I have to get boot sector and partition table fixed...
I've tried to resize my home partition using parted. Prior to it I had removed ext3 flags following some advices found on net. Resizing failed and I ended up with filesystem bigger than partition. Then I managed to enlarge the partition using fdisk but it didn't help. When I run fsck on it it prints:
Code: fsck from util-linux-ng 2.16.2 e2fsck 1.41.9 (22-Aug-2009)
Something bad happened to my partition table,so right now I'm working from a Live CD. My partition table is completely screwed, although the data on the lost partitions hasn't been overwritten. I've been messing around with TestDisk for about an hour, but I still didn't figure out how to fix my problem. Before the crash, I had 5 partitions:
NTFS - 30GB NTFS - 8GB ext4 - 20GB
and here comes the extended partition:
linux swap - 8 GB NTFS - 400GB
TestDisk can see all those five partitions. I can mark swap as Logical, but I can't do so with the 400GB NTFS partition - there is just no selection. Turning on "expert mode" didn't help. I have read about using sfdisk to fix partition table, but I don't think I'm able to do it by myself.
Here's how it looks in TestDisk:
Disk /dev/sda - 500 GB / 465 GiB - CHS 60802 255 63 Partition Start End Size in sectors D HPFS - NTFS 0 1 1 3915 254 63 62910477 D HPFS - NTFS 3916 0 1 4959 254 63 16771860 [Windows XP]
I've filled sizes according to TestDisk's findings. First 3 partitions were OK, the problem lies in the extended partition holding 2 logical ones. By the way, TestDisk is able to enter the 400gb partition and see the files.
I have an external USB hard drive that I need to recover some data from, but I see from fdisk -l that the partition uses LVM:
[root@localhost ~]# fdisk -l /dev/sdd Disk /dev/sdd: 160.0 GB, 160041885696 bytes 255 heads, 63 sectors/track, 19457 cylinders Units = cylinders of 16065 * 512 = 8225280 bytes
I've followed various lvm tutorials all of which describe setting up lvm from fresh on empty disks. Unfortunately non mention how to 'install' new a drive that was previously set up with lvm. I have had a go anyway and may have now lost my data. Here's what I've ended up with (the partition in question is sdd1):
[root@localhost ~]# pvdisplay --- Physical volume --- PV Name /dev/sdd1 VG Name vg02
I've tried mounting with other fstypes, but all give the same error.
I didn't know a resize operation on a 750 GB disk was going to take 40+ hours, and I was biting my nails the whole time, until the power went out when "only" 8 hours where left.I can still mount the partition, and many of the files are still there, but some files show as '? ? ? ? ? filename.ext' with ls -l.If I try to go inside such a directory: Input/output error.
following problem. A friend phoned me in despair. Her Ubuntu didn't start any more - ASUS-Laptop switched on stops at a ramfs-prompt. I started Puppy-Linux from DVD-Drive. Worked fine. But puppy can't mount her /dev/sda1 partition either. At least you can see that the partition is still there. Fsck stops with an error. May be the initial problem is a sort of bad hardware by which bad bytes were written to the hard drive. Hard drive and/or memory could be replaced but not the data.
I was trying to install Debian 5.04 on a Mac G4, and in typical geek tradition, I didn't RTFM. During installation, I nuked all existing partitions, creating new to my liking. But as I learned later during the installation process, yaboot needed a NewWorld partition, so I can't boot the installation. I don't have any OSX CDs with me (this is a used G4 I purchased of craigslist) with which to create a HFS partition.I've re-run the Debian installer, which lets me create a partition that is supposed to be of type 'NewWorld', but the installer does not seem to like it or recognizes it.