2008/12/21 David Nielsen <gnomeuser@xxxxxxxxx>: > /home is seperate on all my boxes, so yes that solution would work. I do > believe Ubuntu' solution is a seperate partition they map to a folder called > Private in your home dir which is unlocked at login. I dont think its a seperate partition, it was just a separate encrypted directory. It works very much like the fuse based stuff, except its kernel space not userspace so it _may_ have a performance boost by being in the kernel. But that comes with a cost compared to the fuse stuff in that userspace manipulation of the mount process is now marginally harder. Personally I'd much rather see a robust way to interact with a fuse based filesystems generally in the Gnome UI than to see a lot of effort to integrate this one kernel based approach just for encryption. The way it was implemented in Ubuntu server takes additional wrapper logic to manipulate the mount process of the Private directory, and from my reading all of that logic was driven into ecrypt-utils helper applications...i think. The original Private directory feature as introduced in Ubuntu was specific to their server edition and was not turned on by default on the desktop edition specifically because of common desktop case integration concerns. There was a patch added to Ubuntu to gnome-mount to hide these mountpoints from the UI. The extension to an encrypted home is meant to address some of the short comings of the pam based approach so normal desktop users can use it without it being confusing. A fully encrypted home would never expected to be unmounted while the person was logged in. And it significantly uncomplicates the problem of trying to use a Private directory for files that applications expect to be in a certain location in your home directory. I also think Ubuntu is creating some glue scripts to help people who upgrade transition from a non-encrypted home to an encrypted home as a one-time transition. And integrating an option in user creation ui. > I have no idea of the > security of that solution but it does seem that this way one could keep a > few files secret while the machine is powered down so if it gets lost in the > airport e.g. those few precious personal files don't fall into the wrong > hands. A private directory on a single user machine, the security is fine, unless Ubuntu is caching the passphrase in your home directory somewhere to enable login time mounting without having to use a different passphrase from your login passphrase...that would be security theater. I'd have to look more closely at the scripted logic to know if they are doing some sort of cached credentials in an un-encrypted file. I'm pretty sure this is NOT tied into the gnome-keyring at all yet. The private directory idea was not introduced as a target for that sort of machine. The private directory feature was targeted as a Server edition feature. Security on a multi-user machine...since the files become viewable once the decrypted mountpoint is active, its no more secure than any other mountpoint and relies on standard unix permissions to keep people out. So as a server feature, its security theater to some extent. And even on a single user machine with guest account enabled fast user switching, like Ubuntu, security may easily be compromised. If the decrypted private directory is not unmounted when I guest user takes over the console, they have just as much access to that mount point as if it were an un-encrypted directory. There was some discussion i think about using apparmor support for additional protection but I don't know if its in place yet. -jef -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
