Ubuntu Security :: Move To Encrypted Home Directory Not Losing Data?
Jul 20, 2011
I am running ubuntu 11.04 I'd like to encrypt my home folder. - how can it be done, without creating new user/starting from scratch. -I'd like to keep all the files and desktop settings - the only change should be that the folder is encrypted now.
What are the steps I must take to move my existing home folder to a separate, encrypted partition? Can I create this partition without damaging my current partition? Where is a trusted location to download App Armor profiles? What else can I do to harden the security of Ubuntu?
my CPU passed away, got a new system, installed a new 9.04 and blew it up to studio. have 2 new disks and my old raid 0 lvm. mounted is ( lvdisplay) , user rights fixed fine. I do have my old login name and passwd in a book. How can I open the data it was the old encrypted home directory. I have an icon "Acess your private Data" and something called link to Acess Your private data. There I can read link (broken) so the broke link is sorted out, as i do have now a directory in my home with the same name as it has been, /home/coconews/ and that is fine
If I wanted to transfer a home folder that was encrypted to another ubuntu computer could I? If I had a separate home partition that was encrypted, but I wanted to upgrade ubuntu to the latest version by doing a clean install is there an easy way so that I can still read the data encrypted with the old version?
I have Ubuntu Karmic. I chose to install with an encrypted home directory. Recently I got a warning that I only had 2GB of drive space left. This is mostly because of my videos. So I went and bought a new hard drive and partitioned it and made 1 ext4 partition and copied my videos all to the new hard drive. I added a line in my fstab to mount the new hard drive to ~/videos, but when I reboot the computer, there is a screen saying something like "error mounting /home/me/videos, press S to skip or something else to reboot". If I press S to skip, then when my system comes up there is a video directory but it's empty because my other hard drive didn't get mounted. I can run sudo mount /dev/sdb video/ and it will mount fine and I can see all my videos, so why can't fstab mount it? Does this have something to do with my encrypted home directory?
so, after long time of succesfull use of kubuntu, i encountered a 1st major disaster yesterday while using kphotoalbum. It has somehow frozen my machine in so mighty way, that it apparently corrupted a directory with majority of my pictures , which now appears to be empty .My home lies on a separate partition, its encrypted aand using btrfs and I am using kubuntu 10.10. So, could anyone give me some clues how to unencrypt my home partition, that i could obtain an image of partition or whatever else usable for photorec to check for pictures?
Around six months ago (last time I reinstalled Ubuntu 9.10), on a whim I decided to check that option to "encrypt [my] home directory". I wanted to see what it was like. Mistake. Since then, I've been unable to figure out how to access the data in my home directory using any method besides booting the computer (usb drive, rip-out-and-stick-it-in-an-enclosure, etc.). Specifically, I find that shell script sitting there that tells you to run it in order to see your files, but it gives some kind of error. I also still have the code Ubuntu tells you to write down in order to decrypt your files.
Fast forward to this past week. I brought in the laptop to Best Buy for repairs to the hinge (the hinge! Ace Hardware could fix this problem! But I wanted to make full use of the service plan.), and I got a phone call a few days later, saying that it hit Best Buy's "No Lemon" policy. They were going to keep my computer and give me in-store credit toward a new one. Of course, I refused to pay ~$70 for them to back up my data for me; what could possibly happen to it when they were fixing a hardware problem?
Anyways, I pleaded with them for my hard drive back, and they said that they could ship the hard drive back to the store so I could get my data off of it. I'm planning on going in there with my external backup hard drive and an external enclosure and doing it myself at the counter (If they charge $70 to back up a Windows partition, how much more will they charge for an encrypted Linux one?). I don't want to embarrass myself by standing around and not being able to get into my own data.
I ran fsck on the wrong partition (which was mounted) and in my haste blew up the file system on that partition. Now here's the kicker, I had 450Gb of data and documents on that partition that was in an encrypted home directory. So the long and the short of it I ran fsck again and I was able to recover all the files, and they are now residing on a Lost+Found folder on my hard drive.I have located the encrypted files, but I don't know what to do with them.
I tried upgrading to 10.04, and now when it boots it just goes into a grub2 terminal and doesn't display a boot menu. I tried re-installing grub2 from the live cd, but that didn't do anything. I figured if I've hosed the last install I'll install from scratch, but I can't even access my files from the live cd! I did a bit of searching and everyone seems to just encrypt ~/Private, whereas I've encrypted the whole home directory. So much for security... In the live cd, it has a readme.txt and says to type "ecryptfs-mount-private" to access the files, but it just gives the error "ERROR: Encrypted private directory is not setup properly". What do I do?
