http://5Valleys.com/tags/#{params[:tag_id]/posts en-us 40 Rails, Software Development, Western Montana, and other incoherent ramblings. If you've got a laptop computer, it's not a bad idea to encrypt a data partition and keep all your personal data there. That way if your laptop gets lost or stolen, then the thief may have your computer, but they won't be able to steal your identity, too. And, doing so in linux is absurdly easy. Here's how I did it on Ubuntu. Also note that, if you've been here before and already have the encrypted partition, but are trying to access it from a new install of Ubuntu, you should *skip* steps 2, 4 & 6 Step 1) Use Synaptic to install the 'cryptsetup' and 'pam-mount' packages. Step 2) Create a new primary partition that will be your encrypted partition (I recommend using gparted to do this). Step 3) Restart your computer. This is a step I frequently forget, but is absolutely necessary for the right encryption modules to be loaded into your kernel. Step 4) Run 'sudo cryptsetup luksFormat /dev/sdXX' where 'sdXX' is the name of the new partition you created in step 2 (eg, sda4). When asked for a passphrase, use the exact same password you use to login to the computer (you'll see why in step 9). Notice and heed the warning "This will overwrite data on /dev/sdXX irrevocably." Step 5) Run 'sudo cryptsetup luksOpen /dev/sdXX sdXX' Step 6) Run 'sudo mkfs.ext3 /dev/mapper/sdXX' Step 7) Create a folder to mount your partition to. I like to use /mnt/sdXX, but you could just as easily put it right in your home directory, such as '~/encrypted'. Note the all instructions below assume you chose '/mnt/sdXX', so adjust accordingly. Step 8) Run 'sudo mount /dev/mapper/sdXX /mnt/sdXX' Ok, now your partition is created and mounted. But, next time (and every time) you restart your computer you'll need to run step 8 again. If you forget, you'll find that /mnt/sdXX is empty, and panic. Wouldn't it be nice if you could just mount that partition automatically whenever you log in? Well, as long as you used the same passphrase for the for the partition as your password when you log in, you can. Step 9) As root, open /etc/security/pam_mount.conf.xml and add or uncomment the line that says '<luserconf name=".pam_mount.conf.xml" />' Step 10) Create a file named .pam_mount.conf.xml in your home directory and fill it with the following... <?xml version="1.0" encoding="utf-8" ?> <pam_mount> <volume fstype="crypt" path="/dev/sdXX" mountpoint="/mnt/sdXX" /> </pam_mount> Step 11) As root, edit /etc/pam.d/gdm and add '@include common-pammount' to the end of the list. Step 12) Reboot and you should find that the encrypted partition gets mounted for you. One final word of warning. If an UNencrypted partition fails or gets corrupted, there are still some very crude methods to *try* and recover anything that wasn't properly backed up. When an ENcrypted partition fails like this, you can probably throw most or all of those tools and techniques out the window. So, keep your encrypted partition frequently backed up to a different *physical* drive, probably external, probably also encrypted. <a href='http://www.5valleys.com/posts/59-Encrypting-and-Auto-Mounting-Ubuntu-Partition'>continue...</a> Fri, 02 Jan 2009 20:01:00 -0700 http://www.5valleys.com/posts/59-Encrypting-and-Auto-Mounting-Ubuntu-Partition jsgarvin Ubnutu, Security