Change my Home folder
October 29, 2008
I see a lot of folks asking the same question
How do I change the location of my home-folder?
The solution is as simple as it gets! Swap ‘username’ with your username:
/etc # cat passwd | grep username username:x:1000:1000:My real name,,,:/home/username:/bin/bash
I believe you can simply edit this file as sudo, and change the part about :/home/username: to whatever pleases you 
EncFS – mount over nonempty mount-point
October 29, 2008
EncFS is a piece of FOSS that lets you work with a filesystem interface to a created crypted folder. It is thus transparent to the user. For more information, see previous post.
I came over a special option today playing around with EncFS. When issuing the command $ encfs ~/crypted ~/interface , and the directory ~/interface was not empty, I got a warning from FUSE – letting me know that it was not empty. However, it also gave me a solution to the problem! Simply add the option nonempty to the mount command, everything is dandy.
$ encfs -o nonempty ~/crypted ~/interface
The files that already was present in the target ~/interface was no longer there – just the decrypted content from my ~/crypted filesystem. But, to my surprise, when I unmounted the encrypted filesystem, the original files that were in the mount point in the beginning, appeared again!
$ fusermount -u ~/interface
The files were not lost! They simply got hidden!
I see a great application in this feature. Let’s say you have a system with encrypted home folders for each user of the system. When a user login, their encrypted home folder is mounted, and their files are made available to them. They do not even have to know it is encrypted – what do they care!?
Now, let’s say somebody needs to get some information about a fellow student/colleague, i.e. contact information and such. Why not leave a file in their unencrypted, open home folder for everyone to see? The folder is already there – doing nothing – so why not put it to use!
Use case
Let’s say Fred wants to get Maya’s e-mail address. He simply goes to here home-folder and retrieves her contact information
# fred@computer $ cd /home/maya/
# fred@computer $ ls
contact.maya
A well – maybe this has been done before… I just found out
For other FUSE options
$ encfs -H
Personal Level of Security
October 29, 2008
In my journey of learning a “bit or byte” in the GNU/Linux world, my focus has recently been on security in form of encryption of data – not malicious malware, adware, virus etc.
How do I maintain the highest level of security for my personal files if, God forbid, my laptop was stolen or an unwanted user got access to my computer? Most of the information I have found, is mostly security issues related to off-line data – how to encrypt your OS/harddrive, filesystem (i.e. folder), or a single file. How to prevent intruders from the outside world is off-topic.
Level 0: Not an issue
The first question one need to ask, is: why would I need an extra level of security? If you are the only user of a desktop computer at home, security may not even be an issue. Why would it be, right? Just image all the people using a no-security-measures-vista/xp-laptops out there. They don’t bother – should you?
Level 1: Permission settings
When you share your personal computer, things may be different. If you and maybe your “significant other” have access, security in form of OS/harddrive security may be overkill! If that other person has her own login, she would not have immediate access to your home-folder. Just make sure your permissions are set correctly to your home-folder.
$ cd /home $ chmod 700 <myfolder>
Level 2: Simple file encryption
If, for some reason, you share your computer and grant others with root-privileges, they have access to your files, and setting permission is no longer enough! When sharing with your spouse, or you are one of them “I don’t keep anything from my girlfriend/boyfriend”-type – security is still something you are only concerned about when paying bills online. Though, when making a list of potential Christmas-present, file-encryption could come in handy. You don’t want her to ruin the surprise!
Howto encrypt files: bcrypt – encrypt personal files.
This is also useful when you want to send sensitive information by email, or you use some kind of cloud file-sharing. Simply encrypt your file, and make sure the recipient has the password for decrypting the file.
Level 3: Folder encryption
If you share your computer with others, or you have files and folders you just wish to keep private, i.e. maybe you want to encrypt your home-folder to prevent anyone to see your files — then folder encryption or filesystem encryption would be the way to go.
Howto encrypt folders: encfs – encrypted folders/filesystems
When using folder encryption like encfs, the program maps the encrypted folder to a “human-readable”-folder. Any change, deletion, or new files/folders you create in your “human-readable”-folder, is mapped from the encrypted folder. Perhaps the main disadvantage here, is that the crypted folder is visible and has the same permissions as the decrypted, mapped folder. Thus people with access may still do harm.
Level 4: Virtual encrypted filesystem
There is also the option of creating a virtual encrypted filesystem. I would recommend TrueCrypt for this. The main advantage here, is that your entire filesystem (i.e. folder) is mounted as any other drive/device, but actually is located within one pre-allocated encrypted file. You may thus send, transport, copy, move, do whatever you want with this file. Wherever and whenever you mount it, your filesystem/folder magically appears at the mount point.
Several people have written excellent posts and howto’s about Truecrypt – a simple google reveals this. I personally started using it with Dropbox – see that post here.
Level 5: OS/Harddrive encryption
At the moment, I don’t see the need for this. However, I am going to try it out! My goal is to use an USB-stick, with a fully encrypted bootable OS, using Dropbox to store my personal files – encrypted of course. This will have to be a follow-up post as I suspect I will use some time on this.
That’s it for personal security.
EncFS – encrypted folders/filesystems
October 29, 2008
encfs – is a tool for encrypting a filesystem, i.e. a folder. It is very easy to use.
The debian package should be available in Debian and Ubuntu. Simply
$ sudo aptitude install encfs
encfs uses FUSE works perfectly for this kind of task. If you don’t have it installed, it should be installed with encfs. Remember to add yourself to the FUSE group.
$ sudo usermod -a -G fuse username
Now, there is mainly two commands you need to focus on. The one which mounts and creates the encrypted folder, and the one that unmounts it.
Create and mount
$ encfs /fullpath/.cryptic /fullpath/readable
You now answer a few question, and voila – good to go! Next time you simply issue the same command to mount an existing encrypted folder.
Unmount
$ fusermount -u /fullpath/readable
How hard can that be, right!
Applications of encfs
You may use this in several ways. One and maybe the obvious, is to have your own personal folder with encrypted data – just for fun, or to avoid your girlfriend/boyfriend finding out about your deepest secrets! It sure is an easy way of keeping a diary.
You may also use this to make your home-folder encrypted. I have read somewhere that Ubuntu is planning to make encrypted-home as an option sometime. And I believe encfs is the candidate to use. There exists another package which uses the PAM for authorizing. This way, you may automount your folder when you login, making it ideal for home-folder encryption. Follow the links below for further information.
Links:
A howto is located at ubuntu’s help.
http://www.linux.com/feature/52820
Alternatives:
http://www.debianadmin.com/filesystem-encryption-tools-for-linux.html
Bcrypt – encrypt personal files
October 28, 2008
I wanted to make a keyfile for added security in TrueCrypt. You may use any filetype you’d like, but to create a new layer of security, I made a pass-phrase and encrypted this into a file using bcrypt. The same approach may be used to encrypt any file you want, to share with a friend or send by e-mail. Just as long as the decrypter knows the password, you are good to go.
Bcrypt uses the Blowfish algorithm, and is available in the official Debian repo.
Encrypt
$ echo “pass-phrase” > keyfile
$ bcrypt keyfile
You will be asked to provide a password, and the encrypted file is created.
Decrypt
$ bcrypt keyfile.bfe
Provide the password used for encryption, and the file is converted back to the original ‘keyfile’.
TrueCrypt – virtual encrypted disk – and Dropbox
October 28, 2008
In my journey in the GNU/Linux world, I am always look to adapt good ideas, and to embrace excellent GNU/FOSS software. If it for some reason is not open source, it needs to be really good, and fit my needs and expectations to the fullest – i.e. Opera, Dropbox, Picasa and Google Earth.
The last couple of days, I have found two excellent softwares, one being “free speech” and the other being “free beer” – TrueCrypt and DropBox.
TrueCrypt
Is a one of them things you just gotta love! It is a piece of software that let’s you create a virtual encrypted file system within a file. For a normal user, this is transparent. You create a file, specify which algorithm to use, set a looong password, and then you mount the file as a volume. In this way, you may store sensitive information encrypted on your computer. Given the use of a file container to hold this virtual filesystem, you may transport, copy the file and mount it on another computer just as easy as mounting an external harddrive.
Applications of TrueCrypt
I discovered TrueCrypt when browsing the Dropbox forum. There I came across a discussion about the security of the Dropbox account. Dropbox uses SSL to send and recieve files from your computer to the Dropbox account. Dropbox then uses the Amazon S3 storing service to host your files. The files itself, and your entire account, is encrypted with AES on the server.
