Re: Encrypted partition backups.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Bill Davidsen wrote:

Robin Laing wrote:
OK, now it is an option to create encrypted partitions with F10 during install. With this, the issue of backups gets changed and I wonder how people are dealing with it.
I am about to install a system where each users home directory will be encrypted and mounted on login and unmounted on logout.
Now the question comes to how to make automatic backups of these encrypted partitions when they are not mounted. This has to take into account that the backup needs to be as secure as the original users directories.
Is there a tool that allows partition backups of only the changes as with incremental backups? Do we just have to clone the partition and make copies of that each time?
It is a question that I have posed to our IT staff and they have not thought about it either.
What you want is a copy-on-write system to record the changes. Too bad you didn't go the whole way on security and run each users in a virtual machine. Then you could make a COW image of the partition, let the user run with that, then back up only the changed pages. When the backup gets large, commit the changes and take a "full" (whole partition) backup, and make a new working COW image for the user to use.
I do similar with development VMs, make some changes, run with it a while to see that they were *good* changes, then commit. Each day I back up only the differences between the reference image and the working image.
As nothing is set in stone yet, this sounds like a good idea. The question is about the security of the individual files using this system. The knowledge to anyone that may be watching the network on if there is 1 or 100 files being updated.
Any by file backup may provide details that may not want to be revealed. It is a tough question to look at. 

One of the reasons to start looking at it before things are finalized.
User home directories will be encrypted and mounted on login. That is already confirmed as presently home directories are mounted on login. 

--
Robin Laing

--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux