On Thursday, July 25, 2013 09:12:43 AM Darin Perusich wrote:
On Thu, Jul 25, 2013 at 7:43 AM, Marco Vittorini Orgeas
I've never been a fan of SuSE's approach to encrypting home directories for exactly the reasons you're run into, once you run out of space your stuck. IMO using ecryptfs, as Ubuntu does, for user home
Then, is it correct to assume that it will proceed with a copy+delete? In such a case an image file of 60GB inside a HDD drive of 100GB won't allow a copy+delete. I would bet it will proceed with that, but I can't assume for sure: e.g. Virtualbox somehow allows the resizing of its VM guest HDD images without a copy+delete: https://www.virtualbox.org/manual/ch08.html#vboxmanage-modifyvdi .
directory encryption is a much better approach. Because it's a stackable filesystem you only need to expand the underlying file system to increase space so it's transparent. Also because it's a stacked filesystems you don't need to "resize" the mapping of the volume like you do if using dm-crypt, see cryptsetup(8) resize.
On openSUSE 12.2+ when you install the ecryptfs-utils package it will properly update the pam configuration and set permissions accordingly, I wrote the pam-config patches for this and helped push the setuid bits through. Unfortunately there are currently issues with some of the ecryptfs-utils scripts, at least on openSuSE 12.3, which need to be addressed in order for things to be properly setup. The biggest I'm aware of is ecryptfs-setup-swap needs to be updated to support systemd and it doesn't always update the fstab swap entries. In it's current state it doesn't work and I haven't had time to fix/patch it and push them upstream.
Yes, I did looked into it when I had to setup the OS, but the state wasn't completely bug-free so,given the critical nature of the function, I eventually preferred going ahead with the "official" and "supported" way to encrypt home dirs. I hope it will be polished out...also, why not adding an helper script to convert the image file to an ecryptfs set-up? -- Marco -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org