Ubuntu 10.04 (64)I have a second drive (currently mounted as /disk2).I want my home directory (/home/jb) to include this second disk as JUST a separate 'folder' accessible from my home area.want the data on the second disk to be encrypted, (just like my /home/jb folder is now).I would prefer to 'blend' the second drive into my existing setup.I'm looking for the safest way to achieve this, don't mind editing fstab etc. or getting my hands dirty on the cli.
I installed Ubuntu Server because I want to learn Linux and I want to learn about servers. I did a newbie tutorial and then shut down. When I booted up today, the files in my home directory were replaced by Access-your-private-data.desktop and readme.txt, but I have no idea why. I followed the instructions in readme.txt and typed ecryptfs-mount-private. It told me
INFO: Your private directory has been mounted. INFO: To see this change in your current shell: cd /home/rmob
But if I do ls /home/rmob, it still shows me Access-your-private-data.desktop and readme.txt instead of the files I created there yesterday. Every time I reboot, it tells me
keyctl_search: Required key not available Perhaps try the interactive 'ecryptfs-mount-private'
If I try ecryptfs-mount-private again, it still tells me it has mounted it, but still just shows me those same two files. Googling about this tells me this means the directory got encrypted somehow. I tried typing touch ~/.ecryptfs/auto-mount which I found in this tutorial, but it didn't make a difference and I can't find any other solution anywhere.
During the installation of Ubuntu Karmic, I picked the option that encrypts my home directory.
A few questions:
(1) Shortly after installation, I was asked to run a command to print a key necessary for data recovery from a rescue CD. I didn't run it at the time and am now looking for the command to run. What is it?
(2) I think I read somewhere that this also encrypts swap. Great. Correct me if that's wrong.
(3) If I suspend the machine, is my home directory encrypted? That is, if I have this on a laptop and travel with the suspended laptop and someone steals it, are my data safe, or not?
(4) I assume the weakest point in the system is my relatively short login password (but I think the install tests it and found it okay). Is there a recommendation how long this should be?
Apparently after an upgrade, I lost access to my encrypted home directory. Looks like upgrade scripts changed the scripts that mounted my encrypted home directory. As I don't have my ecryptfs password handy, is there any way to revert the things back as they were? I have liked Ubuntu all the way but after this upgrade-mess-up, I might change my view.
I had errors pop up when I tried updating my 10.10 to 11.04 so I ended up having to do it from a Live USB which installs it over everything (fine by me).Unfortunately I forgot I had an encrypted /home directory. So various messages and stuff came up when I tried to log in.nfortunately I don't remember what my encryption passphrase is offhand, so I moved it to a slightly different folder name and had to have a new directory created for my username.It's still there, but how can I try to open it trying the various versions of the passphrase I think it may be? Can I double-click it and try?Also, in the future what is the best way to handle a "fresh" install that I want to connect to my encrypted /home directory?
I am having a problem setting up an encrypted home directory with openSUSE 11.3. I used Yast User and Group Management to edit an existing user to encrypt the home directory and the user.key and user.img files were created in the /home directory. I tried it out and logged in as user and created a new file. I logged out and logged in as a different user and was able to see the newly created file in the first users home directory.
I figured I did something wrong so I went back to Yast and deleted the user. I deleted the /home/user directory using file manager su mode. I tried again to create a new user with an encrypted home directory using Yast and now when Yast tries to write the changes I get an error: "pam_mount is already setup for user. Use --replace to replace the existing entry." I do not know how to proceed from here except to try with a different user name as I do not understand what the error message means and what command to use --replace with.
Ubuntu 10.04. I've tried every method I can find and none work. Here's what I know...
1. My /etc/my.cnf is ignored. I can even delete it and phpmyadmin continues to work as it did before.
2. If I move /var/lib/mysql and replace it with a new directory (chowned to mysql:mysql so it looks like it's got the same ownership & permissions as the original) I get a write permission problem, e.g.
What I ultimately want to do is used existing database files on a FAT32 partition but I can't even get to first base.
I would like to move the /home directory to a different location, there only seem to be guides on how to move it to it's own partition.
I have a drive (/dev/sda5) mounted as /media/data
I would like to move /home to /media/data/home?
