LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Slackware
User Name
Password
Slackware This Forum is for the discussion of Slackware Linux.

Notices

Reply
 
Search this Thread
Old 07-07-2010, 09:16 PM   #1
agi93
Member
 
Registered: Jan 2010
Posts: 101

Rep: Reputation: 17
Best way to encrypt (or at least password-protect) a single directory?


I would like to password-protect or encrypt a single directory of mine.

There seem to be so many different solutions, so many different packages, and so many different methods that can supposedly do this, but all I need is something simple and clean, preferably one built into the stock Slackware.

I'm running Slackware64 v13.1. My partition scheme is as follows:

Code:
/       70GB    /dev/sda3    ext4
swap    2.2GB   /dev/sda4    swap
As you can see, I am not able to encrypt my /home partition since I do not have one. I prefer to have a single partition for everything on root (I spent months working on a partition scheme, and eventually I fell back to this).

On Mac OS X, the user is able to create a .dmg disk image and require a password for mounting. I am not sure if the data is actually encrypted, but this is a wonderful solution. Hopefully there is something like this for Slackware.

I ask you of the Slackware community because I want to know the solution (out of the many available) that a Slackware user would enjoy: something clean, light, without excess, and excellent in function. I don't want some huge program that does every possible security measure there is. All I want is the ability to password-protect any directory I create (like ~/important or ~/crypt) so the contents cannot be viewed by anyone unless they know the password.

Thanks for any help
 
Old 07-07-2010, 10:00 PM   #2
piratesmack
Member
 
Registered: Feb 2009
Distribution: Slackware, Arch
Posts: 518

Rep: Reputation: 133Reputation: 133
Quote:
Originally Posted by agi93 View Post
On Mac OS X, the user is able to create a .dmg disk image and require a password for mounting. I am not sure if the data is actually encrypted, but this is a wonderful solution. Hopefully there is something like this for Slackware.
You can create an encrypted container with TrueCrypt. It's not preinstalled, but available on SlackBuilds.org

http://slackbuilds.org/repository/13...tem/truecrypt/

Last edited by piratesmack; 07-07-2010 at 10:01 PM.
 
Old 07-07-2010, 11:38 PM   #3
Richard Cranium
Senior Member
 
Registered: Apr 2009
Location: Carrollton, Texas
Distribution: Slackware64 14.1
Posts: 1,443

Rep: Reputation: 409Reputation: 409Reputation: 409Reputation: 409Reputation: 409
Well, you could run LVM so that you could just make an encrypted /home volume. That would be a major PITA for you.

Try "man mount" and search for "THE LOOP DEVICE". Then read this, which (despite its age) should give you an idea on what to do.
 
Old 07-08-2010, 12:20 AM   #4
mycinka
LQ Newbie
 
Registered: Mar 2010
Posts: 4

Rep: Reputation: 0
Try encfs.
 
Old 07-08-2010, 04:43 AM   #5
brixtoncalling
Member
 
Registered: Jul 2008
Location: British Columbia
Distribution: Slackware current
Posts: 403

Rep: Reputation: 67
This is something which interested me as well. I wanted to encrypt parts of my home directory. In the end, I chose encfs. To integrate it with the desktop, I wrote a little script that would access my encfs password from kwallet. On logging in, I only needed to start kwallet and my encrypted directories would become automatically accessible. Note that I was using kwallet in any case for storing kmail and konqueror passwords so this was the best of limiting the number of times I had to enter a password every time I logged in.

Now for the bad news. A while back encfs showed itself to be a bit unreliable. If I had not done backups of my data, I would have suffered some serious data loss since it would corrupt the xml file needed to decrypt your data. I started a thread about it: Encfs on current. I stopped using encfs at that time and have not found a replacement yet. As I understand the problem has been fixed for Slackware 13.1, but I am wary of going back. If you have unencrypted backups of your data elsewhere, it is probably suitable for your requirements, but otherwise I can't recommend it.

I would be interested in hearing other ideas on how people encrypt part of a partition which can be accessed as transparently as possible to the user.
 
Old 07-08-2010, 05:33 AM   #6
Dinithion
Member
 
Registered: Oct 2007
Location: Norway
Distribution: Slackware 13.37
Posts: 436

Rep: Reputation: 56
Very interessting indeed. I have little personal experience with encryption of whole folders, but I just thought I would comment a little on password protected solutions.

A bad solution would be to make a folder that belong to a different user. You would have to su to that user and supply this users password, or login as root to access this folder. But there is no "physical" restrictions. All the restrictions would be in the UID, which in turn can easily be bypassed with physical access to the computer. So this method is more a "security by obscurity" then protecting your files.
 
