Page 1 of 3 123 LastLast
Results 1 to 10 of 21

Thread: Using TrueCrypt to encrypt one users home folder...

  1. #1
    Join Date
    Nov 2005
    Location
    Oslo, Norway
    Beans
    205
    Distro
    Ubuntu 12.04 Precise Pangolin

    Using TrueCrypt to encrypt one users home folder...

    Hey,

    This was something handy I discovered yesterday that I thought I might share. I'm running Ubuntu 8.10, but it might work fine with other versions too.

    If you have a user on your laptop, such as one you use for work related material, that you want to secure...but you don't want to encrypt the whole drive, this is for you.

    Quickly and not in too much detail you can do the following:
    - create a new user (let's call him or her 'work')
    - download and install TrueCrypt. There is a .deb package for it that's easy to install.
    - create an encrypted file/disk image (not partition). You'll find the instructions for how to on the web. Make it ext3.
    - in my case I called the file workimage.tc and placed it in /home, but you can place it anywhere as long as the 'work' user owns it and can read and write to it.
    - edit /etc/gdm/Init/Default after:
    Code:
    #!/bin/sh
    # Stolen from the debian kdm setup, aren't I sneaky
    # Plus a lot of fun stuff added
    #  -George
    
    PATH=/usr/bin/X11:/usr/X11R6/bin:/opt/X11R6/bin:$PATH
    OLD_IFS=$IFS
    ...add the line:
    Code:
    truecrypt /home/workimage.tc /home/work
    Now when you boot the computer, just before the login screen you'll get a popup asking you for the password for workimage.tc (it also asks when switching users...or complain that it's already mounted if it is). Pressing Cancel on the password prompt will go on to the login screen, letting you use the other users without mounting the truecrypt image.

    It's pretty easy to setup, and lets you run a mix of encrypted and non-encrypted users on the same machine.

    It is not 100% secure though, as you're only encrypting that users files and settings, and not your logs or swap space. For that you would need whole drive encryption. The 'work' folder itself should be 99.99% secure provided you've used a long random password (and nobody captures you and tortures the password out of you).

    Hope someone finds this usefull...


  2. #2
    Join Date
    Apr 2008
    Location
    Missoula, MT USA
    Beans
    137
    Distro
    Kubuntu

    Re: Using TrueCrypt to encrypt one users home folder...

    Sweet!
    I was messing with this idea a few months ago and couldn't make it work.
    Thanks for the tip!

  3. #3
    Join Date
    Jul 2007
    Beans
    Hidden!
    Distro
    Ubuntu 9.04 Jaunty Jackalope

    Re: Using TrueCrypt to encrypt one users home folder...

    How does this differ from requiring a password at login?

  4. #4
    Join Date
    Apr 2008
    Location
    Missoula, MT USA
    Beans
    137
    Distro
    Kubuntu

    Re: Using TrueCrypt to encrypt one users home folder...

    Quote Originally Posted by yogo View Post
    How does this differ from requiring a password at login?
    The password is not for authentication, it's needed to decrypt the "work" user directory. If you don't want to log in as that user, simply don't put in that password and the work user directory remains encrypted while you log in as a different user.

  5. #5
    Join Date
    Jun 2006
    Location
    Switzerland
    Beans
    Hidden!
    Distro
    Kubuntu Jaunty Jackalope (testing)

    Re: Using TrueCrypt to encrypt one users home folder...

    why not just simply use full disk encryption?

  6. #6
    Join Date
    Nov 2005
    Location
    Oslo, Norway
    Beans
    205
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Using TrueCrypt to encrypt one users home folder...

    If you have an installed and configured system and don't want to install the whole thing again, encrypting just the user folder could be a way to do it. That was my reason for trying it anyway, that and curiosity.

    Other reasons might be perforamnce, doing it this way lets you pick between security and performance. Log in as the encrypted user for the secure stuff, and as an ordinary user for performance. And if you share the computer with others, and you want to keep your stuff private I guess.

  7. #7
    Join Date
    Jun 2006
    Location
    Switzerland
    Beans
    Hidden!
    Distro
    Kubuntu Jaunty Jackalope (testing)

    Re: Using TrueCrypt to encrypt one users home folder...

    Quote Originally Posted by ragtag View Post
    Other reasons might be perforamnce, doing it this way lets you pick between security and performance. Log in as the encrypted user for the secure stuff, and as an ordinary user for performance.
    only problem is that there will be parts saved that are unencrypted...

  8. #8
    Join Date
    Nov 2005
    Location
    Oslo, Norway
    Beans
    205
    Distro
    Ubuntu 12.04 Precise Pangolin

    Re: Using TrueCrypt to encrypt one users home folder...

    Yes, that's true. If you want high security, you should encrypt the whole drive, swap and all.

  9. #9
    Join Date
    Jan 2008
    Location
    Croatia
    Beans
    23
    Distro
    Ubuntu 9.04 Jaunty Jackalope

    Re: Using TrueCrypt to encrypt one users home folder...

    I did exactly the same thing and it serves my purporse, however, I would like tc to unmount after I log off or on shutdown (seems kinda messy to leave volumes mounted during shutdown).

    Does anyone know where to put "truecrypt -d" to do this?

    PostSession folder in /etc/gdm doesn't work, as it gets executed while the user is still logged in...

  10. #10
    Join Date
    Nov 2007
    Location
    Sweden
    Beans
    2,182

    Re: Using TrueCrypt to encrypt one users home folder...

    I'm still not sure if TrueCrypt is safe to use. Is it?
    Operating system: Debian Wheezy 7.0.
    Computer: Celeron 2 ghz laptop, 2 GB RAM.
    Linux user since -99.

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •