On Wednesday 23 April 2008 21.15:54, Jan Ritzerfeld wrote:
Am Mittwoch, 23. April 2008 schrieb Daniel Bauer:
[...] I thought it's only decrypted after loging in as this user and only for this user, but I can see the contents as any user even after a reboot and without ever loging in as that "encrypted user". [...] Or did I again miss something essential?
Thank you Jan, you've put some light "on my disk" :-)
I think so. As you come from Switzerland I assume that you speak German (your nice web page tells me this, too). So, please have a look at this thread on opensuse-de: http://lists.opensuse.org/opensuse-de/2008-04/msg00751.html
In summary, the trick is if you give an existing user an encrypted home directory, YaST will copy the current home to the encrypted one. At first glance, it might look like you can see the content of the encrypted home. But in fact, this is the old content. Thus, this state will survive a reboot.
This is what obviously really confused me: there was no "old content" (I added a new user and directly gave him the encrypted home-directory in Yast). After reading your post I opened konqueror as root (without logging in as "encrypted user") and renamed some of those files to *.OLD. Then opened an additional session for the "encrypted user" and: the *.OLD files were *not* there... Switched back to normal user, reloaded directory in Konqueror - and the *.OLD files were gone, too. Terminated the "encrypted" session, reloaded Konq - and the *.OLD files were there again... Finally deleted all these files. Opened a new "encrypted user" session, added some large files, terminated the session - and guess what: I cannot see those files in Konq as another user or root anymore, the home directory of the "encrypted user" now just appears empty. Wow, this is exactly what I wanted... So, I guess, when adding a new user in Yast with an encrypted home dir, Yast first creates the normal, unencrypted new home dir, then the .img-file etc., copies the unencrypted home dir to the .img file and leaves the now unused unencrypted dir and it's content as is, although it is not of use anymore. For a not so linux savy user this is very confusing and I think, it should be mentioned in the help text on the left in Yast or at least in the explanations on the opensuse pages...
If you add new files as the user owning the encrypted home logged in, you will not see them if the user is not logged in.
Now I see that it really is so. Du to the "double-existence" of some dirs and files it appeared contrary. Like a Fata Morgana.
However, it might be possible that the encrypted home cannot be unmounted correctly, check the output of "mount" whether it still contains a line starting with "/dev/mapper/_dev_loop0 on /home/..." after the user has logged out. This line must be present as long as the user is logged in, but not any longer.
Yes, it does all correctly: logged in mount shows "/dev/mapper/...", logged out, "/dev/mapper/..." disappears. Great :-)
HTH Jan
Thanks. Daniel -- Daniel Bauer photographer Basel Switzerland professional photography: http://www.daniel-bauer.com erotic art photos: http://www.bauer-nudes.com/en/linux.html Madagascar special: http://www.fotograf-basel.ch/madagascar/ -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org