Old 07-08-2010, 05:59 AM   #7
brixtoncalling
Member
 
Registered: Jul 2008
Location: British Columbia
Distribution: Slackware current
Posts: 403

Rep: Reputation: 67
Going on what Dinithion said, an even simpler non-encryption solution would be making a directory accessible only to members of a certain group and then put anyone who is to have access to the data in that group. But as stated, with physical access it would be trivial to access the data.
 
Old 07-08-2010, 07:39 AM   #8
Lufbery
Senior Member
 
Registered: Aug 2006
Location: Harrisburg, PA
Distribution: Slackware 64 14.0
Posts: 1,142
Blog Entries: 29

Rep: Reputation: 119Reputation: 119
agi93,

Check out this article: Protecting directory trees with gpgdir.

If you're not already using GPG (GNU Privacy Guard, the GNU version of Pretty Good Privacy) to check file integrity and authenticity when you download them, you should be! If you are using GPG, then gpgdir looks pretty good.

I haven't used pgpdir, though, so take my recommendation with a grain of salt.

Regards,

Last edited by Lufbery; 07-08-2010 at 07:41 AM.
 
Old 07-08-2010, 12:06 PM   #9
agi93
Member
 
Registered: Jan 2010
Posts: 101

Original Poster
Rep: Reputation: 17
Truecrypt looks like its exactly what I need. It has a feature to create a .tc file which can be mounted and used to store other files. This is just like the .dmg system on OS X.

gpgdir looks pretty interesting, too.


About LVM, I had an LVM partition scheme with all sorts of directories (/, /home, /var, /usr, /opt) separated just before I went back to the one-partition-for-root system I have now. Oh well. It's good to know LVM can do that just in case I want to encrypt /home on future systems.

Messing with users and groups looks like a fun way to make file access more roundabout for someone, but there still is that physical access problem, and root can easily override any obscurity/security that provides.


I'll go try TrueCrypt and let you know if I have problems or if it works alright.

Edit: Truecrypt is awesome! I just created a 4GB crypt.tc file which I mount in /mnt/crypt when necessary. Thanks!

Also, sbopkg cannot properly download truecrypt. This is because the source link on slackbuilds.org leads to a download page instead of the actual source. This is also the case with dzen2. As a result, I had to build both manually with the SlackBuilds. This is not too much of a problem, as sbopkg still recognizes the package and will check for updates (I hope), but there should be some fix for this. Perhaps chess can add a feature to sbopkg in which a failed md5sum check would provide an option for the user to visit the download site with the links browser and download the source manually. Sbopkg could then have that source sent to /var/cache/sbopkg and recognize its download, allowing for the continuation of the build.

Until something like that happens, manual building also works.

Last edited by agi93; 07-08-2010 at 01:04 PM.
 
Old 07-08-2010, 01:57 PM   #10
Lufbery
Senior Member
 
Registered: Aug 2006
Location: Harrisburg, PA
Distribution: Slackware 64 14.0
Posts: 1,142
Blog Entries: 29

Rep: Reputation: 119Reputation: 119
Quote:
Originally Posted by agi93 View Post
Also, sbopkg cannot properly download truecrypt. This is because the source link on slackbuilds.org leads to a download page instead of the actual source. This is also the case with dzen2. As a result, I had to build both manually with the SlackBuilds.

---snip---

Until something like that happens, manual building also works.
Actually, sbopkg handles stuff like that quite well, with some user intervention.

Before building running the slackbuild, take a moment and look at the sbopkg menu. There's an option to edit the .info file for that particular package. That's where you can input the correct download link.

Regards,
 
Old 07-08-2010, 01:59 PM   #11
rmjohnso
Member
 
Registered: Mar 2006
Location: Wisconsin
Distribution: Slackware64-Current
Posts: 294

Rep: Reputation: 43
AlienBOB has a TrueCrypt build script on his site, along with the source, if you can't get the SlackBuilds site to work.

Another plus for TrueCrypt is that the .tc container files are easy to transfer among systems, and TrueCrypt is cross-platform.
 
Old 07-08-2010, 02:21 PM   #12
agi93
Member
 
Registered: Jan 2010
Posts: 101

Original Poster
Rep: Reputation: 17
Quote:
Originally Posted by Lufbery View Post
Actually, sbopkg handles stuff like that quite well, with some user intervention.

Before building running the slackbuild, take a moment and look at the sbopkg menu. There's an option to edit the .info file for that particular package. That's where you can input the correct download link.

Regards,
Sometimes there really is no download link though. With truecrypt I had to check a license agreement box, select the Mac/Linux version from a dropdown menu, and then click download before it work work. Gah! Why can't they just have a simple ftp site with a note that says "By downloading any of these files, you accept this license agreement: ...".

