If you read one of my older posts, then you read that Truecrypt does not support encrypting the entire drive. I set out to see if it was possible just to encrypt the working home drive (I know it can be done, just didn't know how).
Well, a new version of Truecrypt just came out, version 6.1. And guess what? It still doesn't encrypt the whole system drive. Oh well...back to the drawing board.
To upgrade Truecrypt on the Acer Aspire one, follow Macles instructions for the older version, just use the new version of Truecrypt (i.e, replace the names with the newer version).
Great, so you got it going now what, right? Well time to follow these steps.
What you need:
1. A donwload of Truecrypt
2. An external drive or smb/cifs connection (to temporarily move your user directory).
3. Some time on your hands.
Great, now let's get to the good part.
Adjust user login
You want to login as root, this'll make it easier for you to move the user folder. To do this, you'll have to login as root. Here's a nce tip I found that'll allow you to be prompted with a login at boot:
http://snaprails.blogspot.com/2009/01/acer-aspire-one-linpus-password.html
Login as root
After you've made the above adjustements, you should login as root. This'll be self explanatory once you see the prompt.
Move the user folder
This made sense to me because I was already running low on space. Only about 1.7 GB free. My user folder was taking up about 1.4 GB, and I wanted to be able to utilize as much space as possible (keeping in mind to leave a little for the system should I want to modify anything that would take up space on the system.
1. Mount your external drive, or network drive
2. Transfer your user folder to the other drive. (So, copy then delete, or a straight move. I'm superstitious, so I do a copy and then a delete locally)
3. Clean up Trash so that you gain back the free space on your drive.
rm -rf /root/.local/share/Trash/files/*
rm -rf /root/.local/share/Trash/info/*
4. Fire up truecrypt
5. Click on Create Volume, and create a volume and place it where ever you want, as long as "user" has access to it. Choose whatever encryption method you want, and whatever password you want. When it asks for format choose ext2. I had originally chose none, and then was going to format using aufs, but only the /mnt/home directory needs it. The rest of the drive (including /home/user) is actually ext2. I had to then format it after using ext2. Go back to where you created the Truecrypt container (mine is along the lines of /home/encryptedcontainer.tc), and make sure that "user" has access to it:
-rw-rw---- 1 user user 3221225472 2009-06-02 15:05 encryptedcontainer.tc
You can accomplish this with:
chown -R user:user encryptedcontainer.tc
6. Ensure that it's created and that you can mount it.
7. Create a folder called "user" under /home NOTE: Any messages you get just click OK. Ensure that user has access to the folder: chown -R user:user /home/user
7. Once you've mounted your Truecrypt image, go ahead and transfer the data over to it. (Truecrypt will tell you where it's mounted to, usually /media/Truecrypt1)
8. Run the following to put "user" as owner on the contents:
chown -R user:user /media/Truecrypt1 .
NOTE: The "period" after the command. This will ensure that even the .name files will be adjusted (if you put *.* it may include "." and ".." which will effect the directory above it as well).
9. Ensure everything's been trasferred over, and that Truecrypt is good. Now dismount the file in Truecrypt.
Get Truecrypt to Startup and Mount at Boot
1. Now follow the instructions listed here:
http://ubuntuforums.org/archive/index.php/t-1014891.html
2. Save it, and reboot
3. You should now be prompted with 2 authentication windows
a. The first is to authenticate to the Truecrypt container. If you don't authenticate to it, the boot will loop, and you can't get into "user".
b. The second authentication screen is the gdm one which will allow you to actually login to your account.
Once you login, everything should be working fine. The only problem I've exprienced so far was with Jungledisk. I had to remove it, download it, and extract it again. I also had to remove the .junglediskinstance file. The encryption is seemless. You will not see jungledisk running in the taskbar, or top. If you run ps aux | grep jungledisk, you'll see it running where it mounted your container to /home/user.
The advantage of this setup is that:
1. The Acer Apsire One needs authentication now to get into it.
2. The "User" home folder is encrypted now.
The disadvantage of this setup is:
1. It takes a little longer to boot
2. If you forget your password, your SOL, and need to go back to your backup (still got that user folder you copied over?)
3. Someone can still login as root and see where your Truecrypt container is and attempt to brute force it. If the container uses the same password as your Linpus login, then a skilled user could crack your passwd file and use that to crack your password for Truecrypt.
Tuesday, June 2, 2009
jungledisk + Amazon S3 on Acer Aspire One
I was trying to get this working a while ago, and gave up. I managed to get far enough where I was able to get it to work only using root (sudo, or straight up root). Little did I know I was close to getting it working under "user" but gave up to soon. Eh, it happens...
At any rate, here's how to do it. This assumes that you already have an S3 account configured and downloaded Jungledisk.
1. After you've downloaded jungledisk, extract and untar it.
tar -xvzf jungledisk*
2. check the permissions on the contents. Pay attention to jungledisk and junglediskmonitor, and ensure that they look like below.
-rwxr-xr-x 1 user user 4394430 2009-04-28 11:17 jungledisk
-rwxr-xr-x 1 user user 9164367 2009-04-28 11:17 junglediskmonitor
3. Check /dev/fuse and make sure that the permissons on it are as follows:
crw-rw---- 1 root fuse 10, 229 2008-03-04 08:44 /dev/fuse
4. Next, add "user" to group "fuse" by issuing the following command:
sudo usermod -a -G fuse user
5. Ensure that you have the correct group memebership by issuing the following command, and making sure you see "fuse" in the list:
[user@localhost jungledisk]$ id user
uid=500(user) gid=500(user) groups=500(user),10(wheel),496(fuse)
6. Reboot, otherwise the changes to group membership will not take effect.
7. Go ahead and run junglediskmonitor, once you get back up and running and enter in the requested information.
This is a great addition to my Acer Aspire One using an 8GB SSD!
At any rate, here's how to do it. This assumes that you already have an S3 account configured and downloaded Jungledisk.
1. After you've downloaded jungledisk, extract and untar it.
tar -xvzf jungledisk*
2. check the permissions on the contents. Pay attention to jungledisk and junglediskmonitor, and ensure that they look like below.
-rwxr-xr-x 1 user user 4394430 2009-04-28 11:17 jungledisk
-rwxr-xr-x 1 user user 9164367 2009-04-28 11:17 junglediskmonitor
3. Check /dev/fuse and make sure that the permissons on it are as follows:
crw-rw---- 1 root fuse 10, 229 2008-03-04 08:44 /dev/fuse
4. Next, add "user" to group "fuse" by issuing the following command:
sudo usermod -a -G fuse user
5. Ensure that you have the correct group memebership by issuing the following command, and making sure you see "fuse" in the list:
[user@localhost jungledisk]$ id user
uid=500(user) gid=500(user) groups=500(user),10(wheel),496(fuse)
6. Reboot, otherwise the changes to group membership will not take effect.
7. Go ahead and run junglediskmonitor, once you get back up and running and enter in the requested information.
This is a great addition to my Acer Aspire One using an 8GB SSD!
Subscribe to:
Posts (Atom)