[NCLUG] Encrypted Filesystems?

Sean Reifschneider jafo at tummy.com
Mon Apr 16 02:10:10 MDT 2007


On Sun, Apr 15, 2007 at 06:33:24PM -0600, Bob Proulx wrote:
>moderatly powered laptop and that for the most part it is not
>noticeable to the user.

All of us at tummy.com have been running encrypted home file-systems for
most of the last year, and I can confirm that it is largely not noticeable
to the user.  I think in the last 6 months I've even noticed the
performance overhead probably not even a half dozen times.

For backups, I back run rsyncs from our machines to a storage machine at
home.  Which stores the backup data on an encrypted file-system.  So, the
laptops are covered in case of loss, and the backup server is covered in
case someone takes it from our house.  The home storage server backs up
periodically at a slow rate to a server at our facility, also on an
encrypted file-system.

I encrypt all of /home, and move some stuff like the locate database,
Postgres databases, over to /home to keep that data encrypted.  I avoided
doing /root encrypted because it requires the initrd to be modified to
include the crypto stuff, which seems like a pain over the long term.

Sean
-- 
 Your liver pays dearly now for youthful magic moments,
 But rock on completely with some brand new components.  -- Cake
Sean Reifschneider, Member of Technical Staff <jafo at tummy.com>
tummy.com, ltd. - Linux Consulting since 1995: Ask me about High Availability




More information about the NCLUG mailing list