LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Slackware (https://www.linuxquestions.org/questions/slackware-14/)
-   -   About Encrypted backup maybe home? (https://www.linuxquestions.org/questions/slackware-14/about-encrypted-backup-maybe-home-4175468210/)

PeterUK 07-02-2013 12:55 PM
About Encrypted backup maybe home?
 
I am doing a back up now and I have a entire drive to do it.

As recently I have to send a drive under warranty I feel un-easy my data going out there.

Now I am planning in doing a back up and thinking if I encrypt the whole drive (As external drive) so If I ever need to sent I will feel better about it.

But before I have in the the back of my head you don't want to script the whole drive if it as system as it make slower? right?

Also I want to know it you encrypt do you actually occupy more data? Or just move it round and use the same amount?

Please give you your opinion!

PeterUK 07-02-2013 07:14 PM
I have log in into my Ubuntu machine and installed encryptsetup then I put some date in,

I notice two things I think the speed transfer is slower also the drive keep reading long after the date in and it say it has finished.

I notice that is taking more than a normal drive it say it has 159 MB when it was nothing and it now say the space is 2.7 TB

Then I log back again in my Slackware machine and password in and it looks like all there fine.

If you know how to do it in slackware please point it out.

I did it this way because I know its easier on Ubuntu, two I want to be able to boot in the two system and access the files, three I have been having some problem with permission when I try to access to my files on the slackware files from my Ubuntu machine I though now the files have been loaded from my Ubuntu user machine, now the "root" session will see the files as ower the Ubuntu-user but not the files are seen as root as the owner why is this?

mlslk31 07-02-2013 11:30 PM
Beats me. I don't use Ubuntu, never seen it live, and my boat anchors don't have the horsepower to run it. Ubuntu is like Debian but fancier, right?

For file permissions, you should look at the UID of the files. `ls -n` is a good start to this concept. For instance, UID 1004 could be user "bob" on one PC and user "pat" on another PC. Should you tar off of one PC and restore on the other PC, the other PC won't care about who "bob" or "pat" are and will give the files with UID 1004 to whatever user has UID 1004, or show the owner as "1004" if no user has been assigned that number.

Short answer on crypto: Test it, see what happens. Still, don't trust the drive in the hands of others. If you care that much, keep multiple backups and maybe a spare drive on hand. You can't be too safe, especially when corporations and governments have a recent history of working together rather casually, as if user privacy means nothing, at least not here in the US. cryptsetup is decent and useful, but you still might leave your most sacred data in the hands of GPG, and even then, take care that the GPG keys are not stored on the same PC as the data.

As for speed, things that don't depend on raw disk speed (like compile jobs) won't be so bad with the kernel's crypto and cryptsetup. If you work with large files, though, it can be rather miserable. Some ciphers have hardware acceleration in the kernel and/or optimization in assembly language, some ciphers are compiled C code, which is decent but not ideal. It looks like the more encryption hardware is used, the faster things might go. But overall, there's no free ride. To have speed, you can sacrifice money, time, and/or security, sometimes all three if you're really unlucky.

PeterUK 07-27-2013 12:46 PM
I looked at one file (a mp3), example opened In Ubuntu and it said (Owner: user-machine, Access: Read and Write) (Group: user, access none) Others:none.
From the terminal.
ls -l
Quote:
-rw------- 1 user user 3199826 Jan 16 2005 01 Track 1.mp3
ls -n
give:
Quote:
-rw------- 1 1000 1000 3199826 Jan 16 2005 01 Track 1.mp3
if I move that file to own machine drive and do the same the result are the same,
I set the value by a command line "chown 1000 'and_the_file_path'
If I use -R at the top dir it give error:
Quote:
drwSrwsrwx 92 user root 4096 Jul 27 15:44 Music
or -l
drwsr-sr-x 92 user root 4096 Jul 27 15:44 Music
What are those big s? on a place webpage say "s = Unix domain socket" ???

When I apply (-rwxr-xr-x.) by
Quote:
sudo chmod -R 755 Music
Now I can open those files normally (at least at the moment)

this is a folder create for the system:
drwxr-xr-x 6 user user 4096 Jul 25 17:41 smstools3
My folder before modifications:
drwxrwxr-x 3 755 user 4096 Jul 27 15:28 Music

now from slack:
creating a folder give this permission:
drwxr-xr-x 2 root root 4096 Jul 27 18:26 test_music
and a file give:
-rw-r--r-- 1 root root 0 Jul 27 18:29 test

now I move the folder a cross from the same external drive and I get:
drwxr-xr-x 3 root root 4096 Jul 27 18:30 4
and the same file but now into the slack-machine drive
Quote:
-rw------- 1 root root 3199826 Jan 16 2005 01 Track 1.mp3
and -n
-rw------- 1 0 0 3199826 Jan 16 2005 01 Track 1.mp3
And that is one of the problem if I pass a file using the slack machine even from a file attached to it to another one it take ownership.

I now I have some questions:

1- Is there a clear guide what file should have what permission:
Something like:
picture-
doc-
pro-
etc
note: I understand clear if read/write/execute but when should I give to the group or to others..

2.- Can I change the UID to the user? I know that be easy to change UID to the files, but I think would be easier to change the UID to the user and I dont need to change the backup files, right? Even root?

T3slider 07-27-2013 01:53 PM
Quote:
Originally Posted by PeterUK (Post 4997974)
What are those big s? on a place webpage say "s = Unix domain socket" ???
From `info coreutils 'What information is listed'` (which you can get to through `info coreutils 'ls invocation'`, mentioned in `man ls`):
Code:
    `s'
          If the set-user-ID or set-group-ID bit and the corresponding
          executable bit are both set.

    `S'
          If the set-user-ID or set-group-ID bit is set but the
          corresponding executable bit is not set.
You have the setuid and setgid flags set on that directory. On directories the setgid flag makes new files inherit the group of the directory in which they are created. I think the setuid flag is ignored for directories but I am not positive.

Mark Pettit 07-28-2013 11:24 AM
When encrypting data/files onto a second disk, you have several options - ain't choice wonderful !

1) Use something like Truecrypt, which will create a container of a certain size. Then you mount it and copy your data in, or delete old data. The advantage here is that no-one can see anything about the files at all - name, size, dates, contents etc. But space must be "pre-booked".

2) Encrypt a single file at a time - using something like openssl. The advantage here is this truly simply to do. The disadvantage is that the file name and other meta-data (size, dates) are clear.

3) Use a fuse-based crypot-mount, something like encfs. This is very neat, in that it's pretty simple to set up. Your data and file names are encrypted. But the sizes and dates are not. Also, you can see the numbers of files in a directory.

You will need to decide what is most likely to suite you. Encrypting the data alone might seem like enough to you, but if you live in e non-free country like the USA, you might be very concerned if BigBrother and Uncle walt were able to see that your file was called "Oblivion_2012.mkv". It's quite easy to see if a directory contained from 8 to 15 files and they were all in the size of 5 to 15 Megabytes that you likely have a set of MP3 files. Even the exact sizes of those could point to a likely album of "Prince", and he'd hunt you till you paid up $BIGBUCKs or went to $PRISON.

I like Truecrypt. But I'm not 100% certain that it's truly safe from the NSA. If all you're doing is holding some movies and audio files you're probably safe from them.


All times are GMT -5. The time now is 10:23 PM.