I have tried usermod but get the following error:
Code: test@TestServer:/media/data$ sudo mkdir /media/data/home test@TestServer:/media/data$ ls home lost+found test@TestServer:/media/data$ sudo usermod -dm /media/data/home usermod: user '/media/data/home' does not exist
Ubuntu 10.10 32 bit/ and /storage are on two different partitions. I want to move my home directory to the /storage partition, so I went to System -> Administration -> Users and Groups then Advanced Settings then the Advanced tab. I changed Home Directory from /home/billy to /storage/home/billy. I click on ok and I'm asked if I want to copy all the user's files over to the new location or start fresh. I click, Copy Files. It acts like it's doing something, but all it does is create the home/billy directories inside /storage, but it never copies files over and the next time I go to /home/billy it's still in the old location. What the heck is the deal?
I just installed 9.10 on my laptop and selected the option for home folder encryption. I am running DropBox and placed the DropBox folder on my desktop (meaning it should be encrypted when I am logged out.) So I have two questions: 1) Shouldn't this setup cause my DropBox files on the server to be encrypted? Apparently they are not because they appear as unencrypted text using the DropBox Web interface. 2) If they were encrypted on the server (which doesn't appear to be the case right now), how would it be possible to share them with another client unless the encryption on both clients were set up identically?
I had some major problems after the recent Ubuntu upgrade and had to boot from a live cd. I have a separate /home partition, but it was encrypted using the default install encryption in the 9.10 install cd. How can I get to my files so I can back them up?
I have tried this but it did not work: http://ubuntuforums.org/showthread.php?t=1337693
I'm using 10.04 with encrypted home dir. I think the behavior below is wrong:
I can log in as root and change user's password. After that the user can log in using new password, which is normal, but it can also decrypt its home dir using the new password, which is dangerous. Assume I lost my computer. This encrypted home dir will not protect my private data because whoever gets the computer can boot it up with a livecd and chroot to change my user's password and then boot up my system and log in using new password.
Let's begin from the top. I have a relatively new laptop that I've been running Ubuntu on (along with a little-used Windows boot). Picked it up in November or so, installed the current "latest" version of Ubuntu at the time (9.10). I have been doing incremental upgrades, and it's been progressively breaking down more and more. Yes, this includes 10.04.
After GRUB stopped working, I decided it was time to try a reinstall from the top. I told it to leave all the other operating systems alone and do a full reinstall.
Fortunately, I had managed to stuff most of my current work in duplicate locations during this whole debacle, somehow. Don't ask me how I managed to do that when GRUB wasn't working. However, when I installed, I conscientiously said "Oh, yes, Ubuntu, encrypt my home folder! I love privacy!" As a result, about... 30 gigabytes of useful (but ultimately re-downloadable) material is rather inaccessible at the moment. When I try to boot the old system using the newly fixed GRUB, it goes into kernel panic. This seems like a no-go.
I have a saved hojillion-character long passphrase for decryption from my install back in November. Conscientiously saved in the case of just such an emergency.
I read this how-to and followed it to the letter as far as I could tell, trying to mount with ecrytfs to recover my data.
[USERNAME] here is a proxy for my actual username. Yes, the location of my old home folder may seem a little bizarre.
Code: sudo mount -t ecryptfs /media/c82ca9fe-2b15-4aca-a98d-6482b1d80a32/home/[USERNAME]/ /home/[USERNAME]/oldhome Passphrase: Select cipher: 1) aes: blocksize = 16; min keysize = 16; max keysize = 32 (not loaded)
I've just reinstalled my box with an encrypted home (used the encrypt home option when installing). I have a query in this regard - suppose I lose the box. Won't it be possible for someone to drop into root, reset my passwd and then access my /home. Is there anyway of having a different passwd for accessing /home? My ~ is on a different partition from /.
I have recently recovered from an HDD failure on my Drobo. One of the disks died and corrupted the entire array (which is not supposed to happen). I have since managed to copy the data off onto smaller disks and after replacing the failed drive, have copied everything back.
Now that im up and running again, i was wondering how this situation would play out on encrypted disks, or in the case of a drobo a large encrypted partition (as you cannot encrypt the entire array).
Would i still be able to recover the data if i were to encrypt it? It is a 4.2TB array, and i assume that I would need to copy the data in its entirety to recover it, so using multiple smaller disks would be out of the question right?