That's cool though. Maybe I'll use that to point to Eric's source instead next time.


Also, I wish Eric would organize his repo at the top level by Slackware version. That way, I could mirror 13.1/ only (or whatever is relevant to my system at the time) without downloading all these extra files that don't even apply to my system.
 
Old 07-08-2010, 04:08 PM   #13
slakmagik
Senior Member
 
Registered: Feb 2003
Distribution: Slackware
Posts: 4,113

Rep: Reputation: Disabled
Quote:
Originally Posted by agi93 View Post
Also, sbopkg cannot properly download truecrypt. This is because the source link on slackbuilds.org leads to a download page instead of the actual source. This is also the case with dzen2. As a result, I had to build both manually with the SlackBuilds. This is not too much of a problem, as sbopkg still recognizes the package and will check for updates (I hope), but there should be some fix for this. Perhaps chess can add a feature to sbopkg in which a failed md5sum check would provide an option for the user to visit the download site with the links browser and download the source manually. Sbopkg could then have that source sent to /var/cache/sbopkg and recognize its download, allowing for the continuation of the build.

Until something like that happens, manual building also works.
What happens with dzen2 and truecrypt are actually very different but 0.33.1 does trip over dzen2. That's fixed in svn, though. And, yes, after you get it installed, sbopkg will handle it as any other SBo package. Just to note: you can download the source to your $SRCDIR and then run sbopkg as normal. But downloading it anywhere, setting everything up and, running the SlackBuild directly works too, of course.

As far as truecrypt, though, there are limits to the upstream... eccentricities... (must be polite) that sbopkg can work around. If sbopkg doesn't have a url to work with, it doesn't have a url.

As far as the browser-to-homepage option, we'll think about that (or I will anyway). There are reasons for the md5 to fail that wouldn't be solved by going to a homepage and, even after going to a homepage, you'd likely have to change things like the md5sum or version number or whatever. So it may not be doable or may not be done, but might. Thanks for the suggestion.

Also, if you encounter problems like dzen2 and truecrypt, please report it to the googlecode tracker or, if you aren't or don't want to be google-ized, drop by #sbopkg on freenode and report it there. We're more likely to be sure to know about it if you do.

Last edited by slakmagik; 07-08-2010 at 04:16 PM. Reason: or use the mailing list, of course
 
Old 07-08-2010, 04:17 PM   #14
agi93
Member
 
Registered: Jan 2010
Posts: 101

Original Poster
Rep: Reputation: 17
Quote:
Originally Posted by slakmagik View Post
What happens with dzen2 and truecrypt are actually very different but 0.33.1 does trip over dzen2. That's fixed in svn, though. And, yes, after you get it installed, sbopkg will handle it as any other SBo package. Just to note: you can download the source to your $SRCDIR and then run sbopkg as normal. But downloading it anywhere, setting everything up and, running the SlackBuild directly works too, of course.

As far as truecrypt, though, there are limits to the developer... eccentricities... (must be polite) that sbopkg can work around. If sbopkg doesn't have a url to work with, it doesn't have a url.

As far as the browser-to-homepage option, we'll think about that (or I will anyway). There are reasons for the md5 to fail that wouldn't be solved by going to a homepage and, even after going to a homepage, you'd likely have to change things like the md5sum or version number or whatever. So it may not be doable or may not be done, but might. Thanks for the suggestion.

Also, if you encounter problems like dzen2 and truecrypt, please report it to the googlecode tracker or, if you aren't or don't want to be google-ized, drop by #sbopkg on freenode and report it there. We're more likely to be sure to know about it if you do.
I'll start doing more bug reports when I encounter this kind of thing. Thanks so much to all the sbopkg maintainers for putting so much care into their program. It's really a beautiful piece of software
 
Old 07-15-2010, 07:55 PM   #15
shadowsnipes
Senior Member
 
Registered: Sep 2005
Distribution: Slackware
Posts: 1,441

Rep: Reputation: 70
I also hear TrueCrypt is great for cross-platform use.

I use EncFS and have never had any problems with it. It has the advantage that it behaves more like a regular file system and not like a loop back filesystem, so I can incrementally back up individual files instead of one big file.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
TiP: Password Protect your Single User Mode Hitboxx Linux - General 9 09-17-2007 07:02 AM
can i encrypt or password protect my initrd image??? raklo Linux - Kernel 14 02-13-2007 06:32 PM
Password protect a directory aquatux Suse/Novell 6 08-01-2005 11:56 PM
password protect/encrypt a single image bruce1271 Linux - Software 2 10-18-2003 08:29 PM
Password protect a directory Stephanie Linux - General 6 03-26-2002 02:58 PM


All times are GMT -5. The time now is 02:05 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration