Hi all,

If I'm posting this in the wrong forum, please do let me know!

I have a Ubuntu 10.04 LTS box that is running a LAMP stack. I am trying to implement some level of security for some of the files that are on the system. The box will be used both as a client and a web server for other machines on the network.

I am currently feeding Apache web documents from /var/www/, and everything is working fine. The files that I have made available via Apache are protected with a .htaccess file, requesting a username and password from the user.

In this computer's future role, there may be the possibility where it's physical location may require it to travel a little. Therefore I would really like to get some protection for the files in /var/www/ when attempting to access them from the filesystem, or if the hard disk were to be removed and installed on another machine.

I have tried making use of the encrypted home directories, with a symlink from the location in /var/www/ to /home/user/ and that works wondefully - until the user that is logged in, logs out. I need other users on the network to still be able to access the protected documents.

To allow for the home directories to be used for this purpose, I have made the user that 'runs' Apache, the same user whose home directory contains the protected documents.

Does anyone know either of the following:

1. Whether I can change any further settings on Apache so that it can access an encrypted home directory without the user being logged in?
2. If there is any other solution that may allow me to encrypt such files on the filesystem and 'automatically' allow access when the system is powered on?

The filesystem used on the box is ext4, I do not have encryption enabled on the entire disk as I don't want the user to have to have a password to enter on boot.

I am very much open to any other ideas and suggestions that may help with this one, I've had a play around with TrueCrypt too, but cannot see any way of 'unlocking' the protected volume without using the app when logged in via the GUI.

Many thanks in advance to anyone that has some input,
Nick

So you want a machine to automatically mount/decrypt an encrypted container upon boot? There's 0 protection in that.

That's sort of like saying you want to have a lock on the front door of your house that automatically unlocks when anyone walks up to it... why have the lock at all?

I think you need to reanalyze your actual goals in relation to reality of security and come up with a new plan.

Hi dayid,

I understand that the requirement sounds a little odd, and I was expecting an initial response like this.

My main requirement is to prevent the files from being accessible if the hard disk was ever removed, rather than protection whilst the disk is in the machine that it should be in.

I'm using disk permissions to prevent access to parts of the system that a normal user doesn't need, and only an administrator account has access to all files.

My concern is if the system's hdd were to be removed and put into another machine, or the system was booted with a live cd - the files would then be accessible as no encryption would protect it.

It may be that my question isn't worded very well, for which I apologise for. I might also be trying to achieve something that's not possible.

Regards, Nick

Theoretical:

• Situation 1:
• Your hard-drive is stolen.
• Someone mounts the drive in their own hardware and boots the system using single-user/liveCD/whatever
• They change the root password
• They make your drive their primary drive and boot it...
• Your auto-mount/decryption takes place...
• They now have your data.

• Situation 2:
• Your hard-drive is stolen.
• ...but the data is encrytped!
• ...but it automatically mounts/decrypts that data upon boot
• Someone mounts the drive in their own hardware and boots the system using single-user/liveCD/whatever
• They change the root password
• They make your drive their primary drive and boot it...
• They now have your data.

So what at that point stops your auto mount/decrypt from auto-mounting/decrypting?

dayid: That isn't how encryption works. If you encrypt a partition it remains encrypted using the key you provide, and protected by a password, regardless of the state of the root or any other account.
I am still not suer that the original idea is possible though ,but I've not come up with any ways around it yet.

Irrelevant, since if you read the original poster's intent - their intent was to have the encrypted partition be automatically mounted on boot. So, by compromising the root account, then having it automatically mount on boot, you can access the data. It is that fundamental flaw in this setup having any security (the automation of it) that I was pointing out.

On the original poster's system, if a user has an encrypted home directory, as soon as that user logs in - thus mounting the encrypted container and decrypting it, the root user may browse their directories since the encrypted container is now mounted.

If that were the object then, of course, that would be a problem.
That is not the object though, that is one thing which has been tried.
The object, to me at least, is boot->enter decryption password->run server.... FAIL->boot->no password-> data is protected.
I would look at truecrypt volumes and changing Apache's config after booting.

Edit: Yes, I am sorry, I missed the "automatic mount" and you are, of course, correct that that negates any encryption.

Hi 273 and dayid,

Thanks for your input so far, very interesting reading through your thoughts.

It may be that the ways I am approaching this is wrong. I was of the understanding that if a user's home directory was encrypted, the files would not be accessible if the system was booted from something like a live cd; equally the files would not be unaccessible if the disk was booted in another machine. If the encryption does not include anything hardware-generated, then I'm obviously on to a losing battle.

The files would indeed be available as soon as the disk is booted in another system.

Looks like my quest for a solution to protect some web documents goes on!

Thanks again for taking your time to reply!
Nick

That is correct - so long as you don't have anything in place to automatically login/mount/decrypt their container. From the sound of it though - you didn't want to have to type in a password upon each boot/reboot to remount the container.

*IF* you could negotiate to re-authenticate each time you have to reboot the machine, then this idea would be secure. The problem is when you attempt to remove that human element.

I'm not sure if this is exactly what you're looking for but maybe encfs would work for your situation. Basically, you create 2 directories and they are essentially mirror directories except one is encrypted and one is not. In order to use it the unecrypted directory must be mounted by the user and requires a password which you define when you create the directories. I have used enfs and created a simple alias named "encmount" which I type after I boot and that prompts me for the password then mounts the unecrypted directory for use. You can have a time limit on how long it is mounted so after a certain period of time it unmounts itself and the only thing available is the encrypted directory.. for an attacker to get access to the unencrypted files s/he would have to remount it using the password. While this isn't automated at it may help keep your data secure when you're not physically there to protect it.. not sure it's what you're looking for but I figured I'd throw it out there.. good luck!

Hi all,

Just an update to close the thread. I have managed to do what I've been trying to do by using TrueCrypt.

I've moved the documents I want protected into a TrueCrypt volume, which is stored in a location outside of my normal web documents. The volume is protected by a keyfile only (not password) which is accessed by the machine mounting an FTP directory at boot which has its access restricted by known IP addresses.

Once decrypted, the FTP directory is unmounted from view of the user.

End result: the files cannot be accessed by another machine if the hard drive is removed, no passwords are required on boot and I have the level of protection I was after!

Thanks for all your input!