However, the discussion was mainly about where the AES key was located – at Dropbox or at Amazon. Either way – somebody may have access to your uploaded files, so the need for encrypted files gave spring to the solution of using TrueCrypt localy and uploading this file.
Dropbox+TrueCrypt
First of all – Dropbox is in beta, and their license is “AS IS”. If they run out of funds, or for some reason terminates their service, your online files MAY be lost. So you should always keep a backup of sensitive information elsewhere. Because you keep your files locally on your computer, you always have backup. The folder gets synchronized with your Dropbox account when you connect. If their service for some reason is down, you will not loose your files, because you have them stored locally on your computer.
So – to get started – my initial thought, was to store a key-file – a password file on my Dropbox account – for easy access from the computers I use daily. I have a lot of accounts in the cloud, and I rarely – if ever – use the same password twice. And everyone of them are generated.
Therefore – I wanted to store my encrypted password file in a virtual encrypted filesystem in my Dropbox account (which is also encrypted) for shared access from my computers.
I use Gnome Revelation password manager to store my online/offline password for various services. I store this file within my virtual encrypted filesystem-folder, which is then synched to my Dropbox account.
About security
The password file itself is encrypted – I need a password to open it. The filesystem to which the file is stored, is encrypted – I need an even longer password. My Dropbox account is encrypted – so a third password is needed.
I am not that worried about security!
Outside the box
Okei – so now I have my password file available from my computers. Next step must be to have a common set of config-files on each of them. I am not going to say much about this – it is simple enough. Just think of what sym-links can do!
WP design
October 28, 2008
“In order to be successful, one must project an image of being successful.” – Buddy Kane in American Beauty
Choosing a new design is not easy! Anyway – I needed a change!
DropBox without Nautilus/Gnome
October 27, 2008
Dropbox is THE file-share-over-multiple-systems thingy you’ll ever need! What is dropbox? Take a look at the image below – it says it all! In simple words – you have a folder on your computer, which is synced with an online folder at all times. You simply link every computer you want to this folder – and you have a share-folder! Version control, trash-can, public folder etc is available. It rocks!
I came across these to posts which is worth a read:
- http://www.terminally-incoherent.com/blog/2008/10/15/using-dropbox-without-gnome/
- http://www.ogmaciel.com/?p=606
Both of them use a NON-gnome environment, and both came up with the same solution. Just download the Linux tar, start the daemon, and you are up and running! The hype about Nautilus/Gnome is that they have made a Nautilus-plugin – which you really don’t need.
I have made a request of choosing which filemanager you want to open your Dropbox-folder in. Hopefully – it will be heard!
Share over multiple systems (from https://www.getdropbox.com/tour#3)
User control
Computers with several users who don’t want DropBox, may be somewhat turmoiled by the reoccuring registration window for DropBox. This is simply fixed – and a rather elegant and “WTP” solution was found on the DropBox forum, posted by user infinito d:
# addgroup dropbox
# chown root:dropbox /usr/lib/nautilus/extensions-2.0/libnautilus-dropbox.*
# chmod 640 /usr/lib/nautilus/extensions-2.0/libnautilus-dropbox.*
# adduser <username> dropbox<username> is the user who will have Dropbox enabled. Repeat that steps to allow more users to use Dropbox. Be aware that paths are for Ubuntu, maybe those can change on other distros.
I personally use LXDE+Openbox on a Debian system. So I don’t have DropBox installed as a .deb-package. I rather have it located in at /opt/.dropbox-dist. And the daemon starts by having a .desktop file located in ~/.config/autostart which exec=/opt/.dropbox-dist/dropboxd, which would also be the location for the how-to above.
Updated – TrueCrypt and Dropbox
I have made new post which talks about TrueCrypt and Dropbox – check it out!
Iceweasel as root only!
October 19, 2008
I just installed Debian Lenny with LXDE on a Dell Inspiron 8600. Iceweasel is now default in LXDE, but there seems to be some kind of permission problem. I was not able to start Iceweasel as a normal user – It only ran as root!
The problem was that ~/.mozilla did not belong to the user, but rather to root! So I changed ownership, and everything worked just fine!
cd ~
sudo chown <myusername>:<mygroup> .mozilla
GMail notifier (windows) fix
October 13, 2008
Came across this post. The gmail notifier did not work on my girlfriends exceptionally old computer….
This fixed it.
