This was something handy I discovered yesterday that I thought I might share. I'm running Ubuntu 8.10, but it might work fine with other versions too.
If you have a user on your laptop, such as one you use for work related material, that you want to secure...but you don't want to encrypt the whole drive, this is for you.
Quickly and not in too much detail you can do the following:
- create a new user (let's call him or her 'work')
- download and install TrueCrypt. There is a .deb package for it that's easy to install.
- create an encrypted file/disk image (not partition). You'll find the instructions for how to on the web. Make it ext3.
- in my case I called the file workimage.tc and placed it in /home, but you can place it anywhere as long as the 'work' user owns it and can read and write to it.
- edit /etc/gdm/Init/Default after:
...add the line:Code:#!/bin/sh # Stolen from the debian kdm setup, aren't I sneaky # Plus a lot of fun stuff added # -George PATH=/usr/bin/X11:/usr/X11R6/bin:/opt/X11R6/bin:$PATH OLD_IFS=$IFS
Now when you boot the computer, just before the login screen you'll get a popup asking you for the password for workimage.tc (it also asks when switching users...or complain that it's already mounted if it is). Pressing Cancel on the password prompt will go on to the login screen, letting you use the other users without mounting the truecrypt image.Code:truecrypt /home/workimage.tc /home/work
It's pretty easy to setup, and lets you run a mix of encrypted and non-encrypted users on the same machine.
It is not 100% secure though, as you're only encrypting that users files and settings, and not your logs or swap space. For that you would need whole drive encryption. The 'work' folder itself should be 99.99% secure provided you've used a long random password (and nobody captures you and tortures the password out of you).
Hope someone finds this usefull...